[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: keepalives (was: Re: Heartbeats (was RE: keepalives))
>>>>> "Dan" == Dan Harkins <dharkins@Network-Alchemy.COM> writes:
Dan> On Fri, 10 Dec 1999 14:06:27 EST you wrote
>>
Paul> How can you ping the remote end of an open TCP connection? Routers
Paul> don't know anything about open TCP connections. There may not be a
>> ny
Paul> open TCP connections, of course...
>>
>> If you don't know about the TCP connections, then how did you open that
>> TCP-only SA?
Dan> You have an SA for transient traffic whose protocol is TCP. You don't
Dan> have any of the TCP state for those connections. That resides on the hosts
Dan> behind you.
So, you are in a per-port/per-host gateway to gateway situation in this
case, and you can afford the extra SA if you want a heartbeat. If you can't
afford the one SA, then I guess you can't do the heartbeat.
Please remember the problem you are trying to solve.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
References: