@techreport{ponchon-ipsecme-anti-replay-subspaces-03, number = {draft-ponchon-ipsecme-anti-replay-subspaces-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ponchon-ipsecme-anti-replay-subspaces/03/}, author = {Paul Ponchon and Mohsin Shaikh and Hadi Dernaika and Pierre Pfister and Guillaume Solignac}, title = {{IPsec and IKE anti-replay sequence number subspaces for traffic-engineered paths and multi-core processing}}, pagetotal = 13, year = 2023, month = oct, day = 23, abstract = {This document discusses the challenges of running IPsec with anti- replay in multi-core environments where packets may be re-ordered (e.g., when sent over multiple IP paths, traffic-engineered paths and/or using different QoS classes). A new solution based on splitting the anti-replay sequence number space into multiple different sequencing subspaces is proposed. Since this solution requires support on both parties, an IKE extension is proposed in order to negotiate the use of the anti-replay sequence number subspaces.}, }