[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Do we actually need dynamic ports?



> - Keep a policy marker around and add or subtract relative to the marker
> - Delete the old SA and create a new one when you want to add or subtract

I hope you really mean:

	"create a new one, cut over to it, then delete the old one after a
	 suitable delay to allow packets in flight to land"

And, if so, I think this is preferable -- it avoids any ambiguity of
interpretation with respect to the ordering of the selector add/delete
vs. traffic in flight.

					- Bill