Re: Stephane's Comments on IKEv2

[Derek Atkins <warlord@mit.edu>]

"Stephane Beaulieu" <stephane@cisco.com> writes:

> I'm still not very keen on this "windowing" concept.  It seems that the
> initiator will have to perform some logic to ensure that it doesn't
> overwhelm the responder.  In essence, the initiator is doing the responder's
> job in managing it's resources.  I prefer the model where the initiator
> makes requests, and the responder processes as many as he can.  Once the
> responder is overwhelmed, it starts to ignore requests.  The initiator's job
> in this case is to ensure that it re-requests the service if it is still
> needed, or perhaps attempt a connection with a secondary Gateway which is
> hopefully not as busy.

As TCP has shown, you want to squelch traffic as close to the source
as possible.  The fact that the initiator is behaving properly is a
Good Thing (TM).  However you are correct that the responder should
still protect itself from a misbehaving initiator.  This doesn't mean
that initiators should be free to drown out a responder if they
believe they REALLY want that service! ;)

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

---

References:

• Re: Stephane's Comments on IKEv2
• From: Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
• Re: Stephane's Comments on IKEv2
• From: "Stephane Beaulieu" <stephane@cisco.com>

---

• Prev by Date: Re: compare-jfk-sigma.txt
• Next by Date: Réf. : SA look up
• Prev by thread: Re: Stephane's Comments on IKEv2
• Next by thread: Re: Stephane's Comments on IKEv2
• Index(es):
  • Main
  • Thread