Skip to main content

Protocol Support for High Availability of IKEv2/IPsec
RFC 6311

Revision differences

Document history

Date By Action
2020-01-21
(System) Received changes through RFC Editor sync (added Verified Errata tag)
2018-12-20
(System)
Received changes through RFC Editor sync (changed abstract to 'The IPsec protocol suite is widely used for business-critical network traffic. In order to make IPsec …
Received changes through RFC Editor sync (changed abstract to 'The IPsec protocol suite is widely used for business-critical network traffic. In order to make IPsec deployments highly available, more scalable, and failure-resistant, they are often implemented as IPsec High Availability (HA) clusters. However, there are many issues in IPsec HA clustering, and in particular in Internet Key Exchange Protocol version 2 (IKEv2) clustering. An earlier document, "IPsec Cluster Problem Statement", enumerates the issues encountered in the IKEv2/IPsec HA cluster environment. This document resolves these issues with the least possible change to the protocol.

This document defines an extension to the IKEv2 protocol to solve the main issues of "IPsec Cluster Problem Statement" in the commonly deployed hot standby cluster, and provides implementation advice for other issues. The main issues solved are the synchronization of IKEv2 Message ID counters, and of IPsec replay counters. [STANDARDS-TRACK]')
2017-05-16
(System) Changed document authors from "Yaron Sheffer, Dacheng Zhang, Yoav Nir" to "Yaron Sheffer, Dacheng Zhang, Yoav Nir, Kalyani Garigipati, Rajeshwar Jenwar"
2016-11-30
Wesley Eddy Closed request for Last Call review by TSVDIR with state 'Unknown'
2015-10-14
(System) Notify list changed from ipsecme-chairs@ietf.org, draft-ietf-ipsecme-ipsecha-protocol@ietf.org to (None)
2011-07-14
Cindy Morgan State changed to RFC Published from RFC Ed Queue.
2011-07-13
(System) RFC published