Re: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing - YES
Raj Singh <rsjenwar@gmail.com> Wed, 02 December 2009 01:46 UTC
Return-Path: <rsjenwar@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B0AA3A6926 for <ipsec@core3.amsl.com>; Tue, 1 Dec 2009 17:46:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2p022Bi3pkqM for <ipsec@core3.amsl.com>; Tue, 1 Dec 2009 17:46:27 -0800 (PST)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by core3.amsl.com (Postfix) with ESMTP id A7EEE3A679F for <ipsec@ietf.org>; Tue, 1 Dec 2009 17:46:26 -0800 (PST)
Received: by ey-out-2122.google.com with SMTP id 4so1285792eyf.51 for <ipsec@ietf.org>; Tue, 01 Dec 2009 17:46:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:cc:content-type; bh=5LQe4f1D4RQIex/EQoE+5cjTTxtfXzXg1A5TMsIxtQQ=; b=pEZzQKHO743kheN5xPKgh+AMYr2dWZB1rDu/2AJfR+xjiWuoskpahHmyOOfqsCM4b3 AVj58ty6OuCiJ0cWkRKcWDL9iNpF2znFOLWjLsItBuZ5WxpfjRPnEC2STUMh9DcD3NRT Bnj28JdVoX0IbTu/3IUv+U+xnsSejw1cK8FxY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=G+cOX/o721u7q3CaX/BNdj58+tj0owQcb/C8bo6LQQA1+lTGV3bxjsKi+9DQ1pjhYz Kl4eapBhsL+ibP82qjN79Ifgt0qgaEluxdn7+LXn2T+4UiAmjJO3gP8NYAXIs2BacfhZ sc94oWCWzZmY2ZP+L4gt9QixAW61sJnAM44lo=
MIME-Version: 1.0
Received: by 10.216.89.200 with SMTP id c50mr2188392wef.137.1259718373880; Tue, 01 Dec 2009 17:46:13 -0800 (PST)
Date: Wed, 02 Dec 2009 07:16:13 +0530
Message-ID: <7ccecf670912011746uf252b88w9955f22162d03a8a@mail.gmail.com>
From: Raj Singh <rsjenwar@gmail.com>
To: Yaron Sheffer <yaronf@checkpoint.com>
Content-Type: multipart/alternative; boundary="0016e6d7e34531346e0479b50a13"
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Proposed work item: IKE/IPsec high availability and load sharing - YES
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 01:46:28 -0000
Hi Team, According to me, High Availability needs protocol level support from IKEv2 due to windowing and sequence numbers in IPsec. This will enhance performance and avoid proprietary versions of different vendors. Here we can discuss various problem and solution of IPsec and HA, which surely needs some attention. Also, Kalyani presented a solution syncing-up of IKE message id in internal meeting. That can be a good starting point. I would like to review and co-author this draft. Regards, Raj On Sun, Nov 29, 2009 at 10:49 PM, Yaron Sheffer <yaronf@checkpoint.com>wrote: > This work item will define the problem statement and requirements for a > solution that allows interoperable HA/LS device groups. Mixed-vendor > clusters are specifically out of scope; but single-vendor clusters should be > fully interoperable with other vendors’ devices or clusters. The main > challenge is to overcome the strict use of sequence numbers in both IPsec > and IKE, in HA and LS scenarios. Following the Hiroshima discussion, the WI > is initially focused on defining the problem, rather than a particular > solution. > > > > Proposed starting point: > http://tools.ietf.org/id/draft-nir-ipsecme-ipsecha-00.txt. > > > > Please reply to the list: > > > > - If this proposal is accepted as a WG work item, are you committing to > review multiple versions of the draft? > > - Are you willing to contribute text to the draft? > > - Would you like to co-author it? > > > > Please also reply to the list if: > > > > - You believe this is NOT a reasonable activity for the WG to spend time > on. > > > > If this is the case, please explain your position. Do not explore the fine > technical details (which will change anyway, once the WG gets hold of the > draft); instead explain why this is uninteresting for the WG or for the > industry at large. Also, please mark the title clearly (e.g. "DES40-export > in IPsec - NO!"). > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > >