A new Request for Comments is now available in online RFC libraries.
RFC 9611
Title: Internet Key Exchange Protocol Version
2 (IKEv2) Support for Per-Resource Child
Security Associations (SAs)
Author: A. Antony,
T. Brunner,
S. Klassert,
P. Wouters
Status: Standards Track
Stream: IETF
Date: July 2024
Mailbox: antony.ant...@secunet.com,
tob...@codelabs.ch,
steffen.klass...@secunet.com,
paul.wout...@aiven.io
Pages: 9
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-ipsecme-multi-sa-performance-09.txt
URL: https://www.rfc-editor.org/info/rfc9611
DOI: 10.17487/RFC9611
In order to increase the bandwidth of IPsec traffic between peers,
this document defines one Notify Message Status Types and one Notify
Message Error Types payload for the Internet Key Exchange Protocol
Version 2 (IKEv2) to support the negotiation of multiple Child
Security Associations (SAs) with the same Traffic Selectors used on
different resources, such as CPUs.
The SA_RESOURCE_INFO notification is used to convey information that
the negotiated Child SA and subsequent new Child SAs with the same
Traffic Selectors are a logical group of Child SAs where most or all
of the Child SAs are bound to a specific resource, such as a specific
CPU. The TS_MAX_QUEUE notify conveys that the peer is unwilling to
create more additional Child SAs for this particular negotiated
Traffic Selector combination.
Using multiple Child SAs with the same Traffic Selectors has the
benefit that each resource holding the Child SA has its own Sequence
Number Counter, ensuring that CPUs don't have to synchronize their
cryptographic state or disable their packet replay protection.
This document is a product of the IP Security Maintenance and Extensions
Working Group of the IETF.
This is now a Proposed Standard.
STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements. Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the
standardization state and status of this protocol. Distribution of this
memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://www.ietf.org/mailman/listinfo/ietf-announce
https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org
