[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heartbeats (was RE: keepalives)
>>>>> "Michael" == Michael C Richardson <mcr@sandelman.ottawa.on.ca> writes:
>>>>> "Bronislav" == Bronislav Kavsan <bkavsan@ire-ma.com> writes:
Bronislav> If gateway protects internal subnet
Bronislav> 199.34.57.0/255.255.255.0 and has internal address
Bronislav> 199.34.57 27 - how Client would know this internal gateway
Bronislav> address in order to ping it? Do you
Michael> My opinion is that clients don't do heartbeats, since they
Michael> don't have 2000 SAs that they want to track.
But there are other reasons to do heartbeats. For example, if you
want to verify that the security gateway still knows about your SAs
(so you can negotiate new ones if the old ones have vanished for some
reason). As far as I can see, this "black hole detection" is a
valuable, perhaps the most valuable, benefit of heartbeat.
paul
Follow-Ups:
References: