[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Commit Bit

To: ipsec@lists.tislabs.com
Subject: RE: Commit Bit
From: antonio.barrera@nokia.com
Date: Mon, 5 Jun 2000 11:02:47 +0300
Sender: owner-ipsec@lists.tislabs.com

	So the Commit bit is set in the last message of the initiator QM3
only.
If the other side doesn't support the Commit bit, then we can begin sending
packets after a certain timer, can't we?
I mean because we won't receive any CONNECT message in return.

Toni


-----Original Message-----
From: EXT Stephane Beaulieu [mailto:stephane@cisco.com]
Sent: 02. June 2000 17:14
To: antonio.barrera@nokia.com; ipsec@lists.tislabs.com
Subject: Re: Commit Bit


Hi Toni,

The commit bit is used because the initiator of QM has an IPsec SA set up
before the responder does.

The initiator has the IPsec SA set up as soon as he sends QM3, whereas the
responder doesn't have his IPsec SA set up until he processes QM3.

If the responder is a slow machine, or is overloaded, it could take a while
to process QM3, and therefore could take a while to set up the IPsec SA.

If the initiator sends an ESP packet to the responder right after sending
QM3, the responder may not be ready to process it (or it could arive out of
order).

So, the commit bit was introduced to give the responder a method of telling
the intiator "OK, my SA is set up now", so that no packets were dropped due
to the timing issues described above.

Stephane.

----- Original Message -----
From: <antonio.barrera@nokia.com>
To: <ipsec@lists.tislabs.com>
Sent: Friday, June 02, 2000 8:30 AM
Subject: Commit Bit


> Could someone give me an example of the usefulness of the Commit Bit
> in IKE?
> I've read the RFC 2408 explaining how it works but I can't understand
> completely its use.
> A small example would clarify me a lot how it works. Just need to know
> exactly when it's set and reset and when to send the CONNECT informational
> message.
> I understand the bit must be set when The ISAKMP SA is established
> and reset afetr the phase I as it says in the RFC, but I can't see exactly
> what do we win using it.
> I know the subject was discussed some time ago but I haven't been
> able to find a clear answer to my doubts.
> Thnaks and sorry for the inconvenience.
>
> Toni Barrera
>
>

Prev by Date: Re: Death to AH? (was: Reasons for AH & ESP )
Next by Date: IKE testing
Prev by thread: RE: Commit Bit
Next by thread: RE: Commit Bit
Index(es):
- Main
- Thread