Re: IPSec SA DELETE in "dangling" implementation

[Tero Kivinen <kivinen@ssh.fi>]

Jan Vilhuber writes:
> On Fri, 3 Dec 1999, Tero Kivinen wrote:
> > We already have that "special" packet. It is called ICMP echo
> > (ping)... I don't think there is need to create another one. If we use
> > IPsec based keep-alives, I think it should use normal ICMP echo (ping)
> > packets.
> 
> You can't do that, since that would run up the packet/byte counts, which some
> people want to do accounting on and charge the customer for.

How about counting the bytes/packets only if they are routed through
the gateway, not if they are destinationed to the gateway.

You have to do special code for the special packets for the accounting
anyways, so you can also detect that this is normal ping packet
destinationed to the gateway, and if so, do not add it to the counts.
If you use ping packets, and you are not doing accounting you don't
have to do anything special, everything works immediately. 
-- 
kivinen@iki.fi                               Work : +358-9-4354 3218
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

---

Follow-Ups:

• Re: IPSec SA DELETE in "dangling" implementation
• From: Jan Vilhuber <vilhuber@cisco.com>

References:

• Re: IPSec SA DELETE in "dangling" implementation
• From: Tero Kivinen <kivinen@ssh.fi>
• Re: IPSec SA DELETE in "dangling" implementation
• From: Jan Vilhuber <vilhuber@cisco.com>

---

• Prev by Date: Re: Incorporation of AES into IPSec
• Next by Date: RE: Heartbeats (was RE: keepalives)
• Prev by thread: Re: IPSec SA DELETE in "dangling" implementation
• Next by thread: Re: IPSec SA DELETE in "dangling" implementation
• Index(es):
  • Main
  • Thread