[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

To: "Steven M. Bellovin" <smb@research.att.com>
Subject: Re: Heartbeats Straw Poll
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Tue, 8 Aug 2000 14:09:03 -0700 (PDT)
cc: Michael Richardson <mcr@solidum.com>, ipsec@lists.tislabs.com
In-Reply-To: <20000808210659.1BD7F35DC2@smb.research.att.com>
Sender: owner-ipsec@lists.tislabs.com

I stand corrected.

jan


On Tue, 8 Aug 2000, Steven M. Bellovin wrote:

> In message <Pine.LNX.4.21.0008081353560.1719-100000@janpc-home.cisco.com>, Jan 
> Vilhuber writes:
> >On Tue, 8 Aug 2000, Michael Richardson wrote:
> >> 
> >>   No need. The SA tells you.
> >>   You just don't care if you see the ICMP Echo Response. You see *traffic*
> >> that is that is enough to know that things are alive. If you see no traffic
> >> for awhile, then you must force some to see if the SA is alive.  The only
> >> thing that this screws up is some NAS/client PPP idle timer, but all
> >> heartbeat/make-dead protocols screw that up.
> >> 
> >I also don't remember seeing that all hosts MUST answer to icmp echo
> >requests. Lots of hosts don't. Lots of firewalls don't. Your policy may
> >exclude them.
> 
> Section 3.2.2.6 of RFC 1122:
> 
>             Every host MUST implement an ICMP Echo server function that
>             receives Echo Requests and sends corresponding Echo Replies.
>  
> As for policy issues -- they're connecting to *your* gateway, so you 
> define the service requirements.  
> 
> 
> 		--Steve Bellovin
> 
> 
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

References:

Re: Heartbeats Straw Poll

From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: Re: Heartbeats Straw Poll
Next by Date: Re: Heartbeats Straw Poll
Prev by thread: Re: Heartbeats Straw Poll
Next by thread: RE: Heartbeats Straw Poll
Index(es):
- Main
- Thread