[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Suggestion for SOI wrt PFS

To: Michael Thomas <mat@cisco.com>, "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Subject: RE: Suggestion for SOI wrt PFS
From: Chris Trobridge <CTrobridge@baltimore.com>
Date: Tue, 2 Apr 2002 10:29:07 +0100
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

I share this concern.

It's not the required average rate that's the problem - I reckon this is
likely to be less than one per second.  The issue is the peak rate required
when a system (re)starts.  This is particularly acute with star networks and
impacts onto reliability.

Chris

-----Original Message-----
From: Michael Thomas [mailto:mat@cisco.com]
Sent: 01 April 2002 15:57
To: Angelos D. Keromytis
Cc: Jan Vilhuber; Bill Sommerfeld; andrew.krywaniuk@alcatel.com;
ipsec@lists.tislabs.com
Subject: Re: Suggestion for SOI wrt PFS 

Angelos D. Keromytis writes:
 > So you're saying that you *do* have a business need for a box that can
 > support a sustained SA setup rate of 1000 tunnels/second ? Could you
 > expand on it ?

Oh please. Not everything is a site-site VPN. IKE
was specifically deemed useless by Packetcable for
cable telephony because restart avalanches of tens
or hundreds of *thousands* subscriber boxes would
lead to unacceptible down times. That's *one*
business need, and hardly a unique one. Any high
fan out use of IPsec is going to care a great deal
about how the high fan in box behaves, and the
number of SA's per second is an important number.

	  Mike

-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

In addition, certain Marketing collateral may be added from time to time to 
promote Baltimore Technologies products, services, Global e-Security or 
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

Prev by Date: Re: Move TS to optional (RE: Don't remove TS from IKEv2)
Next by Date: Re: Suggestion for SOI wrt PFS
Prev by thread: Re: Suggestion for SOI wrt PFS
Next by thread: Fixing identity and cert-sending
Index(es):
- Date
- Thread