[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Heartbeats (was RE: keepalives)
Paul Koning writes:
> 16k SAs between a single pair of security gateways? The usual number
Not betwen gateways, between hosts. Usually that happens when you have
SA per port type of policy (i.e. different policy per user).
> Can you give a scenario where thousands of SAs between a single pair
> of security gateways is necessary?
Large unix machine with about 4096 users, each using AH+ESP
(== 4 SAs pre tcp/ip connection), will give you more than 16k SAs...
Having machine that has 4096 users logged in, isn't that common, but I
wouldn't say it is impossible in 5 years...
BTW, the other machine is of course the www-proxy or the firewall
machine :-)
Anyways I dont think it is common thing, but I say we should think
about it at decide if we can accept such limit.
--
kivinen@iki.fi Work : +358-9-4354 3218
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
References: