IPsec Dead Peer Discovery Mechanism
IPsec provides a mechanism for a peer to send a delete notification payload via IKE to its peers when it is disconnecting an IPsec SA. However, in many cases this notification payload never gets sent, either because the peer gets disconnected too abruptly (a system crash) or due to network issues (someone pulls a laptop's Ethernet cable). In these cases, it is important to have a dead peer discovery mechanism that can allow for the discovery of such peers so that data loss does not occur when a peer sends packets to a peer that is no longer alive. (In effect, an IPsec peer can keep sending traffic to a dead peer for extended periods of time.) This mechanism is implemented using a technique called Dead Peer ...
Get Network Security Principles and Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
