[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Peer liveliness

To: Ravi <ravivsn@roc.co.in>, ipsec@lists.tislabs.com
Subject: Re: Peer liveliness
From: suren <suren@intotoinc.com>
Date: Wed, 23 Apr 2003 11:38:27 -0700
In-Reply-To: <3E9F87B2.7070902@roc.co.in>
Sender: owner-ipsec@lists.tislabs.com

Hi Ravi,
     It is good idea to find out whether the peer SA is dead or not. I 
support this and
     would like to see some draft in this regard.
Suren

At 10:35 AM 4/18/2003 +0530, Ravi wrote:

>  Hi,
>   I was going through several drafts related to peer liveliness. But, 
> some of practical
>   problems faced in actual deployment may not be solved by these proposals.
>   INITIAL_CONTACT Notification : It indicates that the Peer was dead and 
> cameback.
>   DPD:  Checks the liveliness of the peer.
>   I feel, we require interoperable solution to check liveliness of SA ie 
> Dead Peer SA detection
>  (DPSD).
>   DPD specification can be enhanced to achieve this.
>   Protocol-ID and SPI fields can be made mandatory.
>   Protocol-ID can be ESP/AH/IKE.
>   SPI : In case of IKE, it could be cookies and in case of ESP/AH, it is 
> SPI (inbound SA's SPI
>        on the peer).
>   If peer is not dead, but SAs were deleted either due to temporary 
> failure OR due to
>   restarting of some processes in the system can be detected with this 
> mechanism.
>   Does this makes sense? If so, I can contribute text to this effect.
>Regards,
>Ravi
>
>--
>
>
>The views presented in this mail are completely mine. The company is not 
>responsible for whatsoever.
>
>----------
>Ravi Kumar CH
>Rendezvous On Chip (i) Pvt Ltd
>Hyderabad, India
>Ph: +91-40-2335 1214 / 1175 / 1184
>
><http://www.roc.co.in>ROC home page
>

References:
- Peer liveliness
  - From: Ravi <ravivsn@roc.co.in>

Prev by Date: Re: Question on inbound IPSEC policy check
Next by Date: Re: Confirm decision on identity handling.
Prev by thread: RE: Peer liveliness
Next by thread: RE: Peer liveliness
Index(es):
- Date
- Thread