[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: delete grace timers
From: Michael Thomas <mat () cisco ! com>
Date: 2001-09-24 22:44:37
[Download RAW message or body]
I wanted to get this group's read on the utility
of grace timers, specifically when deleting SA's.
As far as I know IKE is silent on this matter, but
there is a potential race condition with packets
on a to-be-deleted SA with the delete
notification. With QoS reordering this may
actually be more frequent than it sounds. So
the question I have is:
1) Does implementing grace timers sound like a
useful addition to the protocol?
2) Should this actually be recommended by the
specs? I ask both in terms of KINK and SOI.
At some level, it really is an implentation
detail, but it sounds like experience shows that
unless it's a MUST or a SHOULD, implementation
will be spotty.
Mike
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic