[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Heartbeats draft available
Hi Chris,
> If the 'atomic' failure assumption can be held then you only
> need traffic on
> any authenticated SA to satisfy yourself that remaining SAs
> are still up.
...
> The main problem with this is that you need
> to associate
> the traffic back to the group of SAs and this might not be
> accounted for
> currently.
Yes, and this is a problem specifically in the case of load sharing. A
simple ping on a phase 2 is not load-sharing aware. The heartbeats draft
assumes that the IKE daemon can find out which IPsec SAs are running on
which hosts.
> I don't think hijacking 'customer' SAs is an alternative. This would
> require addresses to be reserved from both ends of the SA for
> the keep-alive
> protocol. This is not possible in the general case and would cause
> management problems beyond the SGW.
I agree. *IF* the WG is willing to designate certain SAs as "management
only" SAs and they can be clearly identified as such, so that an
implementation can apply one set of traffic-processing rules to those SAs
and a different set of rules for "normal" SAs, then I might be willing to
standardize a phase 2 heartbeat protocol.
But that's a big *IF*, and I don't see any movement in that direction from
the WG.
> These sorts of decisions are down to the equipment in
> question. It's not
> something that need be negotiated. Failure of the transport
> is a problem -
> as are intermittent transports like ISDN. The heart-beat protocol is
> designed to be a secure (authenticate) means for positively
> identifying the
> liveness of SAs. It can't hope to determine positively that
> an SA is dead.
> The decision on whether to maintain, drop or renegotiate an
> SA depends on
> the requirements of the user. Some users might need a
> high-availability
> service and would wish SAs to be renegotiated if the SA were
> quiet for a few
> seconds.
> Intermittent services like ISDN present special problems.
> The last thing a
> user will want is for the heartbeat protocol to keep the ISDN link up
> perpetually! I don't know whether people will want to
> address these issues.
> My thoughts are that the protocol should be capable of being
> able to be
> suspended or 'slept' to suspend or back off the keep-alives
> during periods
> when the line would be otherwise idle.
Yes, this is true. In fact, we purposely left hooks in the draft (see future
considerations 1 & 2) for this scenario. The reason I did not include a
proposal on how to solve this case is that I am not yet sure what the best
solution is. I have heard a few comments from vendors who are concerned
about this scenario, but I would like to see a bit more discussion before we
finalize on a solution.
Andrew
--------------------------------------
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.
Follow-Ups:
References: