IKEv2 SA Synchronization for session resumption
draft-xu-ike-sa-sync-01

Document Type Expired Internet-Draft (individual)
Last updated 2008-10-07
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-xu-ike-sa-sync-01.txt

Abstract

It will take a long time and mass computation to do session resumption among IKE/IPsec gateways possibly maintaining huge numbers of IKEv2/IPsec SAs, when the serving gateway fails or over-loaded. The major reason is that the prcocedure of IKEv2 SA re-establishment will incur a time-consuming computation especially in the Diffie- Hellman exchange. In this draft, a new IKE security associations synchronization solution is proposed to do fast IKE SA session resumption by directly transferring the indexed IKE SA (named stub) from old gateway to new gateway, wherein the most expensive Diffie- Hellman calculation can be avoided. Without some time-consuming IKEv2 exchanges, the huge amount of IKE/IPsec SA session resumption procedures can be finished in a short time.

Authors

Yan Xu (xydkl@163.com)
Peng Yang (peng.yang.chn@gmail.com)
Yuanchen Ma (ycma@hitachi.cn)
Hui Deng (denghui@chinamobile.com)
Hui Deng (xuke@mail.tsinghua.edu.cn)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)