[IPsec] Fwd: I-D Action:draft-kagarigi-ipsecme-ikev2-windowsync-04.txt
Paul Hoffman <paul.hoffman@vpnc.org> Fri, 30 July 2010 09:08 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B51F528C2BA for <ipsec@core3.amsl.com>; Fri, 30 Jul 2010 02:08:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.823
X-Spam-Level:
X-Spam-Status: No, score=-0.823 tagged_above=-999 required=5 tests=[AWL=1.223, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JM0suEmrB4IG for <ipsec@core3.amsl.com>; Fri, 30 Jul 2010 02:08:52 -0700 (PDT)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id D634728C2BC for <ipsec@ietf.org>; Fri, 30 Jul 2010 02:08:52 -0700 (PDT)
Received: from [130.129.98.251] (dhcp-62fb.meeting.ietf.org [130.129.98.251]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o6U99EXY093798 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Fri, 30 Jul 2010 02:09:16 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240807c87846f07054@[130.129.98.251]>
Date: Fri, 30 Jul 2010 11:09:12 +0200
To: IPsecme WG <ipsec@ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: [IPsec] Fwd: I-D Action:draft-kagarigi-ipsecme-ikev2-windowsync-04.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2010 09:08:53 -0000
This is the same draft as was temporarily published on the WG's wiki. Everyone should be reading this and discussing it on the list. --Paul Hoffman >A New Internet-Draft is available from the on-line Internet-Drafts directories. > > Title : IKEv2/IPsec SA counter synchronization > Author(s) : K. Garigipati > Filename : draft-kagarigi-ipsecme-ikev2-windowsync-04.txt > Pages : 14 > Date : 2010-07-29 > >IKEv2 and IPsec protocols are widely used for deploying VPN. In >order to make such VPN highly available and failure-prone, these VPNs >are implemented as IKEv2/IPsec Highly Available (HA) cluster. But >there are many issues in IKEv2/IPsec HA cluster. The draft "IPsec >Cluster Problem Statement" enumerates all the issues encountered in >IKEv2/IPsec HA cluster environment. > >This draft proposes an extension to IKEv2 protocol to solve main >issues of "IPsec Cluster Problem Statement" in Hot Standby cluster >and gives implementation advice for others. The main issues to be >solved are: >o IKE Message Id synchronization : This is done by obtaining the > >message Id values from the peer and updating the values at the > >newly active cluster member after the failover. >o IPsec SA Counter synchronization : This is done by sending > >incremented the values of replay counters by the newly active > >cluster member to the peer as expected replay counter value. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-kagarigi-ipsecme-ikev2-windowsync-04.txt
- [IPsec] Fwd: I-D Action:draft-kagarigi-ipsecme-ik… Paul Hoffman