[IPsec] Draft: IKEv2/IPsec Context Definition

Daniel Palomares <daniel.palomares.ietf@gmail.com> Thu, 13 February 2014 14:09 UTC

Return-Path: <daniel.palomares.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F85B1A0286 for <ipsec@ietfa.amsl.com>; Thu, 13 Feb 2014 06:09:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AYCsmHJT2eI3 for <ipsec@ietfa.amsl.com>; Thu, 13 Feb 2014 06:09:50 -0800 (PST)
Received: from mail-ie0-x242.google.com (mail-ie0-x242.google.com [IPv6:2607:f8b0:4001:c03::242]) by ietfa.amsl.com (Postfix) with ESMTP id D45551A026C for <ipsec@ietf.org>; Thu, 13 Feb 2014 06:09:49 -0800 (PST)
Received: by mail-ie0-f194.google.com with SMTP id at1so327136iec.1 for <ipsec@ietf.org>; Thu, 13 Feb 2014 06:09:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=zB+Dc+/wd9w7cgfS6Femfh1NKR1AlKDsiW7jqVkh0No=; b=iNcyP8SEdW7Pn8efv8EXLhCVlKZSIkeL3H+WJqkefrQqaA2Uq4TjVm32Y2aNaN5brv Qf69gtyiK2Yk+42MOHzQ9SAYEKDvYs9E2vFs/bp4zldj/eeWl19hLvpxHYdHcdpo2UOO I6cY8Rx/hxYvqSNcEZ806SIB4TMAsThOMvryiI0wHHB6NRZuixjK7RHKSJK4eoOXYEm9 ZyyMnOmG//41mISscS/qZ1kgg8K2kPZwJ/cDHH0A266uNCPJa4d8W9vXGI+6KtjUKs7h dl4VhXbb3rsJxZahvpUqiFwuZzC4S1obVODxHhErRbk2f1Xe1W9Pgo4jzzfqtZyP9jwi /A6w==
MIME-Version: 1.0
X-Received: by 10.42.104.74 with SMTP id q10mr638352ico.75.1392300588695; Thu, 13 Feb 2014 06:09:48 -0800 (PST)
Received: by 10.50.40.131 with HTTP; Thu, 13 Feb 2014 06:09:48 -0800 (PST)
Date: Thu, 13 Feb 2014 15:09:48 +0100
Message-ID: <CAHf5+hrQ52GPKsAZJF4ZyhFNXgwZJOTEm8u-KKqVbta6Bj=N1g@mail.gmail.com>
From: Daniel Palomares <daniel.palomares.ietf@gmail.com>
To: ipsec@ietf.org
Content-Type: multipart/alternative; boundary=20cf303dd43802834104f24a3e72
Subject: [IPsec] Draft: IKEv2/IPsec Context Definition
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 14:09:52 -0000

Hi,

Please find a draft we have Posted. They concern the definition of IKEv2
and IPsec contexts.
Comments are welcome,

BR,

Daniel Palomares





Name:        draft-plmrs-ipsecme-ipsec-ikev2-context-definition.

Revision: 00
Title:       IKEv2/IPsec Context Definition
Document date:    2014-02-12
Group:        Individual Submission
Pages:        8
URL:
http://www.ietf.org/id/draft-plmrs-ipsecme-ipsec-ikev2-context-definition-00.txt<http://www.ietf.org/internet-drafts/draft-mglt-dice-diet-esp-00.txt>
Status:
https://datatracker.ietf.org/doc/draft-plmrs-ipsecme-ipsec-ikev2-context-definition/
Htmlized:
http://tools.ietf.org/html/draft-plmrs-ipsecme-ipsec-ikev2-context-definition-00


Abstract

   IPsec/IKEv2 clusters are constituted of multiple nodes accessed via a
   single address by the end user.  The traffic is then split between
   the nodes via specific IP load balancing policies.  Once a session is
   assigned to a given node, IPsec makes it difficult to assign the
   session to another node.  This makes management operations and
   transparent high availability for end users difficult to perform
   within the cluster.

   This document describes the contexts for IKEv2 and IPsec that MUST be
   transferred between two nodes so a session can be restored.  This
   makes possible to transfer an IPsec session transparently to the end
   user.



*Daniel* *PALOMARES*

*Orange Labs, Issy-les-Moulineaux*

+33 6 34 23 07 88