IKEv2 SA Synchronization for session resumption

Document Type Expired Internet-Draft (individual)
Last updated 2008-10-07
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


It will take a long time and mass computation to do session resumption among IKE/IPsec gateways possibly maintaining huge numbers of IKEv2/IPsec SAs, when the serving gateway fails or over-loaded. The major reason is that the prcocedure of IKEv2 SA re-establishment will incur a time-consuming computation especially in the Diffie- Hellman exchange. In this draft, a new IKE security associations synchronization solution is proposed to do fast IKE SA session resumption by directly transferring the indexed IKE SA (named stub) from old gateway to new gateway, wherein the most expensive Diffie- Hellman calculation can be avoided. Without some time-consuming IKEv2 exchanges, the huge amount of IKE/IPsec SA session resumption procedures can be finished in a short time.


Yan Xu (xydkl@163.com)
Peng Yang (peng.yang.chn@gmail.com)
Yuanchen Ma (ycma@hitachi.cn)
Hui Deng (denghui@chinamobile.com)
Hui Deng (xuke@mail.tsinghua.edu.cn)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)