The IPsec protocol suite is widely used for business-critical network
traffic. In order to make IPsec deployments highly available, more scalable and
failure-resistant, they are often implemented as IPsec High Availability (HA)
clusters. However there are many issues in IPsec and IKEv2 HA clustering. This
document proposes an extension to the IKEv2 protocol to solve the main issues
raised in the "IPsec Cluster Problem Statement" for the commonly deployed hot-
standby cluster, and provides implementation advice for other issues. The main
issues to be solved are the synchronization of IKEv2 Message ID counters, and of
IPsec Replay Counters.
Working Group Summary
There were no notable issues with the WG process. The initial document
review was more than satisfactory. More recently the WG has had a lower level of
energy, and consequently fewer reviews of ongoing work.
We are not aware of implementations of this protocol. However this
protocol is solving a set of well-known issues, so we expect vendors to
implement it as IKEv2 becomes mainstream.
Yaron Sheffer (email@example.com) is the document shepherd.
Sean Turner (firstname.lastname@example.org) is the responsible AD.
Tero Kivinen (email@example.com) is the expert reviewer.