On Tue, Oct 13, 2009 at 01:34:24PM -0500, Nicolas Williams wrote: > Done.
One more comment: - State keeping by intermediate nodes is described as an optimization, however: a) I'm not sure that that necessarily follows, since state keeping and cache index lookups are not free, and anyways, b) in some cases, particularly where the next header is TCP or UDP, state keeping appears to be a requirement for establishing confidence in heuristics results. (b) is the key issue. Some advice on state cache sizing may be useful. E.g., if an entry is dropped out of the cache due to cache pressure, how costly will that be in terms of additional inspection effort for future packets for that flow, and in terms of resulting future cache pressure? Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
