[IPsec] FW: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt

Daniel Migault <daniel.migault@ericsson.com> Mon, 24 August 2015 12:25 UTC

From: Daniel Migault <daniel.migault@ericsson.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt
Thread-Index: AQHQ3mZD0CHzfUrca0uOyuEVjOUVR54bENeg
Date: Mon, 24 Aug 2015 12:25:01 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C11214EB2E@eusaamb107.ericsson.se>
References: <20150824121310.20833.50393.idtracker@ietfa.amsl.com>
In-Reply-To: <20150824121310.20833.50393.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/UBgfw48DbrCThaZAeNQEs-rxIAk>
Cc: Valery Smyslov <svanru@gmail.com>
Subject: [IPsec] FW: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt
Precedence: list

Hi, 

Please find a new version of the draft-mglt-ipsecme-clone-ike-sa-05. In this version, we added text  to reflect the discussion of the load balancing IPsec VPNs [1].

Feel free to comment the current document.
BR,

Daniel  

[1] https://mailarchive.ietf.org/arch/msg/ipsec/y0oklrJ_HYmbX07lDrbF0fqdEss

-----Original Message-----
From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] 
Sent: Monday, August 24, 2015 8:13 AM
To: Valery Smyslov; Valery Smyslov; Daniel Migault; Daniel Migault
Subject: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt


A new version of I-D, draft-mglt-ipsecme-clone-ike-sa-05.txt
has been successfully submitted by Daniel Migault and posted to the IETF repository.

Name:		draft-mglt-ipsecme-clone-ike-sa
Revision:	05
Title:		Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)
Document date:	2015-08-24
Group:		Individual Submission
Pages:		14
URL:            https://www.ietf.org/internet-drafts/draft-mglt-ipsecme-clone-ike-sa-05.txt
Status:         https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/
Htmlized:       https://tools.ietf.org/html/draft-mglt-ipsecme-clone-ike-sa-05
Diff:           https://www.ietf.org/rfcdiff?url2=draft-mglt-ipsecme-clone-ike-sa-05

Abstract:
   This document considers a VPN End User establishing an IPsec SA with
   a Security Gateway using the Internet Key Exchange Protocol Version 2
   (IKEv2), where at least one of the peers has multiple interfaces or
   where Security Gateway is a cluster with each node having its own IP
   address.

   With the current IKEv2 protocol, the outer IP addresses of the IPsec
   SA are determined by those used by IKE SA.  As a result using
   multiple interfaces requires to set up an IKE SA on each interface,
   or on each path if both the VPN Client and the Security Gateway have
   multiple interfaces.  Setting each IKE SA involves authentications
   which might require multiple round trips as well as activity from the
   VPN End User and thus would delay the VPN establishment.  In addition
   multiple authentications unnecessarily increase the load on the VPN
   client and the authentication infrastructure.

   This document presents the solution that allows to clone IKEv2 SA,
   where an additional SA is derived from an existing one.  The newly
   created IKE SA is set without the IKEv2 authentication exchange.
   This IKE SA can later be assigned to another interface or moved to
   another cluster mode using MOBIKE protocol.

                                                                                  


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

[IPsec] FW: New Version Notification for draft-mg… Daniel Migault