RE: SOI QUESTION: 4.3 Dead peer detection

["Stephane Beaulieu" <stephane@cisco.com>]

>
>
> Please discuss and answer this question:
>
>
> 4.3 Dead peer detection
>
> 4.3.A) Both JFK and IKEv2 provide dead peer detection via a
> "keep-alive" mechanism.  The functionality provided is roughly
> identical.  Does anyone care about how low-level implementation
> details of IKEv2 and JFK?

SOI MUST be able to handle black-hole detection & resource recovery.  If a
DPD type mechanism is the best way to handle that, then that's what we need
to do.

On a side note, I believe both JFK and IKEv2 use more of a "ping" than a
"keep-alive" mechanism.  The expression "keep-alive" tends to cause a
knee-jerk reaction as developers tend to equate it to a "make-dead"
mechanism.


>
> 4.3.B) Should the working group consider other schemes which provide
> the same functionality as dead peer detection?  (i.e., birth
> certificates, see section 3.5 in draft-ietf-ipsec-soi-features-01.txt)

I was under the impression that birth certificates were more of an
INITIAL-CONTACT replacement than DPD.  In any case, to directly answer the
question, we need to consider ALL schemes, as long as they address the
requirements.

>
> Implications from the Scenarios:
>
> [none]