[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec error protocol

To: "sankar ramamoorthi" <sankar@nexsi.com>
Subject: Re: ipsec error protocol
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 31 Jan 2001 20:55:44 -0500
Cc: "Stephen Kent" <kent@bbn.com>, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <DIEPJEEKAPMEEKEELGGCMEOJCGAA.sankar@nexsi.com>, "sankar ramamoorthi
" writes:

>>
>>admittedly, this scheme places a limit on receiver window size, i.e., it
>must be less than 2**32.
>>
>>
>>anyone have a problem with that?
>>
>
>
>If the receiver window is limited to 2**32 bits, then it means
>at 10Gig/sec speeds  the receiver has to rekey after 400 seconds.
>
>Is that acceptable?
>

No, that's not what Steve meant.  The window is effectively the limit 
on out-of-order packets.  When a packet arrives, it has a sequence 
number.  But the receiver has to keep track of packets that haven't 
arrived yet.  This is typically done by a bit mask.  See the end of 
section 3.4.3 in RFC 2406 and Appendix C of 2401.

		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: RE: ipsec error protocol
Next by Date: Re: ipsec error protocol
Prev by thread: Re: ipsec error protocol
Next by thread: FW: [Tsvwg] Last Call: The Addition of Explicit Congestion Notification (ECN) to IP to Proposed Standard
Index(es):
- Main
- Thread