[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec error protocol
In message <200101310120.UAA08154@bual.research.att.com>, ji@research.att.com w
rites:
>"keepalive" is a misnomer. The proper term is "makedead".
>
More or less. A keep-alive is a way to temporarily disarm a
timer-based make-dead mechanism. Thus, TCP may have a keep-alive
with a 2-hour minimum timeout (RFC 1122, Section 4.2.3.6). The
*intent* is that a connection that is idle for two hours be made dead;
that's the purpose of the requirement. And that, in turn, is because
connections consume certain resoures that end systems may need to
recover. The keep-alive is a message sent in the absence of other
traffic, to inform the other side that there is still a host (and,
presumably, an application) that wants the connection to persist, even
though it is temporarily idle. But -- and it's an important "but" --
if no such message can get through for two hours, yes, the connection
should be torn down if the hosts or connections have that feature
configured.
--Steve Bellovin, http://www.research.att.com/~smb