Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01

From: Nicolas Williams <Nicolas.Williams_at_nospam>
Date: Tue Oct 13 2009 - 18:54:58 GMT
To: Yaron Sheffer <yaronf@checkpoint.com>

On Tue, Oct 13, 2009 at 01:34:24PM -0500, Nicolas Williams wrote:
> Done.

One more comment:

State keeping by intermediate nodes is described as an optimization, however: a) I'm not sure that that necessarily follows, since state keeping and cache index lookups are not free, and anyways, b) in some cases, particularly where the next header is TCP or UDP, state keeping appears to be a requirement for establishing confidence in heuristics results.

(b) is the key issue. Some advice on state cache sizing may be useful. E.g., if an entry is dropped out of the cache due to cache pressure, how costly will that be in terms of additional inspection effort for future packets for that flow, and in terms of resulting future cache pressure?

Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

This message: [ Message body ]
Next message: Paul Hoffman: "Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01"
Previous message: Nicolas Williams: "Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01"
In reply to: Nicolas Williams: "Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01"
Next in thread: Tero Kivinen: "Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]