[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: INITIAL-CONTACT issues
Unfortunately I think you'll find that servers
must handle lots of TCP connections, thus they
may need to disconnect existing ones (say if they
are idle) in order to allow new connections.
- Alex
At 06:51 PM 5/3/99 -0700, Sankar Ramamoorthi wrote:
>
>If the same TCP stream is used across rekeying,
>then TCP connection overhead is not an issue - right?
>
>-- sankar --
>
>
>-----Original Message-----
>From: Scott G. Kelly [mailto:skelly@redcreek.com]
>Sent: Monday, May 03, 1999 6:44 PM
>To: Sankar Ramamoorthi
>Cc: 'Stephen Kent'; ipsec@lists.tislabs.com
>Subject: Re: INITIAL-CONTACT issues
>
>
>Sankar Ramamoorthi wrote:
>
><trimmed...>
>
>> I am implementing 'COMMIT' and 'INITIAL-CONTACT' etc,
>> and the question I keep having is.
>> 'Is there any reason why IKE is not implemented on
>> top of TCP?'
>> The architecture seems to allow it - most of the
>> implemenations using IKE also have a tcp stack
>> (atleast the one's I have seen).
>> Any reason why TCP was not considered as a choice
>> (atleast a SHOULD support) for carrying IKE traffic?
>>
>
>For one thing, think about relatively rapid rekeying, and then think
>about tcp connection setup overhead...
>
--
Alex Alten
Alten@Home.Com
Alten@TriStrata.Com
P.O. Box 11406
Pleasanton, CA 94588 USA
(925) 417-0159
References: