IKEv2 support for per-queue Child SAs
draft-pwouters-ipsecme-multi-sa-performance-05
Document | Type |
Replaced Internet-Draft
(ipsecme WG)
Expired & archived
|
|
---|---|---|---|
Authors | Antony Antony , Tobias Brunner , Steffen Klassert , Paul Wouters | ||
Last updated | 2022-12-07 (Latest revision 2022-11-08) | ||
Replaces | draft-pwouters-multi-sa-performance | ||
Replaced by | draft-ietf-ipsecme-multi-sa-performance | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | Adopted by a WG | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-ietf-ipsecme-multi-sa-performance | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document defines three Notify Message Type Payloads for the Internet Key Exchange Protocol Version 2 (IKEv2) indicating support for the negotiation of multiple identical Child SAs to optimize performance. The CPU_QUEUES notification indicates support for multiple queues or CPUs. The CPU_QUEUE_INFO notification is used to confirm and optionally convey information about the specific queue. The TS_MAX_QUEUE notify conveys that the peer is unwilling to create more additional Child SAs for this particular Traffic Selector set. Using multiple identical Child SAs has the benefit that each stream has its own Sequence Number Counter, ensuring that CPUs don't have to synchronize their crypto state or disable their packet replay protection.
Authors
Antony Antony
Tobias Brunner
Steffen Klassert
Paul Wouters
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)