[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

To: Vlado Zafirov <vladoz@radware.com>
Subject: Re: Heartbeats Straw Poll
From: "Derrell D. Piper" <ddp@cips.nokia.com>
Date: Fri, 04 Aug 2000 10:53:47 -0700
cc: sommerfeld@East.Sun.COM, Paul Hoffman <paul.hoffman@vpnc.org>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Fri, 04 Aug 2000 13:29:46 EDT." <398AFD8A.7EB3B732@radware.com>
Sender: owner-ipsec@lists.tislabs.com

 >If SGW 1 dies SGW doesn't have a clue about the SPIs that SGW 3 is
 >sending. How he will inform the other end?

SGW2 could do a Main Mode under any Phase 1 policy that he has to SGW3 and in
the process, tell him INITIAL-CONTACT.  No subsequent QM's would happen until
the next packet hits SGW3.  You would want to rate limit this to prevent the
obvious DoS attack on the receiving side.  Our product implements this and it
works well.  (Of course, our clustered gateways have replicated IKE state, so
this is a non-problem for most of our customers.)

Derrell

Follow-Ups:

Re: Heartbeats Straw Poll

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Re: Heartbeats Straw Poll

From: Frederic Detienne <fd@cisco.com>

RE: Heartbeats Straw Poll (part 2)

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:

Re: Heartbeats Straw Poll

From: Vlado Zafirov <vladoz@radware.com>

Prev by Date: Re: Heartbeats Straw Poll
Next by Date: Re: Heartbeats Straw Poll
Prev by thread: Re: Heartbeats Straw Poll
Next by thread: Re: Heartbeats Straw Poll
Index(es):
- Main
- Thread