[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heartbeats (was RE: keepalives)
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Henry" == Henry Spencer <henry@spsystems.net> writes:
Henry> "Michael C. Richardson" wrote:
>> I don't see any complexity, since you see the heartbeat coming out
>> of the descryption routines, and not even pass it to the routing engine.
Henry> Unfortunately, this puts yet another special case right in the main path,
Henry> the one that you want to optimize. In general, this is not a good thing.
Henry> This sort of signalling really ought to use an out-of-band path.
While I agree with you, that this is a critical path, I don't agree that
this is a special case. It is in fact just a another exit condition on the
tunnel to check. A good implementation will make use of hash tables on key
fields to find appropriate exit conditions, and this can be done quite simply
in this context. Some hardware implementations won't have a problem at all,
since they can check tunnel exit conditions in O(1) -- independant of the number
of exit conditions.
And, you only need to recognize the return ping if you want to subtract it
from the accounting data, otherwise, you just let it flow, and the IP stack
on the inside of the gateway eats it as a ping response, as it would any
other ping response.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface
iQB1AwUBOE+wB45hrHmwwFrtAQGiGgL/ZocHKreJDWTXfGnbMB+LcA7liQJZJ44p
iAlQ0jsLQ9NVu279C5vViaWMutHdPPT49A9ShC8SkrDL+inIld1YA/ulRrCprPOb
U1oF46YGy7GuFbQKqmiBNnBsgMdO33Au
=1vsT
-----END PGP SIGNATURE-----
References: