Re: [IPsec] Survey for WG interest in adoptingdraft-mglt-ipsecme-clone-ike-sa

Thu, 27 Nov 2014 04:57:47 -0800 

Hi all,

as a co-author of the draft I (obviously) support its adoption.

I think that the mechanism it describes is useful and could be used
as a building block for several solutions. For example,
it can be used in load-sharing scenario when there are
some gateways with different IP addresses, that share
the same credentials. If client established IKE SA with
any of them then the SA could be cloned and transfered
to other nodes of this cluster without reauthentication,
and the traffic from client then could be balanced
among those gateways.

Regards,
Valery Smyslov.
----- Original Message ----- From: "Paul Hoffman" <paul.hoff...@vpnc.org> 
To: "IPsecME WG" <ipsec@ietf.org>
Sent: Tuesday, November 25, 2014 11:06 PM
Subject: [IPsec] Survey for WG interest in adoptingdraft-mglt-ipsecme-clone-ike-sa 



<chair hats on>
Greetings again. The "Clone IKE SA" proposal tries to optimize IKE SA setup in cases where VPN gateways have multiple interfaces and want to establish different SAs on the different interfaces without having to repeat the IKE authentication. Instead, they could clone a single IKE SA multiple times, and then move it to different interfaces using MOBIKE.
If you agree with the need to standardize this usage, and believe that draft-mglt-ipsecme-clone-ike-sa is likely to be a good starting place for that standardization, and are willing to review and contribute text to the document if it is adopted by the WG, please say so on the list. This WG has a history of adopting documents but then not having enough reviewers for us to feel confident that we are making a good standard, so we need to see a reasonable number of actively interested people before we adopt the document. If it is not adopted, the authors can ask for it to be published as an RFC through individual submission or by the Independent Submissions Editor. 

Please reply by December 8, 2015.

--Paul Hoffman and Yaron Sheffer
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec 

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to