Re: [IPsec] Simultaneous Child SA Creation tigger from both the side.
Yoav Nir <ynir.ietf@gmail.com> Sun, 04 May 2014 07:18 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7496B1A015F for <ipsec@ietfa.amsl.com>; Sun, 4 May 2014 00:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFvImL8W5S58 for <ipsec@ietfa.amsl.com>; Sun, 4 May 2014 00:18:52 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) by ietfa.amsl.com (Postfix) with ESMTP id 1ACC31A00F9 for <ipsec@ietf.org>; Sun, 4 May 2014 00:18:51 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id l18so5214951wgh.11 for <ipsec@ietf.org>; Sun, 04 May 2014 00:18:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=g5baj2hi5S9J5vbFw/mAOgKEKcVAzTtzpzmUwHWPWQo=; b=xyP7vCRawzGIai9q3Pq3ctfuQpZ31vzQDeN0nukNtsBVvZY0MiF8nBVhs3fxg99oOa oQuwolgBsnFSUlXbBivXP4Izvu7ecBGv0jDbFpfuBbRjFiFxN0AqOY180G/uv6a6z8GF 9MGrhapnZ3BtHbVWhGE0NEAzuEaWw4EZ89KrRZsWe95U+B9aeDDZODJBUTucIbaup2pF 3939sCdKbZpA176iODiaScz8W/S34bH1EiUrHg6HpA8DGFOHhkL+z25H+p+D6vfPAWdV gWLFVAX6/AibJmbjq9pz/nMpCtUBmBCYr7oxqWLLZ1J1b4MZPeiIHbpN3cvLXPv61Y6E hqOA==
X-Received: by 10.180.82.7 with SMTP id e7mr10578766wiy.6.1399187928650; Sun, 04 May 2014 00:18:48 -0700 (PDT)
Received: from [172.24.249.242] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id h19sm9015308wiw.17.2014.05.04.00.18.47 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 04 May 2014 00:18:48 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <335B84BDA2818C428E63D9B0ADE6863545AF7228@szxeml561-mbx.china.huawei.com>
Date: Sun, 04 May 2014 10:18:46 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE8FB8A9-23C6-4828-9129-2B70542F96ED@gmail.com>
References: <mailman.101.1398884441.30377.ipsec@ietf.org> <335B84BDA2818C428E63D9B0ADE6863545AF7228@szxeml561-mbx.china.huawei.com>
To: Syed Ajim Hussain <syedah@huawei.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/32on78gEQR_gvkKQFl8TrIm632E
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Simultaneous Child SA Creation tigger from both the side.
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 May 2014 07:18:54 -0000
Hi The reason that we don’t have any mention of simultaneous SA creation is that this issue has not come up in practice. When two IPsec hosts don’t have an SA for a particular flow (because said flow hasn’t had traffic in a while), it’s highly unlikely that bidirectional traffic on this flow will begin simultaneously, or at least before the 1-2 roundtrips it takes to set up a child SA. On the other hand, when SA lifetimes are set and traffic is continuous, it’s very likely that two such implementations will begin a rekeying at the same time. So what would happen? Both implementations get a CreateChildSA request (or an IKE_AUTH request) after each has sent out its own request. I guess we could specify it the same way as in section 2.8.1, but doing this would be a problem because this is not specified and other implementations are likely not to do it. Sorry I don’t have a better answer for you. Yoav On May 2, 2014, at 3:27 PM, Syed Ajim Hussain <syedah@huawei.com> wrote: > Hi All. > > Host A --------------Host B > > Assume Host-A & Host-B want to established IPSEC Tunnel, First they established one IKE SA and one IPSEC SA (Child SA). > > After that due to addition of a new IPSEC Policy(SPD), Both the sides triggered one more Child SA creation. > > This Child SA creation hit simultaneous Child SA Creation condition. Since both the side triggered for Child SA > Creation for one Configured SPD (Traffic Flow). > > In RFC 5996 , there is no point mention about simultaneous exchange during Child SA create, it only mention Simultaneous > Handling during Child SA Rekey. > > What should be the behavior in case of Simultaneous Child SA Creation, if implementation maintain one Child SA per one Traffic Flow (SPD). > > Does Simultaneous Child SA Rekeying - method also applicable in case of Child SA Creation (not Rekey). > > > 2.8.1. Simultaneous Child SA Rekeying > > If the two ends have the same lifetime policies, it is possible that > both will initiate a rekeying at the same time (which will result in > redundant SAs). To reduce the probability of this happening, the > timing of rekeying requests SHOULD be jittered (delayed by a random > amount of time after the need for rekeying is noticed). > > > > > Kaufman, et al. Standards Track [Page 36] > > RFC 5996 IKEv2bis September 2010 > > > This form of rekeying may temporarily result in multiple similar SAs > between the same pairs of nodes. When there are two SAs eligible to > receive packets, a node MUST accept incoming packets through either > SA. If redundant SAs are created though such a collision, the SA > created with the lowest of the four nonces used in the two exchanges > SHOULD be closed by the endpoint that created it. "Lowest" means an > octet-by-octet comparison (instead of, for instance, comparing the > nonces as large integers). In other words, start by comparing the > first octet; if they're equal, move to the next octet, and so on. If > you reach the end of one nonce, that nonce is the lower one. The > node that initiated the surviving rekeyed SA should delete the > replaced SA after the new one is established. > > The following is an explanation on the impact this has on > implementations. Assume that hosts A and B have an existing Child SA > pair with SPIs (SPIa1,SPIb1), and both start rekeying it at the same > time: > > Host A Host B > ------------------------------------------------------------------- > send req1: N(REKEY_SA,SPIa1), > SA(..,SPIa2,..),Ni1,.. --> > <-- send req2: N(REKEY_SA,SPIb1), > SA(..,SPIb2,..),Ni2 > recv req2 <-- > > At this point, A knows there is a simultaneous rekeying happening. > However, it cannot yet know which of the exchanges will have the > lowest nonce, so it will just note the situation and respond as > usual. > > send resp2: SA(..,SPIa3,..), > Nr1,.. --> > --> recv req1 > > Now B also knows that simultaneous rekeying is going on. It responds > as usual. > > <-- send resp1: SA(..,SPIb3,..), > Nr2,.. > recv resp1 <-- > --> recv resp2 > > At this point, there are three Child SA pairs between A and B (the > old one and two new ones). A and B can now compare the nonces. > Suppose that the lowest nonce was Nr1 in message resp2; in this case, > B (the sender of req2) deletes the redundant new SA, and A (the node > that initiated the surviving rekeyed SA), deletes the old one. > > > > Kaufman, et al. Standards Track [Page 37] > > RFC 5996 IKEv2bis September 2010 > > > send req3: D(SPIa1) --> > <-- send req4: D(SPIb2) > --> recv req3 > <-- send resp3: D(SPIb1) > recv req4 <-- > send resp4: D(SPIa3) --> > > The rekeying is now finished. > > However, there is a second possible sequence of events that can > happen if some packets are lost in the network, resulting in > retransmissions. The rekeying begins as usual, but A's first packet > (req1) is lost. > > Host A Host B > ------------------------------------------------------------------- > send req1: N(REKEY_SA,SPIa1), > SA(..,SPIa2,..), > Ni1,.. --> (lost) > <-- send req2: N(REKEY_SA,SPIb1), > SA(..,SPIb2,..),Ni2 > recv req2 <-- > send resp2: SA(..,SPIa3,..), > Nr1,.. --> > --> recv resp2 > <-- send req3: D(SPIb1) > recv req3 <-- > send resp3: D(SPIa1) --> > --> recv resp3 > > From B's point of view, the rekeying is now completed, and since it > has not yet received A's req1, it does not even know that there was > simultaneous rekeying. However, A will continue retransmitting the > message, and eventually it will reach B. > > resend req1 --> > --> recv req1 > > To B, it looks like A is trying to rekey an SA that no longer exists; > thus, B responds to the request with something non-fatal such as > CHILD_SA_NOT_FOUND. > > <-- send resp1: N(CHILD_SA_NOT_FOUND) > recv resp1 <-- > > When A receives this error, it already knows there was simultaneous > rekeying, so it can ignore the error message > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Simultaneous Child SA Creation tigger fro… Syed Ajim Hussain
- Re: [IPsec] Simultaneous Child SA Creation tigger… Yoav Nir
- Re: [IPsec] Simultaneous Child SA Creation tigger… Syed Ajim Hussain
- Re: [IPsec] Simultaneous Child SA Creation tigger… Valery Smyslov
- Re: [IPsec] Simultaneous Child SA Creation tigger… Paul Wouters
- Re: [IPsec] Simultaneous Child SA Creation tigger… Nico Williams
- Re: [IPsec] Simultaneous Child SA Creation tigger… Nico Williams
- Re: [IPsec] Simultaneous Child SA Creation tigger… Yoav Nir
- Re: [IPsec] Simultaneous Child SA Creation tigger… Praveen Sathyanarayan
- Re: [IPsec] Simultaneous Child SA Creation tigger… Tero Kivinen