[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heartbeats Straw Poll
In message <p05000a47b5b615ec64f7@[165.227.249.17]>, Paul Hoffman / VPNC writes
:
>
>So far, the two gateway resources that have been best identified are
>state memory and IP addresses. Despite memory being cheap, we might
>want to conserve it if the process for conserving it is not too
>onerous. As for IP addresses, we don't need to be any more aggressive
>about them than the current protocol that uses them, namely DHCP.
Precisely. In ipsra, it was pointed out that we need some sort of
identifier to pass to DHCP in lieu of a MAC address. If we use, say,
the cert-id, someone who dials in anew and negotiates a new SA will get
the same DHCP address, which is exactly what you want to preserve
ongoing application connections. Furthermore, by DHCP semantics you
can't reuse an address until its lease is up, which again means that
you don't need a heartbeat to tell you that you've lost touch.
As for memory -- pulling out a random catalog that's sitting on my desk
right now, it seems that desktop memory costs ~$2/meg. How many SAs
can I fit in 1 meg? Easily worth the $2, especially when I think of
what the programmer time would be to implement something complex.
--Steve Bellovin
Follow-Ups: