Sign in
Version 5.13.0, 2015-03-25
Report a bug

Negotiation for Keying Pairwise Routing Protocols in IKEv2

Document type: Expired Internet-Draft (individual)
Document stream: No stream defined
Last updated: 2014-05-19 (latest revision 2013-11-15)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

Stream State:No stream defined
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


This document describes a mechanism to secure the routing protocols which use unicast to transport their signaling messages. Most of such routing protocols are TCP-based (e.g., BGP and LDP), and the TCP Authentication Option (TCP-AO) is primarily employed for securing the signaling messages of these routing protocols. There are also two exceptions: BFD which is over UDP or MPLS, and RSVP-TE which is over IP (but employs an integrated approach to protecting the signaling messages instead of using IPsec). The proposed mechanism secures pairwise TCP-based Routing Protocol (RP) associations, BFD associations and RSVP-TE associations using the IKEv2 Key Management Protocol (KMP) integrated with TCP-AO, BFD, and RSVP-TE respectively. Included are extensions to IKEv2 and its Security Associations to enable its key negotiation to support TCP-AO, BFD, and RSVP-TE.


Mahesh Jethanandani <>
Brian Weis <>
Keyur Patel <>
Dacheng Zhang <>
Sam Hartman <>
Uma Chunduri <>
Albert Tian <>
Joseph Touch <>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)