[j-nsp] IPSEC tunnel
Burkhard Ott
bott at revenuewire.com
Wed Jan 4 17:39:18 EST 2012
On Wed, 4 Jan 2012 22:29:11 +0000
Humair Ali <humair.s.ali at gmail.com> wrote:
> Yep , I stand corrected !
>
> *DPD addresses the shortcomings of IKE keepalives- and heartbeats-
> schemes by introducing a more reasonable logic governing message
> exchange*
Well, not entirly.
While heartbeat and keepalive is very similar, DPD sends for instance
the vendor ID (MUST) to the peer. There is much more logic in DPD
than it is in keepalive hello's, while keepalive and heartbeats rely
on a timimg intervall DPD can request it whenever it needs to know if
the peer is alive or not.
>
>
> On 4 January 2012 22:08, Burkhard Ott <bott at revenuewire.com> wrote:
>
> > On Wed, 4 Jan 2012 21:58:10 +0000
> > Humair Ali <humair.s.ali at gmail.com> wrote:
> >
> > > Hi Asad
> > >
> > > it's been a while I have not been involved with Netscreen,
> > >
> > > but correct me if I am wrong but IKE Keepalive and DPD are exactly
> > > the same thing,
> >
> > Nope.
> >
> > http://www.ietf.org/rfc/rfc3706.txt
--
Burkhard Ott
Sr. System Administrator
Revenuewire Inc.
1205 - 4464 Markham Street
Victoria, BC V8Z 7X8
250-984-1132 ext. 7132
More information about the juniper-nsp
mailing list