[IPsec] FW: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt
Daniel Migault <daniel.migault@ericsson.com> Mon, 24 August 2015 12:25 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8742F1B32E0 for <ipsec@ietfa.amsl.com>; Mon, 24 Aug 2015 05:25:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8it681JSvDW for <ipsec@ietfa.amsl.com>; Mon, 24 Aug 2015 05:25:04 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0BFF1B32FA for <ipsec@ietf.org>; Mon, 24 Aug 2015 05:25:03 -0700 (PDT)
X-AuditID: c6180641-f792c6d00000686a-74-55daa36197ea
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 1A.04.26730.163AAD55; Mon, 24 Aug 2015 06:53:54 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0210.002; Mon, 24 Aug 2015 08:25:02 -0400
From: Daniel Migault <daniel.migault@ericsson.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt
Thread-Index: AQHQ3mZD0CHzfUrca0uOyuEVjOUVR54bENeg
Date: Mon, 24 Aug 2015 12:25:01 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C11214EB2E@eusaamb107.ericsson.se>
References: <20150824121310.20833.50393.idtracker@ietfa.amsl.com>
In-Reply-To: <20150824121310.20833.50393.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrHLMWRmVeSWpSXmKPExsUyuXSPt27S4luhBs1N/Bb7t7xgs7jxYSab A5PHzll32T2WLPnJFMAUxWWTkpqTWZZapG+XwJXx+mILS8EauYq56xazNjCekO1i5OSQEDCR eLntByuELSZx4d56ti5GLg4hgaOMEj+7VrFDOMsZJY6vmsYCUsUmYCTRdqifHcQWEVCVOLVs Olg3M5D9ZdcZZhBbWCBIYsOPO4wQNcESf/duY4WwjSQ+3P7MBmKzANWvfXsCqJ6Dg1fAV6L/ RwpIWEjAUeLuvs9gqzgFnCQe3L4MNoYR6Ljvp9YwQawSl7j1ZD4TxNECEkv2nGeGsEUlXj7+ B/WMksTH3/PZQcYzC2hKrN+lD9GqKDGl+yHY9bwCghInZz5hmcAoNgvJ1FkIHbOQdMxC0rGA kWUVI0dpcWpZbrqR4SZGYIQck2Bz3MG44JPlIUYBDkYlHt4HF2+GCrEmlhVX5h5ilOZgURLn lfbLCxUSSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAaJby4olIudGPJ6HfJ52702FcZJOTX1K/ pz9SzFz0ys+7hx2PqCbGdPz4XPAx84Jfz7eVTHGG8Rv23f8syX/ysVCxsceDit/Cmks7D3pp 1a2z+v4nIjD1nFLa1jMy90VKzzjFn99l+UGxTd7a4ae18ZVihfLi3aLTshYJXF9Ryl6xhyut 3nKNEktxRqKhFnNRcSIASVW2UHECAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/UBgfw48DbrCThaZAeNQEs-rxIAk>
Cc: Valery Smyslov <svanru@gmail.com>
Subject: [IPsec] FW: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Aug 2015 12:25:06 -0000
Hi, Please find a new version of the draft-mglt-ipsecme-clone-ike-sa-05. In this version, we added text to reflect the discussion of the load balancing IPsec VPNs [1]. Feel free to comment the current document. BR, Daniel [1] https://mailarchive.ietf.org/arch/msg/ipsec/y0oklrJ_HYmbX07lDrbF0fqdEss -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Monday, August 24, 2015 8:13 AM To: Valery Smyslov; Valery Smyslov; Daniel Migault; Daniel Migault Subject: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-05.txt A new version of I-D, draft-mglt-ipsecme-clone-ike-sa-05.txt has been successfully submitted by Daniel Migault and posted to the IETF repository. Name: draft-mglt-ipsecme-clone-ike-sa Revision: 05 Title: Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2) Document date: 2015-08-24 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/internet-drafts/draft-mglt-ipsecme-clone-ike-sa-05.txt Status: https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/ Htmlized: https://tools.ietf.org/html/draft-mglt-ipsecme-clone-ike-sa-05 Diff: https://www.ietf.org/rfcdiff?url2=draft-mglt-ipsecme-clone-ike-sa-05 Abstract: This document considers a VPN End User establishing an IPsec SA with a Security Gateway using the Internet Key Exchange Protocol Version 2 (IKEv2), where at least one of the peers has multiple interfaces or where Security Gateway is a cluster with each node having its own IP address. With the current IKEv2 protocol, the outer IP addresses of the IPsec SA are determined by those used by IKE SA. As a result using multiple interfaces requires to set up an IKE SA on each interface, or on each path if both the VPN Client and the Security Gateway have multiple interfaces. Setting each IKE SA involves authentications which might require multiple round trips as well as activity from the VPN End User and thus would delay the VPN establishment. In addition multiple authentications unnecessarily increase the load on the VPN client and the authentication infrastructure. This document presents the solution that allows to clone IKEv2 SA, where an additional SA is derived from an existing one. The newly created IKE SA is set without the IKEv2 authentication exchange. This IKE SA can later be assigned to another interface or moved to another cluster mode using MOBIKE protocol. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [IPsec] FW: New Version Notification for draft-mg… Daniel Migault