[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How many spd recrds ?
Actually, theoretically, it can be even bigger than that. You can
imagine a SPD that had multiple entries for each SPI. Imagine a
system where each SPI implies N SPD rules, because you want to define
rules for, say, each and every port for each and every host out there
on the internet (because each host is _special_).
-derek
James Tiller <tiller@lucent.com> writes:
> Derek -
>
> Just out of curiosity, why 2^32? Is this because the SPI is 32 bits?
> If so, wouldn't this be the limits of the number of SA's effecting the
> SAD, whereas the policy database (SPD) is supporting the "types" or
> attributes defining the SA's?
>
> One more curious point. If the policy defines the accepted operations
> to apply, deny, or pass data - technically, wouldn't that be
> unlimited? Because I could build a policy that affects only certain
> selectors based on IP address or fully qualified name - which could be
> limitless.
>
> Just curious. Thankx for any answer!
>
> -------------
> Best regards,
> -jim
>
>
>
> Monday, September 10, 2001, 9:36:14 AM, Derek wrote:
>
> Atkins> There isn't any theoretical maximum. It's like asking "how many firewall
> Atkins> rules could you have?" The answer: unlimited.
>
> Atkins> There is a practical limit of approximately 2^32 per interface per peer.
>
> Atkins> -derek
>
> Atkins> mahdavi@sepahan.iut.ac.ir writes:
>
> >> Hi all.
> >>
> >> Imagine we have a high speed security gateway (Giga bit). Typicaly how many SPD
> >> records are reqired ?
> >> about 10 ?
> >> about 50 ?
> >> about 100 ?
> >> about 1000 !!!???
> >>
> >> how much?
> >>
> >> I want to have an estimation of maximum SPD records that an administrator may
> >> defines.
> >>
> >> sincerely yours
> >> mahdavi
> >>
> >>
> >>
> >>
> >>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups:
References: