[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stephane's Comments on IKEv2
"Stephane Beaulieu" <stephane@cisco.com> writes:
> I'm still not very keen on this "windowing" concept. It seems that the
> initiator will have to perform some logic to ensure that it doesn't
> overwhelm the responder. In essence, the initiator is doing the responder's
> job in managing it's resources. I prefer the model where the initiator
> makes requests, and the responder processes as many as he can. Once the
> responder is overwhelmed, it starts to ignore requests. The initiator's job
> in this case is to ensure that it re-requests the service if it is still
> needed, or perhaps attempt a connection with a secondary Gateway which is
> hopefully not as busy.
As TCP has shown, you want to squelch traffic as close to the source
as possible. The fact that the initiator is behaving properly is a
Good Thing (TM). However you are correct that the responder should
still protect itself from a misbehaving initiator. This doesn't mean
that initiators should be free to drown out a responder if they
believe they REALLY want that service! ;)
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References: