Re: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing
Scott C Moonen <smoonen@us.ibm.com> Thu, 03 December 2009 01:42 UTC
Return-Path: <smoonen@us.ibm.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA9853A6358; Wed, 2 Dec 2009 17:42:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.023
X-Spam-Level:
X-Spam-Status: No, score=-6.023 tagged_above=-999 required=5 tests=[AWL=0.575, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWcZcSVbJhne; Wed, 2 Dec 2009 17:42:55 -0800 (PST)
Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by core3.amsl.com (Postfix) with ESMTP id C66083A69A0; Wed, 2 Dec 2009 17:42:55 -0800 (PST)
Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e31.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id nB31ZON8005727; Wed, 2 Dec 2009 18:35:24 -0700
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id nB31ghAC144206; Wed, 2 Dec 2009 18:42:43 -0700
Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id nB31geQ4018712; Wed, 2 Dec 2009 18:42:40 -0700
Received: from d03nm118.boulder.ibm.com (d03nm118.boulder.ibm.com [9.17.195.144]) by d03av01.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id nB31gerI018709; Wed, 2 Dec 2009 18:42:40 -0700
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04F1@il-ex01.ad.checkpoint.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04F1@il-ex01.ad.checkpoint.com>
To: Yaron Sheffer <yaronf@checkpoint.com>
MIME-Version: 1.0
X-KeepSent: A5154CD1:BBD49654-85257681:0008C726; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
From: Scott C Moonen <smoonen@us.ibm.com>
X-MIMETrack: S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 12/02/2009 08:36:03 PM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 12/02/2009 08:36:03 PM, Serialize complete at 12/02/2009 08:36:03 PM, S/MIME Sign failed at 12/02/2009 08:36:03 PM: The cryptographic key was not found, Serialize by Router on D03NM118/03/M/IBM(Release 8.5.1HF41 | October 22, 2009) at 12/02/2009 18:42:39, Serialize complete at 12/02/2009 18:42:39
Message-ID: <OFA5154CD1.BBD49654-ON85257681.0008C726-85257681.00096624@us.ibm.com>
Date: Wed, 02 Dec 2009 20:42:38 -0500
Content-Type: multipart/alternative; boundary="=_alternative 0008CB8785257681_="
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, ipsec-bounces@ietf.org
Subject: Re: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2009 01:42:56 -0000
If this proposal is accepted, I commit to review it. Scott Moonen (smoonen@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Yaron Sheffer <yaronf@checkpoint.com> To: "ipsec@ietf.org" <ipsec@ietf.org> Date: 11/29/2009 12:41 PM Subject: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing This work item will define the problem statement and requirements for a solution that allows interoperable HA/LS device groups. Mixed-vendor clusters are specifically out of scope; but single-vendor clusters should be fully interoperable with other vendors’ devices or clusters. The main challenge is to overcome the strict use of sequence numbers in both IPsec and IKE, in HA and LS scenarios. Following the Hiroshima discussion, the WI is initially focused on defining the problem, rather than a particular solution. Proposed starting point: http://tools.ietf.org/id/draft-nir-ipsecme-ipsecha-00.txt. Please reply to the list: - If this proposal is accepted as a WG work item, are you committing to review multiple versions of the draft? - Are you willing to contribute text to the draft? - Would you like to co-author it? Please also reply to the list if: - You believe this is NOT a reasonable activity for the WG to spend time on. If this is the case, please explain your position. Do not explore the fine technical details (which will change anyway, once the WG gets hold of the draft); instead explain why this is uninteresting for the WG or for the industry at large. Also, please mark the title clearly (e.g. "DES40-export in IPsec - NO!")._______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Proposed work item: IKE/IPsec high availa… Yaron Sheffer
- Re: [IPsec] Proposed work item: IKE/IPsec high av… Scott C Moonen
- Re: [IPsec] Proposed work item: IKE/IPsec high av… Michael Richardson
- Re: [IPsec] Proposed work item: IKE/IPsec high av… Daniel Migault
- Re: [IPsec] Proposed work item: IKE/IPsec high av… Jean-Michel Combes
- Re: [IPsec] Proposed work item: IKE/IPsec high av… V Jyothi-B22245
- Re: [IPsec] Proposed work item: IKE/IPsec high av… Murthy N Srinivas-B22237