IETF Logo Mail Archive

[IPsec] Proposed work item: IKE/IPsec high availability and load sharing

Yaron Sheffer <yaronf@checkpoint.com> Sun, 29 November 2009 17:40 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 468483A697F for <ipsec@core3.amsl.com>; Sun, 29 Nov 2009 09:40:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.541
X-Spam-Level:
X-Spam-Status: No, score=-3.541 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGfQp6LrkVFX for <ipsec@core3.amsl.com>; Sun, 29 Nov 2009 09:40:42 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 30B6E3A67F3 for <ipsec@ietf.org>; Sun, 29 Nov 2009 09:40:41 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nATHMbGr025794 for <ipsec@ietf.org>; Sun, 29 Nov 2009 19:22:38 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 29 Nov 2009 19:22:43 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Sun, 29 Nov 2009 19:19:14 +0200
Thread-Topic: Proposed work item: IKE/IPsec high availability and load sharing
Thread-Index: AcpxFU/ljJSUH80YTuKL0trw0IS+Ag==
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04F1@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04F1ilex01adche_"
MIME-Version: 1.0
Subject: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2009 17:40:45 -0000

This work item will define the problem statement and requirements for a solution that allows interoperable HA/LS device groups. Mixed-vendor clusters are specifically out of scope; but single-vendor clusters should be fully interoperable with other vendors' devices or clusters. The main challenge is to overcome the strict use of sequence numbers in both IPsec and IKE, in HA and LS scenarios. Following the Hiroshima discussion, the WI is initially focused on defining the problem, rather than a particular solution.



Proposed starting point: http://tools.ietf.org/id/draft-nir-ipsecme-ipsecha-00.txt.



Please reply to the list:



- If this proposal is accepted as a WG work item, are you committing to review multiple versions of the draft?

- Are you willing to contribute text to the draft?

- Would you like to co-author it?



Please also reply to the list if:



- You believe this is NOT a reasonable activity for the WG to spend time on.



If this is the case, please explain your position. Do not explore the fine technical details (which will change anyway, once the WG gets hold of the draft); instead explain why this is uninteresting for the WG or for the industry at large. Also, please mark the title clearly (e.g. "DES40-export in IPsec - NO!").

v2.23.0 | Report a Bug | By Email