Scott C Moonen writes: > > As the host is sending traffic it will immediately notice when it is > > not getting ACKs back from the GW, i.e. when the traffic gets > > unidirectional, and again it can start fixing situation at that > > point. > > But Tero, that process can take several minutes. First the host initiates > a liveness exchange, then after a minute or two of retransmissions it times > out, then starts to negotiate a new IKE SA.
On bad implementation it can even take forever, if they do not implement any kind of crash recovery code. On good implementation it will recover in few seconds after the GW is up again (i.e when GW receives first unknown ESP packet and finds Host from its configuration and recreates IKE SA and sends delete for ESP, or when client sends next IP packet which will cause GW to recreate IKE SA and Child SA as they do not exists). > By that time the TCP connection has timed out. TCP Timeouts are several minutes too, so TCP connections should not time out that soon. > This is *exactly* the problem that QCD is > designed to fix, and if I am the host here I definitely want to take > advantage of QCD in this situation rather than lose my TCP connection. Host will notice that traffic changed unidirectional and should start liveness check way before the GW has even recovered, and especially if it receives hints from the other end that GW has crashed (ICMP host unreachables, protocol unreachables, IKE invalid SPI notifications etc), then it can shorten timeouts needed to really delete IKE SA and start over. Bad implementation can take that much time that TCP connections times out, but not all implementations needs to be bad, you can also make good implementations and if you are writing that host implementation better make that implementation good so it will work regardless whether QCD is there or not. It seems that in most discussions about QCD people assume that the IPsec implementations are the very bad and the QCD is magic wand that will make those implementations good. I do not expect that to happen. If the vendors have not bothered to care about crash recover before QCD, I do not expect them to be bothering about it later either, meaning they most likely will not implement QCD. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
