[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats (was RE: keepalives)

To: ipsec@lists.tislabs.com
Subject: Re: Heartbeats (was RE: keepalives)
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 08 Dec 1999 22:27:41 -0500
In-reply-to: Your message of "Wed, 08 Dec 1999 20:23:29 EST." <384F0490.1FA838FA@ire-ma.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Slava" == Slava Kavsan <bkavsan@ire-ma.com> writes:
    Slava> "Michael C. Richardson" wrote:

    >> My opinion is that clients don't do heartbeats, since they don't have
    >> 2000 SAs that they want to track.

    Slava> To prevent Clients from detecting dead Gateways or other host - is
    Slava> very restricting in my opinion - for example, it will prevent
    Slava> Client to re-engage with redundant gateways. Heartbeats have be
    Slava> available to any IPSec host that wants to use them.

  It seems to me, that the fact that a client is receiving traffic from the 
gateway is enough to permit the client to determine that the gateway is
alive. That may not be enough for high-availability: really it should worry
about whether the server which it wants to contact is available.
  The client could easily ping *that* box instead. No additional SA required.

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

Re: Heartbeats (was RE: keepalives)

From: Slava Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: heartbeats (summary of responses)
Next by Date: Re: heartbeats (summary of responses)
Prev by thread: Re: Heartbeats (was RE: keepalives)
Next by thread: Re: Heartbeats (was RE: keepalives)
Index(es):
- Main
- Thread