[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
my presentation on heartbeats
Howdy,
Below is the text of the heartbeat presentation I made at the ipsec
WG meeting. Is this the real problem? If so, is this the right way to
rank cantidate solutions.
--
Ricky Charlet rcharlet@redcreek.com usa 510-795-6903
===========================================
slide 1
Ricky Charlet
Redcreek Communications
rcharlet@redcreek.com
============================
slide 2. the problem
black hole detection
for redundancy/error messaging
for resource recovery
for time based accounting
==============================
slide 3. problem reduction
If you trust your own list of SPIs,
then you only need to know about peer reachablility.
o current authenticated conversation on any phase 1 or 2 SA proves
peer is still there.
o on a silent but good connection an authenticated hello exchange over
any single phase 1 or 2 SA proves the peer is still there.
===============================
slide 4. criteria
o variable granularity to detect within seconds, or detect within
minutes
o scales to thousands of connections
ie. does not take a lot of work
o low cost to implement (simple)
===============================
slide 5. score board
o P2 conditional pings inband:
- moderate scaling, high cost of implementation
o P1 tell your peer to send hellos and keep sliding windows:
- poor scaling, high cost of implementation
(perhaps scaling properties are fixable)
o P1 conditional send hellos
- good scaling, low cost of implementation
(new 'hello' notify packet, hello process)
o P2 new transport SA to carry pings
- poor scaling, low cost of implementation
(ping process extra cost of config work)
===================================
slide 6 Darts?
Any challenges to my claims?
==================================
Follow-Ups: