Protocol Support for High Availability of IKEv2/IPsec
نویسندگان
چکیده
The IPsec protocol suite is widely used for business-critical network traffic. In order to make IPsec deployments highly available, more scalable, and failure-resistant, they are often implemented as IPsec High Availability (HA) clusters. However, there are many issues in IPsec HA clustering, and in particular in Internet Key Exchange Protocol version 2 (IKEv2) clustering. An earlier document, "IPsec Cluster Problem Statement", enumerates the issues encountered in the IKEv2/IPsec HA cluster environment. This document resolves these issues with the least possible change to the protocol.
منابع مشابه
RFC 6311 High Availability in IKEv
The IPsec protocol suite is widely used for business-critical network traffic. In order to make IPsec deployments highly available, more scalable, and failure-resistant, they are often implemented as IPsec High Availability (HA) clusters. However, there are many issues in IPsec HA clustering, and in particular in Internet Key Exchange Protocol version 2 (IKEv2) clustering. An earlier document, ...
متن کاملDiameter IKEv 2 SK : Using Shared Keys to Support Interaction between
The Internet Key Exchange Protocol version 2 (IKEv2) is a component of the IPsec architecture and is used to perform mutual authentication as well as to establish and to maintain IPsec Security Associations (SAs) between the respective parties. IKEv2 supports several different authentication mechanisms, such as the Extensible Authentication Protocol (EAP), certificates, and Shared Key (SK). Dia...
متن کاملNAT Traversal Capability and Keep-Alive Functionality with IPSec in IKEv2 Implementation
Since IPv4 Private Networks are behind NAT (Network Address Translation) devices. So, to bypass the Binding Update and Binding Acknowledgment by NAT, we need to encapsulate it in UDP (User datagram Protocol) Packets. Hence, the Dual Stack Mobile IPv6 should support NAT Traversal and Detection. So for proper securing and fully functionality of NAT traversal, it should be IP Security Protected. P...
متن کاملImplementation of EAP authentication into IKEv2 protocol
IKEv2 is a protocol for exchanging keys in the IPsec architecture. In it's specification, EAP was proposed as one of the authentication mechanisms. EAP is extensible authentication protocol based on client/server architecture and allows introduction of additional EAP methods. Implementation of this protocol is complex and in our project it was decided to include one of the existing implementati...
متن کاملTransport Layer Security (TLS) Implementation for Secured MN- HA Communication in Mobile IPv6
Mobile IPv6 usually use the IPsec/IKEv2 to secure Mobile Node (MN) and Home Agent (HA) communication. The implementation of IPsec/IKEv2 with MIPv6 is complex because it requires a tight coupling between MIPv6 protocol part and the IPsec/IKEv2 part of the IP stack. This paper proposes a security mechanism which uses Transport Layer Security (TLS) for establishing Keying Material and other bootst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- RFC
دوره 6311 شماره
صفحات -
تاریخ انتشار 2011