[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec error protocol
In message <DIEPJEEKAPMEEKEELGGCMEOJCGAA.sankar@nexsi.com>, "sankar ramamoorthi
" writes:
>>
>>admittedly, this scheme places a limit on receiver window size, i.e., it
>must be less than 2**32.
>>
>>
>>anyone have a problem with that?
>>
>
>
>If the receiver window is limited to 2**32 bits, then it means
>at 10Gig/sec speeds the receiver has to rekey after 400 seconds.
>
>Is that acceptable?
>
No, that's not what Steve meant. The window is effectively the limit
on out-of-order packets. When a packet arrives, it has a sequence
number. But the receiver has to keep track of packets that haven't
arrived yet. This is typically done by a bit mask. See the end of
section 3.4.3 in RFC 2406 and Appendix C of 2401.
--Steve Bellovin, http://www.research.att.com/~smb