[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SOI QUESTION: 4.3 Dead peer detection
>
>
> Please discuss and answer this question:
>
>
> 4.3 Dead peer detection
>
> 4.3.A) Both JFK and IKEv2 provide dead peer detection via a
> "keep-alive" mechanism. The functionality provided is roughly
> identical. Does anyone care about how low-level implementation
> details of IKEv2 and JFK?
SOI MUST be able to handle black-hole detection & resource recovery. If a
DPD type mechanism is the best way to handle that, then that's what we need
to do.
On a side note, I believe both JFK and IKEv2 use more of a "ping" than a
"keep-alive" mechanism. The expression "keep-alive" tends to cause a
knee-jerk reaction as developers tend to equate it to a "make-dead"
mechanism.
>
> 4.3.B) Should the working group consider other schemes which provide
> the same functionality as dead peer detection? (i.e., birth
> certificates, see section 3.5 in draft-ietf-ipsec-soi-features-01.txt)
I was under the impression that birth certificates were more of an
INITIAL-CONTACT replacement than DPD. In any case, to directly answer the
question, we need to consider ALL schemes, as long as they address the
requirements.
>
> Implications from the Scenarios:
>
> [none]