[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec SA DELETE in "dangling" implementation
On Fri, 3 Dec 1999, Tero Kivinen wrote:
> Jan Vilhuber writes:
> > > - could we use (somehow) IPSec-based keep-alives
> > You could, but it would introduce a 'special' ipsec packet, which I do not
> > particularly care for. IPSEC shouldn't have to look at each packet and decide
> > if this is a 'control packet' or if this is a regular packet.
>
> We already have that "special" packet. It is called ICMP echo
> (ping)... I don't think there is need to create another one. If we use
> IPsec based keep-alives, I think it should use normal ICMP echo (ping)
> packets.
You can't do that, since that would run up the packet/byte counts, which some
people want to do accounting on and charge the customer for.
jan
--
Jan Vilhuber vilhuber@cisco.com
Cisco Systems, San Jose (408) 527-0847
Follow-Ups:
References: