[IPsec] IKEv2 initial contact handling?
Kanaga Kannappan <kanaga_k@yahoo.com> Tue, 09 April 2013 17:03 UTC
Return-Path: <kanaga_k@yahoo.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F87B21F928B for <ipsec@ietfa.amsl.com>; Tue, 9 Apr 2013 10:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.739
X-Spam-Level:
X-Spam-Status: No, score=-0.739 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYjcDe6PGAKA for <ipsec@ietfa.amsl.com>; Tue, 9 Apr 2013 10:03:11 -0700 (PDT)
Received: from nm8.bullet.mail.bf1.yahoo.com (nm8.bullet.mail.bf1.yahoo.com [98.139.212.167]) by ietfa.amsl.com (Postfix) with SMTP id 8E21121F923C for <ipsec@ietf.org>; Tue, 9 Apr 2013 10:03:11 -0700 (PDT)
Received: from [98.139.212.153] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 09 Apr 2013 17:03:10 -0000
Received: from [98.139.212.208] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 09 Apr 2013 17:03:10 -0000
Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP; 09 Apr 2013 17:03:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 959622.66078.bm@omp1017.mail.bf1.yahoo.com
Received: (qmail 23641 invoked by uid 60001); 9 Apr 2013 17:03:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1365526990; bh=w8dLk5BoUjh8cqVtix8WZYXdZDRO+DisGruZqxEPRyg=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=vC/02xwYQJn/qwHtwIX8C08TXSrAKLBOB08wqhMGMxxElbjpFBlY19TonCTXvt8xR4Zb26K7+ZAS74Mfviab3nlfOqepEa4RiFe1RW6Z4ETUowH9QF0h4MQwtER3zDxGnzCTxL+H1MFkt7NEoU7c2Bx1qtnvqtWa1EGeInIJyPs=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=Ti1rpp9mYmg1RGc9Xi6J9QknTKOaQ5182srIZ+33qjEWTqBtUE2JNgG+pXjJ3gB/nFBe6n2TRDRZ3WnW23dKkhG/GmounqoAoKAhpPPykRaBdm1oGFlWEGZYo9Y6SnsfESXy7/pquS5hDRAPUYeJAv3Vovx4m+2w4bdhAu1N9A4=;
X-YMail-OSG: LEzvTM0VM1mwfs9CvJYeSpixnPsqqONHz4a.l2l1D5KNZSi a_5AAVhmhwbEHnwb4ocUhe5Mwi9xnH9vvXB0QicpizZGpYX9C8PTOL2sM3z1 .gYM2l1844_YSO4eWVhdy0HcQ8kOtwmJfTAkdLAyUA.DWAmmaKRsKxhT_N4W 4IzvdzkR5AHGRRs9FqRQV3fAwZNIuW.p7hJrTgolKD18oQZHhJRt3EI0lagb AO1Og7ncuEF4YCvD0EjAvMHc7wMSLZPyPjLAkQ3GYirtwqfEfaS2pvLOUeUS XEBN6dG.NBmOSPmF.0zdSFsliLAfvl9WqR98f7FS1hEpPph4KzlmaMFg4QzW R9neUi09H4lwcLiDXxFRkuljqKMyBigiGlPBQulhHLfz77KGjIUlUT_K6JpQ XdqcGpBz1ynjVpRJk1eRgPJ49k8f1qy0QP4omD81WUlsMSX9qgj0U6yPVHgF FGbfeUhHqtRe_lEHXnSWp3dOkqKXJgztTSXA2f7jQQ.8VLn3zJMA9JMg-
Received: from [116.197.178.83] by web141003.mail.bf1.yahoo.com via HTTP; Tue, 09 Apr 2013 10:03:10 PDT
X-Rocket-MIMEInfo: 002.001, SGkgQWxsLAoKSG93IHRvIGhhbmRsZSAiSW5pdGlhbCBDb250YWN0IE5vdGlmaWNhdGlvbiIgZHVyaW5nIHNpbXVsdGFuZW91cyBJS0V2MiBTQSBuZWdvdGlhdGlvbj8KCkZvcgogZXhhbXBsZTogQSBwYWlyIG9mIGdhdGV3YXlzIGFyZSBpbml0aWF0aW5nIElLRXYyIG5lZ290aWF0aW9uIGFsbW9zdCBhdCAKdGhlIHNhbWUgdGltZSByZXN1bHRpbmcgaW4gMiBzZXRzIG9mIElLRXYyIFNBcy4gSW4gSUtFX0FVVEgsIGJvdGggdGhlIApib3hlcyBhcmUgc2VuZGluZyAiSW5pdGlhbCBDb250YWN0IiBub3RpZmljYXQBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.140.532
Message-ID: <1365526990.17344.YahooMailNeo@web141003.mail.bf1.yahoo.com>
Date: Tue, 09 Apr 2013 10:03:10 -0700
From: Kanaga Kannappan <kanaga_k@yahoo.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1028315969-1108293149-1365526990=:17344"
Subject: [IPsec] IKEv2 initial contact handling?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Kanaga Kannappan <kanaga_k@yahoo.com>
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 17:03:12 -0000
Hi All, How to handle "Initial Contact Notification" during simultaneous IKEv2 SA negotiation? For example: A pair of gateways are initiating IKEv2 negotiation almost at the same time resulting in 2 sets of IKEv2 SAs. In IKE_AUTH, both the boxes are sending "Initial Contact" notification and IKE_AUTH almost cross each other. On receiving the IC, if both try to delete the other IKE SAs on the box, we end up having different sets of IKE & child SAs on the both sides. Thanks Kanaga.
- [IPsec] IKEv2 initial contact handling? Kanaga Kannappan
- Re: [IPsec] IKEv2 initial contact handling? Paul Wouters
- Re: [IPsec] IKEv2 initial contact handling? Yoav Nir
- Re: [IPsec] IKEv2 initial contact handling? Kanaga Kannappan
- Re: [IPsec] IKEv2 initial contact handling? Tero Kivinen
- Re: [IPsec] IKEv2 initial contact handling? Paul Wouters
- Re: [IPsec] IKEv2 initial contact handling? Tero Kivinen
- Re: [IPsec] IKEv2 initial contact handling? Paul Wouters
- Re: [IPsec] IKEv2 initial contact handling? sandeep kampati