Re: [IPsec] HA design team started
Raj Singh <rsjenwar@gmail.com> Sun, 11 July 2010 11:09 UTC
Return-Path: <rsjenwar@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 386F33A68E9 for <ipsec@core3.amsl.com>; Sun, 11 Jul 2010 04:09:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yVbvdXzK6fNO for <ipsec@core3.amsl.com>; Sun, 11 Jul 2010 04:09:42 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id E8D5C3A6897 for <ipsec@ietf.org>; Sun, 11 Jul 2010 04:09:41 -0700 (PDT)
Received: by qyk2 with SMTP id 2so4051026qyk.10 for <ipsec@ietf.org>; Sun, 11 Jul 2010 04:09:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=bu33lF3MBSmDo5QZwGWjvmz0blwkoepYAnGSdM04CBU=; b=gRG7KGvdOoBpaRE2WMwSdz5HIjtwcCCIBP3fEMI8g4Z4eE2KvoIOASglbTBQJnPxKS +m8UoAduXdXKuOqA46wsRoZALmVfH8q2H4fqYhdW8bxC0fMUUUhlCvouSkEHsA+XeVnO BtbM4L/nsLOXtfD33Bh5gXQyupMExDBLBkG0o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=XXSOARwiGxlaFXgJ1SIH2S0e0Wud24y36vloFBIxj5j3LJasvqNM8bxipXzbicTKLG Ric94k9uzdPt6IvOKJtEtGZ0ZolPuvDlBLOS+TxkllZkqXWuybITTZZRc0gusVL/cMDH DR0IvUFy0nT66HicziD8aIKRUu8mmzvBkMx/E=
MIME-Version: 1.0
Received: by 10.224.40.137 with SMTP id k9mr6914414qae.388.1278846585792; Sun, 11 Jul 2010 04:09:45 -0700 (PDT)
Received: by 10.229.91.144 with HTTP; Sun, 11 Jul 2010 04:09:45 -0700 (PDT)
In-Reply-To: <4C1B1185.9090800@gmail.com>
References: <4C1B1185.9090800@gmail.com>
Date: Sun, 11 Jul 2010 16:39:45 +0530
Message-ID: <AANLkTinZ6ur6h3pYaCbtem4wXMcQrRy1tm_TL7VbA8_5@mail.gmail.com>
From: Raj Singh <rsjenwar@gmail.com>
To: IPsecme WG <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="000feaf109ab77ea49048b1aaccd"
Subject: Re: [IPsec] HA design team started
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jul 2010 11:09:43 -0000
Hi Group, We would like to present the HA design team's output for IPsec Cluster Solution Draft before Maastricht meeting as http://tools.ietf.org/id/draft-kagarigi-ipsecme-ikev2-windowsync-03.txt This draft solves the main issues of IPsec Cluster Problem Statement draft using a simple IKEv2 protocol extension, and provides implementation advice for other issues. I sincerely thanks all the team members of HA Design Team for attending all internal meetings and giving their valuable inputs and doing reviews. My special thanks to Yaron and Yoav for their expert inputs and comments. I would also like to thanks Paul for providing TeamSpeak server for conducting internal design team meetings. The team started with these draft as inputs. 1. http://tools.ietf.org/html/draft-kagarigi-ipsecme-ikev2-windowsync-00 - G. Kalyani 2. http://www.ietf.org/id/draft-arora-ipsecme-ikev2-alt-tunnel-addresses-00.txtJ. Arora 3. http://www.ietf.org/id/draft-ietf-ipsecme-ipsec-ha-09.txt - Y. Nir - As Input The current draft is based on [1], then it got enhanced and extended with all team's contribution. The problem and solution presented in [2], is more towards load balancing than HA cluster. Also this problem can be solved using IKEv2 REDIRECT mechanism. Also, this solution requires IKEv2 protocol change. So, this is deferred for now. I request the IPsecME group members to review and give comments on http://tools.ietf.org/id/draft-kagarigi-ipsecme-ikev2-windowsync-03.txt, so that we can discuss this draft with more details in Maastricht meeting. Regards, Raj Singh On Fri, Jun 18, 2010 at 11:56 AM, Yaron Sheffer <yaronf.ietf@gmail.com>wrote: > Hi, > > As promised, we have started a design team on IPsec HA. Paul and I have > asked Raj Singh to lead the team. His job is to make sure that the team > meets regularly in the next few weeks, and produces a good output document > before the Maastricht face-to-face meeting. > > The initial membership of the team is: > > - Raj Singh (rsjenwar@gmail.com, lead) > > - Jitender Arora (JArora@acmepacket.com) > - Min Huang (huangmin@huaweisymantec.com) > - Dacheng Zhang (zhangdacheng@huawei.com) > - Yoav Nir (ynir@checkpoint.com) > - Yaron Sheffer (yaronf.ietf@gmail.com, observer) > > According to IETF rules (see > http://www.ietf.org/iesg/statement/design-team.htm), every design team > needs to have a mission statement. So here it is: > > Produce a high-level solution document that covers most or all of the > issues raised by the HA problem statement (draft-ietf-ipsecme-ipsec-ha). Any > solution should be applicable to different deployments, in order to > accommodate the variety of existing and future IPsec products. Solutions > should have a similar level of security as the IKE/IPsec suite. > > Another process reminder: the design team's output serves as input to the > full WG, essentially like an individual draft. So all protocol decisions > will eventually be made by the working group. > > Thanks, > Yaron > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] HA design team started Yaron Sheffer
- Re: [IPsec] HA design team started Raj Singh