[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heartbeats (summary of responses)
Tero Kivinen wrote:
>
> Ricky Charlet writes:
> > > Tero, consider the case when 2 gateways have many (hundreds or
> > > thousands) tunnels between them. Running phase 2 heartbeats for each
> > > IPSec SA pair between gateways will not scale. You may suggest that
> > > multiple IPSec tunnels between 2 IPSec gateways is not a terribly useful
> > > configuration but it can be done. One the other hand phase 1 heartbeats
> > > do not have the same problem.
>
> If you have hundreds or thousands IPsec SA, and you dont want to run
> heartbeats on all of them, why did you requested them in the first
> place? There only way all of those 100-1000 SAs are sending those
> heartbeat packets is bacause one end requested them on that SA. In
> normal case gateway can just check that it already have one SA that is
> sending heartbeat from that other gateway, I don't need yet another
> one, so I don't request heartbeats now.
Howdy ()
I agree with your post 100% but you misquote me. That is a quote I
included from Andrew. I my reply to Andrew, I said much the same thing
as you. No harm done though. :-)
--
####################################
# Ricky Charlet
# (510) 795-6903
# rcharlet@redcreek.com
####################################
end Howdy;
References: