Re: How many spd recrds ?

["mahdavi" <mahdavi@sepahan.iut.ac.ir>]

Hi Derek.
I did not asked about theorical maximum.
I just said "Typicaly how many SPD  records are reqired ?".

In Other sentence I said "I want to have an estimation of maximum SPD
records that an administrator may  defines".

It is funny to think an administrator may define 2^32 firewall rules; and I
know that.

I mean regularly ( in average , typically  , ... ) how many SPD record may
an administrator define.

Best regards
mahdavi.



----- Original Message -----
From: "Derek Atkins" <warlord@mit.edu>
To: "James Tiller" <tiller@lucent.com>
Cc: <ipsec@lists.tislabs.com>
Sent: Wednesday, 19 September, 2001 6:48 ÚÕÑ
Subject: Re: How many spd recrds ?


> Actually, theoretically, it can be even bigger than that.  You can
> imagine a SPD that had multiple entries for each SPI.  Imagine a
> system where each SPI implies N SPD rules, because you want to define
> rules for, say, each and every port for each and every host out there
> on the internet (because each host is _special_).
>
> -derek
>
> James Tiller <tiller@lucent.com> writes:
>
> > Derek -
> >
> > Just out of curiosity, why 2^32? Is this because the SPI is 32 bits?
> > If so, wouldn't this be the limits of the number of SA's effecting the
> > SAD, whereas the policy database (SPD) is supporting the "types" or
> > attributes defining the SA's?
> >
> > One more curious point. If the policy defines the accepted operations
> > to apply, deny, or pass data - technically, wouldn't that be
> > unlimited? Because I could build a policy that affects only certain
> > selectors based on IP address or fully qualified name - which could be
> > limitless.
> >
> > Just curious. Thankx for any answer!
> >
> > -------------
> > Best regards,
> > -jim
> >
> >
> >
> > Monday, September 10, 2001, 9:36:14 AM, Derek wrote:
> >
> > Atkins> There isn't any theoretical maximum.  It's like asking "how many
firewall
> > Atkins> rules could you have?"  The answer: unlimited.
> >
> > Atkins> There is a practical limit of approximately 2^32 per interface
per peer.
> >
> > Atkins> -derek
> >
> > Atkins> mahdavi@sepahan.iut.ac.ir writes:
> >
> > >> Hi all.
> > >>
> > >> Imagine we have a high speed security gateway (Giga bit). Typicaly
how many SPD
> > >> records are reqired ?
> > >> about 10 ?
> > >> about 50 ?
> > >> about 100 ?
> > >> about 1000 !!!???
> > >>
> > >> how much?
> > >>
> > >> I want to have an estimation of maximum SPD records that an
administrator may
> > >> defines.
> > >>
> > >> sincerely yours
> > >> mahdavi
> > >>
> > >>
> > >>
> > >>
> > >>
>
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

---

Follow-Ups:

• Re: How many spd recrds ?
• From: Stephen Kent <kent@bbn.com>

References:

• How many spd recrds ?
• From: mahdavi@sepahan.iut.ac.ir
• Re: How many spd recrds ?
• From: Derek Atkins <warlord@mit.edu>
• Re: How many spd recrds ?
• From: James Tiller <tiller@lucent.com>
• Re: How many spd recrds ?
• From: Derek Atkins <warlord@mit.edu>

---

• Prev by Date: Re: How many spd recrds ?
• Next by Date: an ambiguity of draft-shacham-ippcp-rfc2393bis-07
• Prev by thread: Re: How many spd recrds ?
• Next by thread: Re: How many spd recrds ?
• Index(es):
  • Main
  • Thread