I-D Action: draft-mglt-ipsecme-clone-ike-sa-04.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)
        Authors         : Daniel Migault
                          Valery Smyslov
	Filename        : draft-mglt-ipsecme-clone-ike-sa-04.txt
	Pages           : 14
	Date            : 2015-03-04

Abstract:
   This document considers a VPN End User establishing an IPsec SA with
   a Security Gateway using the Internet Key Exchange Protocol Version 2
   (IKEv2), where at least one of the peers has multiple interfaces or
   where Security Gateway is a cluster with each node having its own IP
   address.

   With the current IKEv2 protocol, the outer IP addresses of the IPsec
   SA are determined by those used by IKE SA.  As a result using
   multiple interfaces requires to set up an IKE SA on each interface,
   or on each path if both the VPN Client and the Security Gateway have
   multiple interfaces.  Setting each IKE SA involves authentications
   which might require multiple round trips as well as activity from the
   VPN End User and thus would delay the VPN establishment.  In addition
   multiple authentications unnecessarily increase the load on the VPN
   client and the authentication infrastructure.

   This document presents the solution that allows to clone IKEv2 SA,
   where an additional SA is derived from an existing one.  The newly
   created IKE SA is set without the IKEv2 authentication exchange.
   This IKE SA can later be assigned to another interface or moved to
   another cluster mode using MOBIKE protocol.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-mglt-ipsecme-clone-ike-sa-04

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-mglt-ipsecme-clone-ike-sa-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt




[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux