I-D Action:draft-kagarigi-ipsecme-ikev2-windowsync-04.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : IKEv2/IPsec SA counter synchronization
	Author(s)       : K. Garigipati
	Filename        : draft-kagarigi-ipsecme-ikev2-windowsync-04.txt
	Pages           : 14
	Date            : 2010-07-29

IKEv2 and IPsec protocols are widely used for deploying VPN.  In
order to make such VPN highly available and failure-prone, these VPNs
are implemented as IKEv2/IPsec Highly Available (HA) cluster.  But
there are many issues in IKEv2/IPsec HA cluster.  The draft "IPsec
Cluster Problem Statement" enumerates all the issues encountered in
IKEv2/IPsec HA cluster environment.

This draft proposes an extension to IKEv2 protocol to solve main
issues of "IPsec Cluster Problem Statement" in Hot Standby cluster
and gives implementation advice for others.  The main issues to be
solved are:
o  IKE Message Id synchronization : This is done by obtaining the

message Id values from the peer and updating the values at the

newly active cluster member after the failover.
o  IPsec SA Counter synchronization : This is done by sending

incremented the values of replay counters by the newly active

cluster member to the peer as expected replay counter value.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-kagarigi-ipsecme-ikev2-windowsync-04.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-kagarigi-ipsecme-ikev2-windowsync-04.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux