[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Daemon Recovery



Naganand Doraswamy wrote:
>The problem is when A does not receive a keep alive message from B, it
>could start an ISAKMP negotiation and B could still be down at this
>point. I think it is better that when B receives a secure packet and
>doesnt have an SA, it negotiates a new SA. The only problem is SA
>explosion on A. If the SA's have large lifetime, then old SA established
>between A and B will not be deleted until the timeout. We can avoid this
>problem by notifying that this is the first SA establishment after a
>reboot so that A can purge all the SA's associated with B. 

By notifying do you mean a notify message?  Would this be included as
a payload in the main/aggressive mode exchange or subsequently sent
in an informational exchange?  Are you proposing a new notify message
status type, e.g. FIRST_XCHNG, which might be used anytime a system is
negotiating an ISAKMP SA when no others exist with the ISAKMP peer (SAs
can disappear at times other than reboot)?  Sounds like one possible
solution.  Perhaps one of the ISAKMP header flag bits could be used for
this purpose (simpler but requires 12.5% of a limited resource - 1 bit
of the flag octet).

I have another question for the group - If the Phase I SA lifetime
expires before a Phase II lifetime is the Phase II SA deleted along
wiht the Phase I SA?  If the answer is no, the proposal above might
best be limited to reboots.

-dave