[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Regardind IPsec Databases

To: ipsec@lists.tislabs.com
Subject: Regardind IPsec Databases
From: ranjeet barve <ranjeet_barve@yahoo.co.in>
Date: Fri, 23 Nov 2001 09:37:46 +0000 (GMT)
Sender: owner-ipsec@lists.tislabs.com

Hi,
Please could you help me on the following points,

1) This question is with reference with the few
postings on the mailing list regarding Number of SPD
Records. I do agree that the Number of SPD 
entries is a function of the local access control
policy and the breadth of connectivity. But can a
rough estimate of the number of SPD,SAD and SA
database entries be made given that the gateway
supports 25 tunnels ,100 tunnels and 1000 tunnels
simultaneously as three different cases. If 
yes, then please can you give me the rough estimates
for the same.

2) It was mentioned in a few postings that the SPD and
SAD databases are STATIC. Does this mean that one is
not supposed to Delete entries(policies)from these
Databases? Actually deleting a single entry from the
SPD database could lead to recursive deletions and
re-arranging of the SAD Database and consequently
re-ordering of numerous pointers from the SPD to SAD
database.
Or does it mean that they dont change dynamically?

3) Whenever we are supposed to change  the Action
field of the IPsec Policy entry from IPsec bundle to
Relay or Discard, what happens to the pointer that
existed initially from the SPD policy to SAD entry
specific to that policy (nextSADPtr) and the
corresponding entries in the SAD.

Regards,
Ranjeet.
(ranjeet@it.iitb.ac.in)


____________________________________________________________
  *NEW*   over 2200 active jobs at Yahoo! Careers   *NEW*
            Visit http://in.careers.yahoo.com/

Prev by Date: Re: SOI: identity protection and DOS
Next by Date: Re: latest ipsec/pki bake off results
Prev by thread: Notification Types
Next by thread: Re: Regardind IPsec Databases
Index(es):
- Main
- Thread