Hi Team, According to me, High Availability needs protocol level support from IKEv2 due to windowing and sequence numbers in IPsec. This will enhance performance and avoid proprietary versions of different vendors. Here we can discuss various problem and solution of IPsec and HA, which surely needs some attention. Also, Kalyani presented a solution syncing-up of IKE message id in internal meeting. That can be a good starting point. I would like to review and co-author this draft.
Regards, Raj On Sun, Nov 29, 2009 at 10:49 PM, Yaron Sheffer <yar...@checkpoint.com>wrote: > This work item will define the problem statement and requirements for a > solution that allows interoperable HA/LS device groups. Mixed-vendor > clusters are specifically out of scope; but single-vendor clusters should be > fully interoperable with other vendors’ devices or clusters. The main > challenge is to overcome the strict use of sequence numbers in both IPsec > and IKE, in HA and LS scenarios. Following the Hiroshima discussion, the WI > is initially focused on defining the problem, rather than a particular > solution. > > > > Proposed starting point: > http://tools.ietf.org/id/draft-nir-ipsecme-ipsecha-00.txt. > > > > Please reply to the list: > > > > - If this proposal is accepted as a WG work item, are you committing to > review multiple versions of the draft? > > - Are you willing to contribute text to the draft? > > - Would you like to co-author it? > > > > Please also reply to the list if: > > > > - You believe this is NOT a reasonable activity for the WG to spend time > on. > > > > If this is the case, please explain your position. Do not explore the fine > technical details (which will change anyway, once the WG gets hold of the > draft); instead explain why this is uninteresting for the WG or for the > industry at large. Also, please mark the title clearly (e.g. "DES40-export > in IPsec - NO!"). > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
