[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Heartbeats (was RE: keepalives)

To: Tero Kivinen <kivinen@ssh.fi>
Subject: RE: Heartbeats (was RE: keepalives)
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Mon, 6 Dec 1999 11:59:46 -0800 (PST)
cc: Andrew Krywaniuk <akrywaniuk@TimeStep.com>, ipsec@lists.tislabs.com
In-Reply-To: <199912061930.VAA24353@torni.ssh.fi>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 6 Dec 1999, Tero Kivinen wrote:
> Jan Vilhuber writes:
> > A (shudder) 'more' bit? That would get unwieldly and complex with large
> > numbers.
> 
> We start thinking like that we propably should add something generic
> for IKE to allow larger packets. Like IKE over TCP/IP...
> 
Yes.

> The packet size limit is because of UDP, the IKE itself allows the
> total packet length of 4 GB, and each payload must be less than 64 kB.

Maybe it would be worth doing, and simply accepting the fact that if you have
a situation where your packet size is no longer sufficient to handle the
number of SA's between your two gateways, then you need to look at other
transport media. So if you run out, you'll have to look at a TCP/IP
implementation of IKE instead of UDP.

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

References:

RE: Heartbeats (was RE: keepalives)

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: RE: IPSec SA DELETE in "dangling" implementation
Next by Date: Re: IPSec SA DELETE in "dangling" implementation
Prev by thread: RE: Heartbeats (was RE: keepalives)
Next by thread: RE: Heartbeats (was RE: keepalives)
Index(es):
- Main
- Thread