[IPsec] I-D Action:draft-ietf-ipsecme-ipsecha-protocol-02.txt

[Internet-Drafts@ietf.org]

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF.


	Title           : Protocol Support for High Availability of IKEv2/IPsec
	Author(s)       : R. Jenwar, et al.
	Filename        : draft-ietf-ipsecme-ipsecha-protocol-02.txt
	Pages           : 19
	Date            : 2010-10-25

The IPsec protocol suite is widely used for the deployment of virtual
private networks (VPNs).  In order to make such VPNs highly
available, more scalable and failure-resistant, these VPNs are
implemented as IPsec High Availability (HA) clusters.  However there
are many issues in IPsec HA clustering, and in particular in IKEv2
clustering.  An earlier document, "IPsec Cluster Problem Statement",
enumerates the issues encountered in the IKEv2/IPsec HA cluster
environment.  This document attempts to resolve these issues with the
least possible change to the protocol.

This document proposes an extension to the IKEv2 protocol to solve
the main issues of "IPsec Cluster Problem Statement" in the commonly
deployed hot-standby cluster, and provides implementation advice for
other issues.  The main issues to be solved are the synchronization
of IKEv2 Message ID counters, and of IPsec Replay Counters.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ipsecha-protocol-02.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-ipsecha-protocol-02.txt"><ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsecme-ipsecha-protocol-02.txt>