[AusNOG] IPSEC time skew renegotiate?
Jake Anderson
yahoo at vapourforge.com
Tue Jan 7 00:03:38 EST 2014
Some applications don't handle a negative time increments well, its not
intuitive to think and then handle time going backwards.
IE they may say use an unsigned int to hold the last time
uint_elapsed_time = current_time - uint_start_time
becomes hinkey when last time is > current time, it'll either error out
or wrap and give you an elapsed time that's really huge.
On 06/01/14 21:28, Geordie Guy wrote:
>
> It's always negative. Is that a thing? May need to read up more...
>
> On 06/01/2014 8:17 PM, "Jake Anderson" <yahoo at vapourforge.com
> <mailto:yahoo at vapourforge.com>> wrote:
>
> Is the time adjustment perhaps negative and its causing something
> to flip out thinking its waited longer than the life of the
> universe for the next key?
>
> On 06/01/14 14:09, Geordie Guy wrote:
>> G'day NOGgers,
>>
>> We have an IPSEC peer that keeps dropping the tunnel and
>> renegotiating. The only events in the logs on their side that
>> look like they could be related are a fairly constant NTP update
>> which is causing their Netscreen to adjust by between 3 and 13
>> milliseconds every ten minutes. Would this cause the tunnel to
>> renegotiate when the clock changed? It seems to happen on the
>> half hour every half hour, or every three NTP updates.
>>
>> - Geordie
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140107/14df53b2/attachment-0001.html>
More information about the AusNOG
mailing list