[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Protocol and port fields in selectors

To: "'sakari'" <sakari.poussa@nokia.com>
Subject: RE: Protocol and port fields in selectors
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 9 Oct 2002 13:39:47 -0400
Cc: "'ipsec'" <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <F40FB5FE550A914F9C25AA54AB09E36818911C@esebe015.ntc.nokia.com>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

> That is actually the whole idea; to reduce the number of SAs. Since
> we are talking about several hundred thousands of SAs,
> cutting the size
> in half reduces the memory requirements (a lot) and improves
> performance.

This is essentially the argument against port and protocol based SAs in
general. If you just used a firewall rule to block stray packets you
wouldn't have this problem. Trying to reduce the memory footprint after
mandating port-constrained SAs is like optimizing bubble sort.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.

References:
- RE: Protocol and port fields in selectors
  - From: sakari.poussa@nokia.com

Prev by Date: Re: Protocol and port fields in selectors
Next by Date: Fwd: WG Action: Securing Neighbor Discovery (send)
Prev by thread: Re: Protocol and port fields in selectors
Next by thread: RE: Protocol and port fields in selectors
Index(es):
- Date
- Thread