Since SKIP protocol does no employ
a session
negotiation phase, the effect you
mentioned should
be considered as normal behavior
unless special
logic is built into the product
itself (note I did not say 'the Protocol').
When you change some server IP
address, a 'remote' SKIP
ACL entry might became stalled.
If a remote SKIP ACL entry was of
a 'Network' type and
just changed address fits into it's old subnet - you should not be
in trouble.
If a remote ACL entry was exact IP address match - you must change
remote ACL to point on the new
IP.
If a remote ACL entry was for so
called nomadic host - you should
just reload this entry to clear
internal cache or wait until the
cache entry is expired.
Other words, in worse case you
will have to correct configurations
on all machines used to talk SKIP
with one with changed local IP address.
--Alexei
-----Original Message-----
From: Ron Beck <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: 3 îêòÿáðÿ 1998 ã. 4:14
Subject: Does changing the localhost IP break SKIP?I've got 16 servers worldwide running SKIP on Solaris 2.5.1 Last week one of the system "caretakers" overseas changed the IP address for two of the servers. Now the other 14 can't connect unless I delete the each machine's entry in the acl.hme0 file using skiptool. The two servers whose IPs changed can still talk encrypted to each other both over the front side network (WAN) and the 5 foot patch cable that makes the backside network for NFS. I've snooped the front side network to determine if any of the routers were blocking port 57, and they aren't. There is no connectivity problems between these machines and the comm path is allowing all necessary packets to pass through. The question is: Does changing the IP address of the local host affect the machines ability to encrypt between hosts? I don't think that's the problem since the two machines are encrypting between themselves, but I have no other idea what it could be.
