[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggestion for SOI wrt PFS

To: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Subject: Re: Suggestion for SOI wrt PFS
From: Michael Thomas <mat@cisco.com>
Date: Mon, 1 Apr 2002 06:56:50 -0800 (PST)
Cc: Jan Vilhuber <vilhuber@cisco.com>, Bill Sommerfeld <sommerfeld@east.sun.com>, andrew.krywaniuk@alcatel.com, ipsec@lists.tislabs.com
In-Reply-To: <200203312325.g2VNP5Om019814@coredump.keromytis.com>
References: <Pine.LNX.4.33.0203311507080.21949-100000@janpc-home.cisco.com><200203312325.g2VNP5Om019814@coredump.keromytis.com>
Sender: owner-ipsec@lists.tislabs.com

Angelos D. Keromytis writes:
 > So you're saying that you *do* have a business need for a box that can
 > support a sustained SA setup rate of 1000 tunnels/second ? Could you
 > expand on it ?

Oh please. Not everything is a site-site VPN. IKE
was specifically deemed useless by Packetcable for
cable telephony because restart avalanches of tens
or hundreds of *thousands* subscriber boxes would
lead to unacceptible down times. That's *one*
business need, and hardly a unique one. Any high
fan out use of IPsec is going to care a great deal
about how the high fan in box behaves, and the
number of SA's per second is an important number.

	  Mike

Follow-Ups:
- Re: Suggestion for SOI wrt PFS
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

References:
- Re: Suggestion for SOI wrt PFS
  - From: Jan Vilhuber <vilhuber@cisco.com>
- Re: Suggestion for SOI wrt PFS
  - From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>

Prev by Date: Re: Move TS to optional (RE: Don't remove TS from IKEv2)
Next by Date: Re: Move TS to optional (RE: Don't remove TS from IKEv2)
Prev by thread: Re: Suggestion for SOI wrt PFS
Next by thread: Re: Suggestion for SOI wrt PFS
Index(es):
- Date
- Thread