[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT Traversal

To: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Subject: Re: NAT Traversal
From: Derek Atkins <derek@ihtfp.com>
Date: 07 Mar 2002 13:51:23 -0500
Cc: Stephen Kent <kent@bbn.com>, ipsec mailling list <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.GSO.4.33.0203071010140.13234-100000@cypher.cisco.com>
References: <Pine.GSO.4.33.0203071010140.13234-100000@cypher.cisco.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

"Chinna N.R. Pellacuru" <pcn@cisco.com> writes:

> If someone has just one IP address to use as his local endpoint, then
> probably 64K IPsec connections is more than enough for him. That box has
> to first be able to handle so many IPsec connections.

You are missing one thing.  Yes, there is a potential to hold 64k
connections, except by the birthday paradox you will get a hash
collision after 256 connections.  Don't you think that 256 connections
is too few?

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

References:
- Re: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: Re: NAT Traversal
Next by Date: RE: Choosing between IKEv2 and JFK
Prev by thread: Re: NAT Traversal
Next by thread: Re: NAT Traversal
Index(es):
- Date
- Thread