Re: Heartbeats Straw Poll

["Steven M. Bellovin" <smb@research.att.com>]

In message <p05000a47b5b615ec64f7@[165.227.249.17]>, Paul Hoffman / VPNC writes
:

>
>So far, the two gateway resources that have been best identified are 
>state memory and IP addresses. Despite memory being cheap, we might 
>want to conserve it if the process for conserving it is not too 
>onerous. As for IP addresses, we don't need to be any more aggressive 
>about them than the current protocol that uses them, namely DHCP.

Precisely.  In ipsra, it was pointed out that we need some sort of
identifier to pass to DHCP in lieu of a MAC address.  If we use, say, 
the cert-id, someone who dials in anew and negotiates a new SA will get 
the same DHCP address, which is exactly what you want to preserve 
ongoing application connections.  Furthermore, by DHCP semantics you 
can't reuse an address until its lease is up, which again means that 
you don't need a heartbeat to tell you that you've lost touch.  

As for memory -- pulling out a random catalog that's sitting on my desk 
right now, it seems that desktop memory costs ~$2/meg.  How many SAs 
can I fit in 1 meg?  Easily worth the $2, especially when I think of 
what the programmer time would be to implement something complex.



		--Steve Bellovin

---

Follow-Ups:

• Re: Heartbeats Straw Poll
• From: "Scott G. Kelly" <skelly@redcreek.com>

---

• Prev by Date: Re: Heartbeats Straw Poll
• Next by Date: Re: Heartbeats Straw Poll
• Prev by thread: Re: Heartbeats Straw Poll
• Next by thread: Re: Heartbeats Straw Poll
• Index(es):
  • Main
  • Thread