[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: keepalives (was: Re: Heartbeats (was RE: keepalives))




>>>>> "Dan" == Dan Harkins <dharkins@Network-Alchemy.COM> writes:

    Dan> On Fri, 10 Dec 1999 14:06:27 EST you wrote
    >> 
    Paul> How can you ping the remote end of an open TCP connection?  Routers
    Paul> don't know anything about open TCP connections.  There may not be a
    >> ny
    Paul> open TCP connections, of course...
    >> 
    >> If you don't know about the TCP connections, then how did you open that
    >> TCP-only SA?

    Dan>   You have an SA for transient traffic whose protocol is TCP. You don't
    Dan> have any of the TCP state for those connections. That resides on the hosts
    Dan> behind you.

  So, you are in a per-port/per-host gateway to gateway situation in this
case, and you can afford the extra SA if you want a heartbeat.  If you can't
afford the one SA, then I guess you can't do the heartbeat. 

  Please remember the problem you are trying to solve. 

]      Out and about in Ottawa.    hmmm... beer.                |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [




References: