Hi Paul,
Let me try once more to explain how to use draft-pwouters-multi-sa-performance
for load balancing paths.
At the moment, the draft and Linux XFRM code only cover per CPU queuing. So
forget the CPU use case for now! Let’s focus on network path diversity.
Just like you said, the IPsec pee
On Tue, 16 Nov 2021, Antony Antony wrote:
When traffic arrives, IPsec gateway compute the hash. If there is no SA for
that hash index, use the Fallback SA and send a SADB_ACQUIE to IKE daemon. IKE
daemon will negotiate a new perPath SA for that index. Once a perPath SA is
installed, the traff
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : A YANG Data Model for IP Traffic Flow Security
Authors : Don Fedyk
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Definitions of Managed Objects for IP Traffic Flow
Security
Authors : Don Fedyk
Hi
Thanks for the comments and feedback. I have uploaded versions to address the
comments on both the YANG and corresponding MIB document.
Don
-Original Message-
From: Tero Kivinen
Sent: Sunday, November 14, 2021 9:32 AM
To: Christian Hopps
Cc: Don Fedyk ; ipsec@ietf.org
Subject
