...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Kalyani Garigipati (kagarigi)
Sent: Monday, June 14, 2010 9:33 PM
To: ipsec@ietf.org
Subject: [IPsec] New draft posted
Hi All,
A new version of I-D,
http://www.ietf.org/id/draft-ikev2-windowssync-00.txt has been posted to
the IETF
Hi All,
A new version of I-D,
http://www.ietf.org/id/draft-ikev2-windowssync-00.txt has been posted to
the IETF repository.
Filename: http://www.ietf.org/id/draft-ikev2-windowssync-00.txt
Revision: 00
Title:IKEv2 window synchronization among peers
Please give your
Jitender Arora writes:
Load balancer by definition needs to know the devices where it is
sharing the load to, so I do not consider that a problem. Also if the
redirection is done in the IKE_SA_INIT phase then the application
support required is very minimal.
Jitender-- Adding the IKEv2
Comments inline.
-Original Message-
From: Tero Kivinen [mailto:kivi...@iki.fi]
Sent: Wednesday, May 12, 2010 7:41 AM
To: Jitender Arora
Cc: ipsec@ietf.org
Subject: Re: [IPsec] New draft posted
Jitender Arora writes:
Jitender-- Currently we are using this approach (basically using
Jitender Arora writes:
Jitender-- Currently we are using this approach (basically using
the redirect and the Mobike).
This is causing the following issues:
1. If the redirect message is handled by the Load Balancer, the
load balancer needs to be IKEv2 aware and also it needs to know the
Hi Tero,
My comments are inline.
Thanks,
Jitender
-Original Message-
From: Tero Kivinen [mailto:kivi...@iki.fi]
Sent: Monday, May 03, 2010 8:40 AM
To: Jitender Arora
Cc: Yaron Sheffer; ipsec@ietf.org
Subject: RE: [IPsec] New draft posted
Jitender Arora writes
Jitender Arora wrote:
The application where it is required now is the load balancing of
the IPSEC tunnels. Suppose in a network there are 10 Security-Gateways
and each of these security gateways can handle 20 IPSEC tunnels
using the IKEv2 signaling. Now for this network if we need a
Jitender Arora writes:
Currently the IKEv2 does not allow the IKEv2 signaling and the
IPSEC traffic to go to different IP addresses, so this is the
problem this draft is trying to solve.
The application where it is required now is the load balancing
of the IPSEC
]
Sent: Tuesday, April 27, 2010 7:19 AM
To: Jitender Arora
Cc: Yaron Sheffer; ipsec@ietf.org
Subject: Re: [IPsec] New draft posted
Jitender Arora writes:
1. I will point the section 5.1 in the introduction itself that way
the purpose and applications of the draft are clear.
After I read the section
Jitender Arora writes:
1. I will point the section 5.1 in the introduction itself that way
the purpose and applications of the draft are clear.
After I read the section 5.1 (I skipped most of the other draft as I
needed to know first WHY this is needed before I care about HOW it is
Yoav Nir writes:
I agree. And whatever we may think of the particular solution, it does
present a problem that can and should be in the problem statement draft.
So how about adding teh following sub-section:
3.7. Different IP addresses for IKE and IPsec
In many implementations
This is why we need multiple vendors to look at this draft.
On Apr 26, 2010, at 2:29 PM, Tero Kivinen wrote:
Yoav Nir writes:
I agree. And whatever we may think of the particular solution, it does
present a problem that can and should be in the problem statement draft.
So how about adding
Yoav Nir writes:
Actually, in our implementation, all packets (IKE and ESP) have the
cluster IP address, so the peer doesn't notice a failover, and also
the peer can't tell which member is active or which member it is
working with.
Yes, that is also one way doing it, but in that case there
: Sunday, April 25, 2010 5:22 AM
To: Jitender Arora
Cc: ipsec@ietf.org
Subject: Re: [IPsec] New draft posted
Hi Jitender,
this is certainly an interesting approach to the
high-availability/load-balancing issue that we are just starting to
tackle, as a group. I would appreciate your inputs
I agree. And whatever we may think of the particular solution, it does present
a problem that can and should be in the problem statement draft.
So how about adding teh following sub-section:
3.7. Different IP addresses for IKE and IPsec
In many implementations there are separate IP
15 matches
Mail list logo