Internet-Draft draft-ietf-ipsecme-multi-sa-performance-09.txt is now
available. It is a work item of the IP Security Maintenance and Extensions
(IPSECME) WG of the IETF.
Title: IKEv2 support for per-resource Child SAs
Authors: Antony Antony
Tobias Brunner
Steffen Klassert
Paul Wouters
Name: draft-ietf-ipsecme-multi-sa-performance-09.txt
Pages: 13
Dates: 2024-05-02
Abstract:
This document defines one Notify Message Status Types and one Notify
Message Error Types payload for the Internet Key Exchange Protocol
Version 2 (IKEv2) to support the negotiation of multiple Child
Security Associations (SAs) with the same Traffic Selectors used on
different resources, such as CPUs, to increase bandwidth of IPsec
traffic between peers.
The SA_RESOURCE_INFO notification is used to convey information that
the negotiated Child SA and subsequent new Child SAs with the same
Traffic Selectors are a logical group of Child SAs where most or all
of the Child SAs are bound to a specific resource, such as a specific
CPU. The TS_MAX_QUEUE notify conveys that the peer is unwilling to
create more additional Child SAs for this particular negotiated
Traffic Selector combination.
Using multiple Child SAs with the same Traffic Selectors has the
benefit that each resource holding the Child SA has its own Sequence
Number Counter, ensuring that CPUs don't have to synchronize their
cryptographic state or disable their packet replay protection.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-multi-sa-performance/
There is also an HTMLized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-multi-sa-performance-09
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-multi-sa-performance-09
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
