[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Retransmits in traffic count?

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: RE: Retransmits in traffic count?
From: Tim Jenkins <tjenkins@TimeStep.com>
Date: Thu, 5 Aug 1999 08:44:32 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Let me start again.

Should the traffic used in re-transmitting packets used in phase 1 SAs while
negotiating anything be counted against the traffic-based lifetime of the
SA?

In other words, if I have to send the first quick mode 1 message three times
before I get a response from the peer, should that first packet's traffic be
counted one time or three times against the phase 1 SA's lifetime (by
traffic) limitation?

The current ISAKMP DOI-independent MIB does:

==>

saInPackets OBJECT-TYPE
	SYNTAX		Counter32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
		"The total number of packets received by the ISAKMP phase 1
SA, including un-encrypted packets used to negotiate the ISAKMP phase 1 SA,
and any re-transmissions."
	::= { saEntry 13 }

saOutPackets OBJECT-TYPE
	SYNTAX		Counter32
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
		"The total number of packets sent by the ISAKMP phase 1 SA,
including un-encrypted packets used to negotiate the ISAKMP phase 1 SA, and
any re-transmissions received."
	::= { saEntry 14 }

saInOctets OBJECT-TYPE
	SYNTAX		Counter32
	UNITS		"bytes"
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
		"The amount of encrypted traffic measured in bytes received
by the ISAKMP phase 1 SA. This includes encrypted traffic used to negotiate
the ISAKMP phase 1 SA, and any re-transmissions received."
	::= { saEntry 15 }

saOutOctets OBJECT-TYPE
	SYNTAX		Counter32
	UNITS		"bytes"
	MAX-ACCESS	read-only
	STATUS		current
	DESCRIPTION
		"The amount of encrypted traffic measured in bytes sent by
the ISAKMP phase 1 SA. This includes encrypted traffic used to negotiate the
ISAKMP phase 1 SA, and any re-transmissions."
	::= { saEntry 16 }

<==

I'm thinking I should remove the "including re-transmissions" part of those
and related objects.

Other objects are the global counters. Should they include re-transmissions
if the individual SAs don't?

That's what I'm asking about.

-----Original Message-----
From: Dan McDonald [mailto:danmcd@Eng.Sun.Com]
Sent: August 4, 1999 5:39 PM
To: tjenkins@TimeStep.com
Cc: ipsec@lists.tislabs.com
Subject: Re: Retransmits in traffic count?


> Sorry, I meant the ISAKMP DOI-independent MIB. Re-transmissions due to 
> time-outs in negotiation. 
What negotiation and retransmission are you talking about? 
If there are time-outs in the IKE negotiation how will there be any relevant

IPsec SAs to monitor? 
If you mean TCP retransmission, those retransmitted packets should 
_definitely_ be included in any IPsec SA byte-lifetime counters. 
Dan

Follow-Ups:

Re: Retransmits in traffic count?

From: Ricky Charlet <rcharlet@redcreek.com>

Re: Retransmits in traffic count?

From: Dan McDonald <danmcd@Eng.Sun.Com>

Re: Retransmits in traffic count?

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: DF / PMTU Question
Next by Date: Re: DF / PMTU Question
Prev by thread: Re: Retransmits in traffic count?
Next by thread: Re: Retransmits in traffic count?
Index(es):
- Main
- Thread