[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

The problem with dead-peer detection is that you have no way to know
how or why a peer lost contact.  You don't know if they got rebooted,
lost power, lost connectivity, or some other reason.  Perhaps your
peer's upstream provider fell off the net?  Or maybe it's a laptop and
the laptop got unplugged and moved.  The problem is you can't tell.
Worse, in the case of an intermittent lossage, you really don't want
to reap the SAs, because the peer might come back.

If you're really that worried about the resources for "dead" SAs,
negotiate relatively short rekey times, at which point if your peer
disappears, the SA will timeout in a relatively short time.

As has been mentioned, 'keep-alives' really equate to 'make-dead'.  If
you want to see if something is still there, why not just keep track
of the last time a packet has been received on a particular SA and
just send an ICMP ping_request?  The ping_response will tell you your
peer is alive, and you can update your SA time-of-last-packet to the
current time.  But what's the point of that?  Short key lifetimes
solves this problem.


Scott Fanning <sfanning@cisco.com> writes:

> Bill
> Thats a good idea, but from an implementation point of view, I am not
> sure if I like the idea of maintaining a timestamp for every packet (SA
> Used) through a tunnel.
> I guess the problem I want to address with the heartbeats is dead-peer
> detection, and as a result do action foo. INITIAL-CONTACT does help in
> SADB sync'ing but is not authenticated and there is no assured delivery.
> I think that Scotts point of auditing is a good side-effect of dead-peer
> detection, and could also be tied to accounting, but I agree this is
> outside the scope of the problem.
> Scott
> Bill Sommerfeld wrote:
> > 
> > > Yes, it was pointed out at the ipsra meeting that accounting is not a
> > > requirement. However, what about auditing? For purposes of security
> > > auditing, it is necessary to know when a remote access client
> > > disconnects. Is this a valid requirement?
> > 
> > Wouldn't keeping track of the last time an SA was used, and logging it
> > into your audit trail when the SA expires or is deleted, be sufficient
> > for auditing purposes?
> > 
> >                                         - Bill

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
       warlord@MIT.EDU                        PGP key available

Follow-Ups: References: