[IPsec] I-D Action: draft-ietf-ipsecme-multi-sa-performance-06.txt
internet-drafts@ietf.org Wed, 20 March 2024 05:37 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D30DCC1D4CEC; Tue, 19 Mar 2024 22:37:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: ipsec@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.8.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: ipsec@ietf.org
Message-ID: <171091306184.62468.8238648000450590176@ietfa.amsl.com>
Date: Tue, 19 Mar 2024 22:37:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/5tyHrJqNk2i_1kSQuGiAbfqlE-8>
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-multi-sa-performance-06.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 05:37:41 -0000
Internet-Draft draft-ietf-ipsecme-multi-sa-performance-06.txt is now
available. It is a work item of the IP Security Maintenance and Extensions
(IPSECME) WG of the IETF.
Title: IKEv2 support for per-resource Child SAs
Authors: Antony Antony
Tobias Brunner
Steffen Klassert
Paul Wouters
Name: draft-ietf-ipsecme-multi-sa-performance-06.txt
Pages: 13
Dates: 2024-03-19
Abstract:
This document defines two Notify Message Type Payloads for the
Internet Key Exchange Protocol Version 2 (IKEv2) to support the
negotiation of multiple Child SAs with the same Traffic Selectors
used on different resources, such as CPUs, to increase bandwidth of
IPsec traffic between peers.
The SA_RESOURCE_INFO notification is used to convey information that
the negotiated Child SA and subsequent new Child SAs with the same
Traffic Selectors are a logical group of Child SAs where most or all
of the Child SAs are bound to a specific resource, such as a specific
CPU. The TS_MAX_QUEUE notify conveys that the peer is unwilling to
create more additional Child SAs for this particular negotiated
Traffic Selector combination.
Using multiple Child SAs with the same Traffic Selectors has the
benefit that each resource holding the Child SA has its own Sequence
Number Counter, ensuring that CPUs don't have to synchronize their
cryptographic state or disable their packet replay protection.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-multi-sa-performance/
There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-multi-sa-performance-06
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-multi-sa-performance-06
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
- [IPsec] I-D Action: draft-ietf-ipsecme-multi-sa-p… internet-drafts