[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats (was RE: keepalives)

Seems to me that the number of Keep-alives should be set by the Policy
Control model of the specific site, and not by the protocol itself as a hard
coded model.

Keep-Alives are obviously very expensive on Overhead with the number of
connection/session instances (in the non-uDP Sense) to be used, and
therefore it should be left up the the Site as to how many they "choose" to
expend resources (and thus money) to support.

Or am I brain damaged again?

Todd.
----- Original Message -----
From: "Tero Kivinen" <kivinen@ssh.fi>
To: "Jan Vilhuber" <vilhuber@cisco.com>
Cc: "Andrew Krywaniuk" <akrywaniuk@TimeStep.com>; <ipsec@lists.tislabs.com>
Sent: Sunday, December 05, 1999 5:43 PM
Subject: RE: Heartbeats (was RE: keepalives)


> Jan Vilhuber writes:
> > What about this: when sending a phase1-heartbeat (where we still need to
> > agree what this would look like) from host A to host B, why not include
in it
> > all SPI's that host A shares with host B. If host B has a few SPI's that
host
> > A didn't include in the heartbeat, then they are obviously deleted, and
host
> > B should delete it's SPIS for those.
>
> That could be one way to do it, but it only allows machine to have
> 16376 SAs up at one time (64 kB packet limit at the UDP level). I
> have been doing testing with bigger number of SAs between hosts
> already now, and I wonder what amount of SAs we have in 5-10 years....
>
> Is that amount enough?
> --
> kivinen@iki.fi                               Work : +358-9-4354 3218
> SSH Communications Security                  http://www.ssh.fi/
> SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/
>
References: