[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec error protocol
> Can we please not be dogmatic about this? Keepalives come with certain
> well-known pitfalls; if you know what they are, you can invent a scheme with
> whatever design tolerances you desire.
keepalives:
- do not quickly detect loss of state unless the keepalive timeout is
very short.
- generate traffic even when applications have nothing to say. if
the keepalive timeout is short, they may even generate more overhead
packets than "real" traffic
- have no way to distinguish temporary loss of connectivity
from permanent loss of state, resulting in premature
disconnects.
They are an extremely poor fit for the problem.
- Bill
References: