Re: IPSec SA DELETE in "dangling" implementation

[Tero Kivinen <kivinen@ssh.fi>]

Jan Vilhuber writes:
> > - could we use (somehow) IPSec-based keep-alives
> You could, but it would introduce a 'special' ipsec packet, which I do not
> particularly care for. IPSEC shouldn't have to look at each packet and decide
> if this is a 'control packet' or if this is a regular packet.

We already have that "special" packet. It is called ICMP echo
(ping)... I don't think there is need to create another one. If we use
IPsec based keep-alives, I think it should use normal ICMP echo (ping)
packets.
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

---

Follow-Ups:

• Re: IPSec SA DELETE in "dangling" implementation
• From: Paul Koning <pkoning@xedia.com>
• Re: IPSec SA DELETE in "dangling" implementation
• From: Jan Vilhuber <vilhuber@cisco.com>

References:

• Re: IPSec SA DELETE in "dangling" implementation
• From: Slava Kavsan <bkavsan@ire-ma.com>
• Re: IPSec SA DELETE in "dangling" implementation
• From: Jan Vilhuber <vilhuber@cisco.com>

---

• Prev by Date: Re: IPSec SA DELETE in "dangling" implementation
• Next by Date: Re: IPSEC SA DELETE in "dangling" implementations
• Prev by thread: Re: IPSec SA DELETE in "dangling" implementation
• Next by thread: Re: IPSec SA DELETE in "dangling" implementation
• Index(es):
  • Main
  • Thread