Re: [IPsec] I-D Action:draft-ietf-ipsecme-ipsecha-protocol-03.txt

Tue, 08 Feb 2011 12:15:27 -0800 

Hi,
this version attempts to address all the open issues that were raised in the last few months. In particular, it clarifies the behavior of the IKE Message ID during failover while reducing some of the complexity. Another significant change is the semantics of the IPsec replay counter sync message. 


Pleas review the document. We would like to close the issues in the next 
week or so, and move to WGLC. The currently open issues are here: 
http://tools.ietf.org/wg/ipsecme/trac/query?status=new&status=assigned&status=reopened&component=ipsecha-protocol


Thanks,
        Yaron

On 02/08/2011 09:45 PM, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working 
Group of the IETF.


        Title           : Protocol Support for High Availability of IKEv2/IPsec
        Author(s)       : R. Jenwar, et al.
        Filename        : draft-ietf-ipsecme-ipsecha-protocol-03.txt
        Pages           : 22
        Date            : 2011-02-08

The IPsec protocol suite is widely used for business-critical network
traffic.  In order to make IPsec deployments highly available, more
scalable and failure-resistant, they are often implemented as IPsec
High Availability (HA) clusters.  However there are many issues in
IPsec HA clustering, and in particular in IKEv2 clustering.  An
earlier document, "IPsec Cluster Problem Statement", enumerates the
issues encountered in the IKEv2/IPsec HA cluster environment.  This
document attempts to resolve these issues with the least possible
change to the protocol.

This document proposes an extension to the IKEv2 protocol to solve
the main issues of "IPsec Cluster Problem Statement" in the commonly
deployed hot-standby cluster, and provides implementation advice for
other issues.  The main issues to be solved are the synchronization
of IKEv2 Message ID counters, and of IPsec Replay Counters.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ipsecha-protocol-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.



_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec






















					Reply via email to