Differences between Layer 2 Mode and Layer 3 Mode
Layer 3 Mode
- Only for IPv4 payload
- All frames encapsulated into new L3 tunnel covering IPComp (opt), IPsec ESP, Original payload
- Protects the original payload + the original IP header
- Lower packet overhead as compared to L2 mode [about 34-38 bytes]
- Support Anti-expansion and minimum compression, but ESP tunnel overhead would still exist
- Supports daisy_chain mode of multiple links
- Inter-operable with Standard IPsec compliant devices
- Limitations
- Only 1 GigE ingress port is available for data traffic if IBM is required
- All 4 GigE ingress port available for data traffic without IBM
Layer 2 Mode
- For any Ethernet packet including IPv4, IPv6, MPLS, PBB etc
- All frames encapsulated into new L2/L3 tunnel covering IPComp (opt), IPsec ESP, Original payload with L2
- All 4 GigE ingress ports available for data traffic along with IBM functionality
- Protects the entire original payload including the Ethernet Src/Dst Mac address
- Supports daisy_chain mode of multiple links
- Limitations
- Additional packet overhead of new IP encapsulation [Ethernet+IP header]
- Only single policy supported and not interoperable with 3rd party devices
- Doesn’t support anti-expansion, supports min comp size
Examples of the differences in compression modes:
File |
Size |
Type |
L2 Ratio |
L3 Ratio |
1152x864 pixels / 16.7 million colors JPEG file |
842468 |
A10.jpg |
0.86 |
0.97 |
Acrobat Reader 5.0 executable |
3870784 |
AcroRd32.exe |
1.49 |
1.51 |
Alphabetically sorted English word-list |
4067439 |
english.dic |
2.28 |
2.33 |
Macromedia Flash MX Manual; Adobe Acrobat pdf |
4526946 |
FlashMX.pdf |
0.97 |
1.07 |
Fighter-planes.com traffic log file |
20617071 |
FP.LOG |
2.04 |
2.70 |
Microsoft Office 97 Dynamic Link Library |
3782416 |
MSO97.DLL |
1.28 |
1.29 |
Occupational Health and Safety; MS Word file |
4168192 |
ohs.doc |
2.00 |
2.04 |
1356x1020 pixels Bitmap file |
4149414 |
rafale.bmp |
1.90 |
1.91 |
Delphi First Impression OCX Help file |
4121418 |
vcfiu.hlp |
2.30 |
2.33 |
1995 CIA World Fact Book |
2899483 |
world95.txt |
1.39 |
1.40 |
Average |
1.65 |
1.76 |
Steps to Enable Compression
To enable/setup compression from a blank (not preconfigured) Sparta IDU, the following steps are necessary. The steps can be performed from the web interface or the CLI.
- Configure and test RF link without compression/encryption to ensure normal operation.
- Set FIPS Mode (from web or CLI config node).
- One side of the link will need to be the A side and the other side B. Trango recommends setting the A & B FIPS setting to match the A & B ODU assignment. You can check which ODU is attached to the IDU with the model command.
- The L2 or L3 setting must be the same on both sides.
- Save config <config save> and reboot.
- From the crypto command prompt or web interface (from cli view mode, config to config node, then crypto to crypto node – default password is crypto for crypto node) set the policy as desired. The policy setting should match on both sides of the link.
- For compression only at CLI fips prompt: policy_comp 23
- Set dtag_tpid or daisy_chain setting, if necessary – see below: L3 8100 or 9100, L2 should be 9100
- Save config <config save> and reboot.
- Upon receipt of the first packet matching the policy, the radios will automatically establish a tunnel and begin compression and/or encryption as selected in the policy.
- The status of the tunnel can be viewed with the CLI command <status sa>.
Special Notes for Layer 3 Mode – dtag tpid
For Layer 3 mode, the programmer must either change the dtag tpid to 8100 or establish daisy chain mode for expanded traffic compatibility.
Option |
Advantage |
Limitation |
Daisy_Chain mode
|
Both compression/encryption and IBM available on single port |
Only single GigE port would be available |
Change dtag tpid to 0x8100
|
All ingress ports would work for encryption/compression |
IBM won’t function |
Comments
0 comments
Please sign in to leave a comment.