[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec error protocol

To: ji@research.att.com
Subject: Re: ipsec error protocol
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Tue, 30 Jan 2001 20:53:49 -0500
Cc: andrew.krywaniuk@alcatel.com, sommerfeld@East.Sun.COM, fd@cisco.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <200101310120.UAA08154@bual.research.att.com>, ji@research.att.com w
rites:
>"keepalive" is a misnomer.  The proper term is "makedead".
>

More or less.  A keep-alive is a way to temporarily disarm a 
timer-based make-dead mechanism.  Thus, TCP may have a keep-alive
with a 2-hour minimum timeout (RFC 1122, Section 4.2.3.6).  The 
*intent* is that a connection that is idle for two hours be made dead; 
that's the purpose of the requirement.  And that, in turn, is because 
connections consume certain resoures that end systems may need to 
recover.  The keep-alive is a message sent in the absence of other 
traffic, to inform the other side that there is still a host (and, 
presumably, an application) that wants the connection to persist, even 
though it is temporarily idle.  But -- and it's an important "but" -- 
if no such message can get through for two hours, yes, the connection 
should be torn down if the hosts or connections have that feature
configured.

		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: Re: ipsec error protocol
Next by Date: RE: ipsec error protocol
Prev by thread: Re: ipsec error protocol
Next by thread: Re: ipsec error protocol
Index(es):
- Main
- Thread