[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec error codes

To: skelly@redcreek.com (Scott G. Kelly)
Subject: Re: ipsec error codes
From: suresh@livingston.com (Pyda Srisuresh)
Date: Fri, 9 Apr 1999 06:08:27 -0700 (PDT)
Cc: ipsec@lists.tislabs.com
In-Reply-To: <370CFF90.7EE2B010@redcreek.com> from "Scott G. Kelly" at Apr 8, 99 12:12:16 pm
Sender: owner-ipsec@lists.tislabs.com

<... snip>
> I'd like some input on this before attempting to write up something more
> substantial. Are there additional requirements? Are the ones specified
> here correct?
> 
> Scott
> 
Here is my thinking on this. 

When a packet is dropped at any node across the network due to
enforcement of a certain policy, it would be beneficial for the
end-node (that originated the packet) to know the policy that 
caused the packets to drop and why.

Standardization of reject notification  for such a purpose is
desirable. Such a message should not only contain the packet that
failed a policy, but also the policy and the ID of the policy
enforcement device.

It is important for the end-node to know if a packet is dropped
due to enforcement of a policy or due to congestion and random
drop. In the former case, it is fruitless to retry. If the 
application were to be aware of the policy that failed the
session it could potentially pursue alternate approaches.

cheers,
suresh

Follow-Ups:

Re: ipsec error codes

From: "Scott G. Kelly" <skelly@redcreek.com>

References:

ipsec error codes

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: Re: ECN: Tunnel/SA relationship
Next by Date: Re: ipsec error codes
Prev by thread: Re: ipsec error codes
Next by thread: Re: ipsec error codes
Index(es):
- Main
- Thread