Date: Fri, 10 Aug 2001 21:02:37 -0700 From: "John Van Boxtel" <jvb@whoowl.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: distributed natd Message-ID: <004701c1221a$89c57dc0$6b00a8c0@vanbo.whoowl.com> References: <Pine.BSF.4.21.0108102028450.88285-100000@lhotse.zaraska.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Not quite, I'm afraid. If a host shuts down it will close open > connections; yet if it dies suddenly (power down, cable cut, etc.) you > will get connection timeout. Unfortunately we should switch gateways ASAP > after failure. Standard TCP timeout seems too long for me. Do you know any > way to shorten this time? Therefore I would rather make gateways "ping" > each other over the link say once a second. There's a technique IRC > servers use to check if client is still alive: once a minute or so they > send the client a "PING" command; if the client does not say "PONG" > without given interval they assume it's dead an shut down the connection. > Something like that could be used here. Of course if TCP connection shuts > down it would also signal that something is wrong. So maybe a persistant TCP connection that sends keep alive type packets. > > This would not be useful for telling if that gateway no longer has > > an upstream connection > If a gateway is alive and looses it's upstream connection and knows it > (interface down, inability to ping next router, etc.) it could detect it > and send the appropriate message to peer gateways. Keeping with the above ping pong idea, maybe instead of icmp packets you can stick with TCP and have the data in the packet have some sort of "upstream ok" / "upstream down" bit in it... > > Interesting stuff :-) > Yeah. I like this subject too. :-) Always fun to think about thinks that have not been tried, of course maybe this all has and we are talking about this thing called the wheel... JVB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004701c1221a$89c57dc0$6b00a8c0>