[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt

To: "Scott G. Kelly" <skelly@redcreek.com>
Subject: Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
From: Vlado <vladoz@radware.com>
Date: Thu, 29 Jun 2000 15:16:47 -0400
CC: Stephane Beaulieu <stephane@cisco.com>, ipsec@lists.tislabs.com
Organization: RADware.com
References: <200006291047.GAA25272@ietf.org> <053d01bfe1d0$a775ddf0$cbd62ca1@cisco.com> <395B56E8.FD6EA558@radware.com> <395B9C80.5EE3639C@redcreek.com>
Sender: owner-ipsec@lists.tislabs.com

Hi Scott,
     I don't thnk so. I think this simpler alogirthm is doing the same job with less
bandwith, faster processing AND EASY implementation. There is some things to be added

1. Negotiation (this is only for backward compability) - This can easy. The software
can have option - keep-alive on,off,auto. In auto mode initiator sends keep-alive
packets, if he receives ISAKMP
Info message UNSUPPORTED-EXCHANGE-TYPE then he knows the other end  doesn't support
that exchange.

2. This can be further updated with rule: use keep-alive when there is no traffic for
that SA for certain amount of time, default equal to the keep-alive time.


"Scott G. Kelly" wrote:

 > Comments below -
 >
 > Vlado Zafirov wrote:
 > >
 > > Hi Stephane,
 > >      Well that's my first internet-draft I ever published so please excuse me
 > > for any mistakes I made.
 > >
 > > I meant to make very simple, low-bandwidth and easy to implement exchange.
 > >
 > > I read very fast the proposal draft that you was so kind to send me. It' very
 > > very good. However I believe too complicated and needs a lot of work
 > > to be implemented and it's pretty bandwidth intesive.
 > >
 > > About comments:
 > >      1. Yes, it's not a problem. I will make that change and resubmit the draft.
 > > However when Client dies it's just simple mater of reconnecting. Usually
 > >      problem is when Secure Gateway loose connection because it's should be
 > > restarted or this connection dropped manually.
 > >
 > >      2. I didn't thought of that and I was not aware of that practice. Thank you
 > > so much for the feedback. This will be changed too.
 > >
 > > Stephane Beaulieu wrote:
 > >
 > >  > Hi Vlado,
 > >  >
 > >  > I'm not sure if you were aware of it, but there is another Internet-Draft
 > >  > whose goal it is to provide the same functionality.  See
 > >  > http://www.vpnc.org/draft-ietf-ipsec-heartbeats
 > >  >
 > >  > It has received quite a bit of feedback, and I think that most people are
 > >  > pretty satisfied with it.
 >
 > This is absolute nonsense. Take a straw poll right now.
 >
 > <much trimmed after this...>
 >
 > All in all, I think the rough consensus was that a much simpler
 > mechanism would suffice.
 >
 > Scott

Follow-Ups:

RE: Comments on: draft-vlado-ipsec-keep-alive-00.txt

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:

I-D ACTION:draft-vlado-ipsec-keep-alive-00.txt

From: Internet-Drafts@ietf.org

Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt

From: Vlado Zafirov <vladoz@radware.com>

Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt

From: "Scott G. Kelly" <skelly@redcreek.com>

Prev by Date: Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
Next by Date: Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
Prev by thread: Re: Comments on: draft-vlado-ipsec-keep-alive-00.txt
Next by thread: RE: Comments on: draft-vlado-ipsec-keep-alive-00.txt
Index(es):
- Main
- Thread