Re: [IPsec] Updated version of RFC5996bis

[Yoav Nir <ynir@checkpoint.com>]

On Oct 17, 2013, at 5:13 PM, Paul Wouters <paul@cypherpunks.ca> wrote:
> While updating the retransmit timers in libreswan, I found no useful
> information in 5996. Is that something we could add? I know it is
> local policy but perhaps it would be good to add some guidance for
> implementors. Do people use sub-second retries? exponential backoff?
> How do people deal with slow wakeup stacks (eg 3G) and preventing of
> firsts of duplicate first packets?

I agree with Yaron. The only guidance is "at least 12 retransmission over at least two minutes"

RTT varies wildly on the Internet. I've just tried pinging www.ietf.org, and got this:
--- www.ietf.org ping statistics ---
29 packets transmitted, 28 packets received, 3.4% packet loss
round-trip min/avg/max/stddev = 275.850/542.648/1665.121/321.721 ms

To be sure, I'm using a laptop connected to a smartphone hotspot, connected to a 3G cellular network from a moving train half-way around the world. But still, sub-second retries would have you send unnecessary retransmissions, and packet loss is pretty low. 

My own policy is 1 second between first and second transmissions, and the wait time is multiplied by sqrt(2) for each additional transmission, so the 12th transmission is 107 seconds after the first. Close enough, sort of.

While it's possible to add a paragraph giving such a policy as an example, I don't see why we should even imply that this is a requirement.

Yoav