On Fri, 3 Sep 2010, Pekka Riikonen wrote:
: something like next_message_id += window_size / 2, and be happy. Though,
: implementation must ensure it never sends more than the increment (that's why
: window size of 1 doesn't work to begin with). Why was the window size defined
: by default to 1 anyway? Is there a reason why this wouldn't work?
:
This doesn't actually work. I think I'm seeing some ambiquity in the spec
when window size > 1. But, there's still ways to make this work easier
than with new exchange.
We could add new RESET_WINDOW notify that, when received inside a valid
window will reset the left side of the window to the value requested. In
failover (assuming window size > 1), the online node can send the
notification to reset the window to the new value. Responder clears the
old states in the window as initiator has now deemed them lost.
Responder must reply with its N(RESET_WINDOW).
At the same time we should add GET_WINDOW_SIZE notify which initiator can
use to request/require responder to set the window size. Responder SHOULD
respond with SET_WINDOW_SIZE of at least the same size. So when initiator
sends its N(SET_WINDOW_SIZE) it could at the same time require the
responder to send it too.
All these notifications in the ikev2bis should be "MUST be supported".
And then of course there's the poor man's way, where implementation after
the failover could keep sending empty INFORMATIONAL's with new message
ids, and wait until it receives response. It now knows the message ids
to both directions. This requires that the message ids are synced in the
cluster after every packet, so that node has recent values in the
failover.
Pekka
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
