[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Heartbeats (was RE: keepalives)



> 	But I also disagree with the idea that the goal of our 
> heartbeat is for
> IKE's benefit alone. This discussion certianly started because we were
> debating IKE continous move Vs. dangeling implementations and IKE
> heartbeats were originally suggested as a way to help us clean up IKE
> state more confidently when we can know that a peer is nolonger
> responsive. 

I disagree. I think this discussion started because we need heartbeats for
ipsra. The fact that the same issue came up in the dangling SA thread was a
'triggered coincidence'.

> But others have mentioned, and I agree, that heartbeat or
> dead-peer-detection should serve other purposes as well and 
> among these
> are fail-over action triggering, and alert generation. This is not to
> say that dead-peer-detection cannot be within IKE. I am just trying to
> get the list to consider that we do have more options and 
> should examine
> them.

I think these are orthagonal issues. The first step will always be
detection, but dead peer detection is useless if you don't do anything about
it. After you detect the dead peer you have to have a response, which may be
an alert, an attempt to reconnect, or a fail-over protocol.

Now it may be that the specific heartbeat mechanism will facilitate one or
more of these actions, but that's something that we'll have to consider.

Andrew
_______________________________________________
 Beauty without truth is insubstantial.
 Truth without beauty is unbearable.


Follow-Ups: