Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03
Jean-Michel Combes <jeanmichel.combes@gmail.com> Thu, 27 May 2010 10:32 UTC
Return-Path: <jeanmichel.combes@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 804983A689D for <ipsec@core3.amsl.com>; Thu, 27 May 2010 03:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.392
X-Spam-Level:
X-Spam-Status: No, score=-1.392 tagged_above=-999 required=5 tests=[AWL=1.207, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2XrnOjnKW5Gi for <ipsec@core3.amsl.com>; Thu, 27 May 2010 03:32:12 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id D6D6F3A6870 for <ipsec@ietf.org>; Thu, 27 May 2010 03:32:11 -0700 (PDT)
Received: by wye20 with SMTP id 20so455919wye.31 for <ipsec@ietf.org>; Thu, 27 May 2010 03:31:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=V7oUNnxPC9Xj5/oYB+0oglVdLf2EGPVdxihSykvwtGQ=; b=YyWnqAuWZ2j51H8YjZ3Jo8R3TN7270EbzAIoL6E0bEhOc5mD8jrsjFDdvxgDVPoC/t snQ8RLCpfVXqgSpRlAhJeeXy/bEETLQgjgmWIuODtPvoZeRR4RLpOTYEOh3fuSzxynju I7jZNP5lHZcIV+7ZpeUV3smGKgGeMiqE4dlyY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=xE+JjQN1mMnf/bG5SuWhTR8c+bYcKl83DqcSsTS5kNzwDxL69frSMvEzovo7et4qVb KvJGqcCMp/XT1cCSmMUmoRHHGPArpTr2VlRjUaIMjmlDkYZWLufH/wb4wBZ2sBldWEO4 V76bxMwNk+WHHbvXNJh4iXaRimC6oSMuNW4og=
MIME-Version: 1.0
Received: by 10.227.145.84 with SMTP id c20mr9806759wbv.223.1274956317739; Thu, 27 May 2010 03:31:57 -0700 (PDT)
Received: by 10.216.161.72 with HTTP; Thu, 27 May 2010 03:31:57 -0700 (PDT)
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133FB48F1B5B14@il-ex01.ad.checkpoint.com>
References: <4BEFEAE6.2060700@gmail.com> <4BFC1384.2030905@gmail.com> <AANLkTikiJZgUdIoM7N-34hfX8dxk6SCaJ_Sczsacknq9@mail.gmail.com> <006FEB08D9C6444AB014105C9AEB133FB48F1B5B14@il-ex01.ad.checkpoint.com>
Date: Thu, 27 May 2010 12:31:57 +0200
Message-ID: <AANLkTimycMT_O62RQND6Y5xjCFOzqqclUcLFp-HXOHJQ@mail.gmail.com>
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: IPsecme WG <ipsec@ietf.org>
Subject: Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2010 10:32:13 -0000
Hi Yoav, 2010/5/27 Yoav Nir <ynir@checkpoint.com>: > 1. I didn't want to make ha-03 dependent on bis, but since bis is now approved, we may as well do it. OK. > > 2. OK > > 3. It should be out of scope, because this is internal to the cluster. We are not going to require a peer to accept having two SAs with the same SPIs with the same peer, so it's up to the members to prevent this using their own out-of-scope method. It is possible to mention this and then say that it's out of scope, if people think this is necessary. OK. Thx. Best regards. JMC. > > Yoav > > -----Original Message----- > From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of Jean-Michel Combes > Sent: Wednesday, May 26, 2010 4:22 PM > To: Yaron Sheffer > Cc: IPsecme WG > Subject: Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03 > > Hi, > > please, find my review of this document: > > 1. Introduction > > IKEv2, as described in [RFC4306] and [RFC4718], and IPsec, as > described in [RFC4301] and others, allows deployment of VPNs between > different sites as well as from VPN clients to protected networks. > > <JMC> > Instead of mentioning [RFC4306) and [RFC4718], maybe replace with > [draft-ietf-ipsecme-ikev2bis]? > <JMC> > > [snip] > > 2. Terminology > > [snip] > > "Failover" is the event where a one member takes over some load from > some other member. In a hot standby cluster, this hapens when a > standby memeber becomes active due to a failure of the former active > > <JMC> > s/memeber/member > <JMC> > > [snip] > > 3. The Problem Statement > > <JMC> > I didn't see anything about potential collisions (e.g. SPI for a > specific SA on a member of the cluster is already used on another > member) during a failover: is such an issue out of scope? > <JMC> > > Thanks in advance for your reply. > > Best regards. > > JMC. > > > 2010/5/25 Yaron Sheffer <yaronf.ietf@gmail.com>: >> With 5 more days to go, this is a quick reminder to review the problem >> statement draft so we can move it along, and get to the juicy protocol >> stuff. >> >> This time around, we will take silence as agreement. >> >> Thanks, >> Yaron >> >> On 05/16/2010 03:53 PM, Yaron Sheffer wrote: >>> >>> This is to begin a 2 week working group last call for >>> draft-ietf-ipsecme-ipsec-ha-03 >>> (http://tools.ietf.org/html/draft-ietf-ipsecme-ipsec-ha-03). The target >>> status for this document is Informational. >>> >>> Please send your comments to the ipsec list by May 30, 2010, as >>> follow-ups to this message. >>> >>> Brief comments of the form: "I have read this draft and it looks fine" >>> are also welcome. >>> >>> Quick heads up: this is a requirements definition draft. Once we have >>> determined consensus around it, we would like to move forward with >>> solutions. Individual solution drafts are welcome as usual, but we would >>> like to establish at some point a design team to hash out a common >>> solution document. Let us know by private mail if you're interested. >>> >>> Thanks, >>> Yaron >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > > Scanned by Check Point Total Security Gateway. >
- [IPsec] Working Group LC: draft-ietf-ipsecme-ipse… Yaron Sheffer
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Yaron Sheffer
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Jean-Michel Combes
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Yoav Nir
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Yoav Nir
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Jean-Michel Combes
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Jean-Michel Combes
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Stephen Kent
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Yoav Nir
- Re: [IPsec] Working Group LC: draft-ietf-ipsecme-… Paul Hoffman