[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

To: Jan Vilhuber <vilhuber@cisco.com>
Subject: Re: Heartbeats Straw Poll
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Tue, 08 Aug 2000 17:06:55 -0400
Cc: Michael Richardson <mcr@solidum.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <Pine.LNX.4.21.0008081353560.1719-100000@janpc-home.cisco.com>, Jan 
Vilhuber writes:
>On Tue, 8 Aug 2000, Michael Richardson wrote:
>> 
>>   No need. The SA tells you.
>>   You just don't care if you see the ICMP Echo Response. You see *traffic*
>> that is that is enough to know that things are alive. If you see no traffic
>> for awhile, then you must force some to see if the SA is alive.  The only
>> thing that this screws up is some NAS/client PPP idle timer, but all
>> heartbeat/make-dead protocols screw that up.
>> 
>I also don't remember seeing that all hosts MUST answer to icmp echo
>requests. Lots of hosts don't. Lots of firewalls don't. Your policy may
>exclude them.

Section 3.2.2.6 of RFC 1122:

            Every host MUST implement an ICMP Echo server function that
            receives Echo Requests and sends corresponding Echo Replies.
 
As for policy issues -- they're connecting to *your* gateway, so you 
define the service requirements.  


		--Steve Bellovin

Follow-Ups:

Re: Heartbeats Straw Poll

From: Jan Vilhuber <vilhuber@cisco.com>

Prev by Date: Re: Heartbeats Straw Poll
Next by Date: Re: Heartbeats Straw Poll
Prev by thread: Re: Heartbeats Straw Poll
Next by thread: Re: Heartbeats Straw Poll
Index(es):
- Main
- Thread