Re: How many spd recrds ?

[James Tiller <tiller@lucent.com>]

Derek -

Just out of curiosity, why 2^32? Is this because the SPI is 32 bits?
If so, wouldn't this be the limits of the number of SA's effecting the
SAD, whereas the policy database (SPD) is supporting the "types" or
attributes defining the SA's?

One more curious point. If the policy defines the accepted operations
to apply, deny, or pass data - technically, wouldn't that be
unlimited? Because I could build a policy that affects only certain
selectors based on IP address or fully qualified name - which could be
limitless.

Just curious. Thankx for any answer!

-------------
Best regards,
-jim



Monday, September 10, 2001, 9:36:14 AM, Derek wrote:

Atkins> There isn't any theoretical maximum.  It's like asking "how many firewall
Atkins> rules could you have?"  The answer: unlimited.

Atkins> There is a practical limit of approximately 2^32 per interface per peer.

Atkins> -derek

Atkins> mahdavi@sepahan.iut.ac.ir writes:

>> Hi all. 
>> 
>> Imagine we have a high speed security gateway (Giga bit). Typicaly how many SPD 
>> records are reqired ? 
>> about 10 ? 
>> about 50 ? 
>> about 100 ? 
>> about 1000 !!!???
>> 
>> how much?
>> 
>> I want to have an estimation of maximum SPD records that an administrator may 
>> defines. 
>> 
>> sincerely yours
>> mahdavi 
>> 
>> 
>> 
>> 
>>

---

Follow-Ups:

• Re: How many spd recrds ?
• From: Derek Atkins <warlord@mit.edu>

References:

• How many spd recrds ?
• From: mahdavi@sepahan.iut.ac.ir
• Re: How many spd recrds ?
• From: Derek Atkins <warlord@mit.edu>

---

• Prev by Date: Why can't ESP authenticate IP header?
• Next by Date: Re: How many spd recrds ?
• Prev by thread: Re: How many spd recrds ?
• Next by thread: Re: How many spd recrds ?
• Index(es):
  • Main
  • Thread