Skip to main content

Protocol Support for High Availability of IKEv2/IPsec
RFC 6311

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>,
    ipsecme mailing list <>,
    ipsecme chair <>
Subject: Protocol Action: 'Protocol Support for High Availability of IKEv2/IPsec' to Proposed Standard (draft-ietf-ipsecme-ipsecha-protocol-06.txt)

The IESG has approved the following document:
- 'Protocol Support for High Availability of IKEv2/IPsec'
  (draft-ietf-ipsecme-ipsecha-protocol-06.txt) as a Proposed Standard

This document is the product of the IP Security Maintenance and
Extensions Working Group.

The IESG contact persons are Sean Turner and Stephen Farrell.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

The IPsec protocol suite is widely used for business-critical network
traffic. In order to make IPsec deployments highly available, more scalable and
failure-resistant, they are often implemented as IPsec High Availability (HA)
clusters. However there are many issues in IPsec and IKEv2 HA clustering. This
document proposes an extension to the IKEv2 protocol to solve the main issues
raised in the "IPsec Cluster Problem Statement" for the commonly deployed hot-
standby cluster, and provides implementation advice for other issues.  The main
issues to be solved are the synchronization of IKEv2 Message ID counters, and of
IPsec Replay Counters.

Working Group Summary

There were no notable issues with the WG process. The initial document
review was more than satisfactory. More recently the WG has had a lower level of
energy, and consequently fewer reviews of ongoing work.

Document Quality

We are not aware of implementations of this protocol. However this
protocol is solving a set of well-known issues, so we expect vendors to
implement it as IKEv2 becomes mainstream. 


Yaron Sheffer ( is the document shepherd.
Sean Turner ( is the responsible AD.
Tero Kivinen ( is the expert reviewer.

RFC Editor Note