[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec SA DELETE in "dangling" implementation

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: IPSec SA DELETE in "dangling" implementation
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Fri, 3 Dec 1999 17:01:04 -0800 (PST)
cc: Slava Kavsan <bkavsan@ire-ma.com>, "Scott G. Kelly" <skelly@redcreek.com>, Srinivasa Rao Addepalli <srao@ibondinc.com>, Dan Harkins <dharkins@network-alchemy.com>, Markku Savela <msa@hemuli.tte.vtt.fi>, ipsec@lists.tislabs.com
In-Reply-To: <199912031932.VAA00262@torni.ssh.fi>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 3 Dec 1999, Tero Kivinen wrote:
> Jan Vilhuber writes:
> > > - could we use (somehow) IPSec-based keep-alives
> > You could, but it would introduce a 'special' ipsec packet, which I do not
> > particularly care for. IPSEC shouldn't have to look at each packet and decide
> > if this is a 'control packet' or if this is a regular packet.
> 
> We already have that "special" packet. It is called ICMP echo
> (ping)... I don't think there is need to create another one. If we use
> IPsec based keep-alives, I think it should use normal ICMP echo (ping)
> packets.

You can't do that, since that would run up the packet/byte counts, which some
people want to do accounting on and charge the customer for.

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:

Re: IPSec SA DELETE in "dangling" implementation

From: Tero Kivinen <kivinen@ssh.fi>

References:

Re: IPSec SA DELETE in "dangling" implementation

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: matching GW addr to ID payload (fwd)
Next by Date: Re: matching GW addr to ID payload (fwd)
Prev by thread: Re: IPSec SA DELETE in "dangling" implementation
Next by thread: Re: IPSec SA DELETE in "dangling" implementation
Index(es):
- Main
- Thread