[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats draft (fwd)

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Heartbeats draft (fwd)
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 28 Mar 2000 09:36:14 -0500 (EST)
In-Reply-To: <38E05EB4.71ABC59F@cisco.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 27 Mar 2000, chinna pellacuru wrote:
> When one of the peer goes down, and comes back up, as I said before, the peer
> that went down can ("intellegently") initiate fresh SAs with the Initial
> Contact...

This assumes that the peer which went down is aware, when it comes back
up, that it *should* initiate fresh SAs.  That is not necessarily true. 
If it were, life would indeed be much simpler. 

In a world of fixed, static, pre-arranged VPN connections, each end can be
told to re-initiate when it comes back up.  Unfortunately, many people
wish to use IPSec in much more dynamic situations, where only one end may
be aware of the immediate desire to send packets.  How does a rebooted
server determine which of its potential clients it should re-initiate
with?  It may not even know their IP addresses!

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Heartbeats draft (fwd)

From: "CHINNA N.R. PELLACURU" <pcn@cisco.com>

References:

Re: Heartbeats draft (fwd)

From: chinna pellacuru <pcn@cisco.com>

Prev by Date: IPsec and bandwidth sensitive applications
Next by Date: getting off of this list
Next by thread: Q:Regarding AH & ESP
Index(es):
- Main
- Thread