[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SA byte lifetime
At 20:20 20.9.2000 +0530, you wrote:
>Hi,
> I am having some doubts regarding the use of SA byte lifetime.
>Specifically for the case in which an SA bundle has been negotiated, say AH
>and ESP, the number of bytes processed by the AH SA will be different from
>the number of bytes processed by the ESP SA. Normally, for SA bundle case,
>ESP packet is encapsulated by AH, so the number of bytes processed by the
>AH SA will always be more than the ESP SA. So, in that case, the AH SA will
>expire before the AH SA. Now the problem is :
>1) Once the AH SA soft byte lifetime expires, should we :
> a) negotiate for the bundle again.- In this we are assuming that the ESP
>SA has also expired.
> b) negotiate for AH SA only - In this case, how ?
>
>2) Once the AH SA hard byte lifetime has expired, should we delete the ESP
>SA also.
>
>Thanks in Advance.
>
>Awan Kumar Sharma
>Software Engg.,
>Future Software Ltd.,
>Chennai - India
>
>
>
1) the answer is a)
2) of course.
Please link SAs together and treat them as a unit. Somehow.
Image a case where you have IPCOMP+ESP+AH.
That's 6 SAs in total.
Now you receive _one_ single delete notification for
the, say, incoming ESP.
What do you do? Delete just that SA? No, you delete all 6 SAs.
Jörn
Follow-Ups:
References: