Racing QM Initiator's
Ben McCann <bmccann@indusriver.com> Wed, 13 October 1999 21:16 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id OAA14861; Wed, 13 Oct 1999 14:16:28 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA24694 Wed, 13 Oct 1999 15:15:49 -0400 (EDT)
Message-ID: <3804DAB3.6A8B3529@indusriver.com>
Date: Wed, 13 Oct 1999 15:17:07 -0400
From: Ben McCann <bmccann@indusriver.com>
X-Mailer: Mozilla 4.6 [en] (Win95; I)
X-Accept-Language: en
MIME-Version: 1.0
To: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
Subject: Racing QM Initiator's
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
By dumb luck, I just had two SG's attempt a QM exchange with each
other _at_the_same_time_. Each sent the first QM packet as initiator and
each got that packet and tried to act as QM responder. Both got confused
because they both switched from Initiator to Responder in mid-stream.
Here was my test configuration:
C1-----SG=======SG-----C2
Clients 1 and 2 (C1, C2) are both pinging each other. Policy on the
SG's creates tunnel mode SA's for the ping traffic. The current Phase
2 SA for ping expires at the same time on both SG's. Then next ping
send by each client triggers each SG to create a Phase 2 SA.
What is the interoperable way to solve this race? I trolled through
the list archives but didn't see anything relevant. Possibilities are:
1. Deal with it. Two QM exchanges occur where both SG's are temporarily
both Phase 2 initiator and responder. (This could be tough because that
state is part of the parent Phase 1 SA).
2. Both SG's abort the QM exchange, backoff, and retry later.
3. One SG aborts and becomes responder. How do you know which should
abort? The SG with the lowest IP address?
I'm sure there are other options too. Any opinions are welcome...
Thanks,
Ben McCann
--
Ben McCann Indus River Networks
31 Nagog Park
Acton, MA, 01720
email: bmccann@indusriver.com web: www.indusriver.com
phone: (978) 266-8140 fax: (978) 266-8111
- Re: Racing QM Initiator's Radha Gowda
- Re: Racing QM Initiator's Ben McCann
- Re: Racing QM Initiator's Will Price
- Racing QM Initiator's Ben McCann
- Re: Racing QM Initiator's Radha Gowda
- Re: Racing QM Initiator's Radha Gowda
- Re: Racing QM Initiator's Dan Harkins
- Re: Racing QM Initiator's Scott G. Kelly
- Re: Racing QM Initiator's Kanta Matsuura
- RE: Racing QM Initiator's Sankar Ramamoorthi
- Re: Racing QM Initiator's Dan Harkins
- Re: Racing QM Initiator's Valery Smyslov
- Re: Racing QM Initiator's Radha Gowda
- Re: Racing QM Initiator's Jan Vilhuber
- Re: Racing QM Initiator's Jan Vilhuber
- Re: Racing QM Initiator's Shawn Mamros
- Re: Racing QM Initiator's Vipul Gupta
- Re: Racing QM Initiator's Scott G. Kelly
- Re: Racing QM Initiator's Scott G. Kelly
- RE: Racing QM Initiator's Sankar Ramamoorthi
- RE: Racing QM Initiator's Andrew Krywaniuk
- Re: Racing QM Initiator's Valery Smyslov
- Re: Racing QM Initiator's Valery Smyslov
- Re: Racing QM Initiator's Markku Savela
- Re: Racing QM Initiator's Scott G. Kelly
- Re: Racing QM Initiator's Paul Koning