[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: INITIAL-CONTACT issues
The server needs to maintain lots of ISAKMP connection
states. How is keeping lots of TCP state any different?
Anyways today many servers are optimized to handle lot
of tcp connections.
-----Original Message-----
From: Alex Alten [mailto:Alten@Home.Com]
Sent: Monday, May 03, 1999 10:05 PM
To: Sankar Ramamoorthi; 'Scott G. Kelly'; Sankar Ramamoorthi
Cc: 'Stephen Kent'; ipsec@lists.tislabs.com
Subject: RE: INITIAL-CONTACT issues
Unfortunately I think you'll find that servers
must handle lots of TCP connections, thus they
may need to disconnect existing ones (say if they
are idle) in order to allow new connections.
- Alex
At 06:51 PM 5/3/99 -0700, Sankar Ramamoorthi wrote:
>
>If the same TCP stream is used across rekeying,
>then TCP connection overhead is not an issue - right?
>
>-- sankar --
>
>
>-----Original Message-----
>From: Scott G. Kelly [mailto:skelly@redcreek.com]
>Sent: Monday, May 03, 1999 6:44 PM
>To: Sankar Ramamoorthi
>Cc: 'Stephen Kent'; ipsec@lists.tislabs.com
>Subject: Re: INITIAL-CONTACT issues
>
>
>Sankar Ramamoorthi wrote:
>
><trimmed...>
>
>> I am implementing 'COMMIT' and 'INITIAL-CONTACT' etc,
>> and the question I keep having is.
>> 'Is there any reason why IKE is not implemented on
>> top of TCP?'
>> The architecture seems to allow it - most of the
>> implemenations using IKE also have a tcp stack
>> (atleast the one's I have seen).
>> Any reason why TCP was not considered as a choice
>> (atleast a SHOULD support) for carrying IKE traffic?
>>
>
>For one thing, think about relatively rapid rekeying, and then think
>about tcp connection setup overhead...
>
--
Alex Alten
Alten@Home.Com
Alten@TriStrata.Com
P.O. Box 11406
Pleasanton, CA 94588 USA
(925) 417-0159