A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, ipsecme mailing list <email@example.com>, ipsecme chair <firstname.lastname@example.org> Subject: Protocol Action: 'A Quick Crash Detection Method for IKE' to Proposed Standard (draft-ietf-ipsecme-failure-detection-08.txt) The IESG has approved the following document: - 'A Quick Crash Detection Method for IKE' (draft-ietf-ipsecme-failure-detection-08.txt) as a Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Sean Turner and Tim Polk. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-ipsecme-failure-detection/
Technical Summary When an IPsec tunnel between two IKEv2 peers is disconnected due to a restart of one peer, it can take as much as several minutes for the other peer to discover that the reboot has occurred. This delays the recovery of the tunnel. This document describes an IKEv2 extension that allows discovery of the reboot almost immediately after the rebooted system is active again. Working Group Summary There was consensus both that this is a problem that needs to be solved and for the proposed solution. Document Quality Some vendors expressed interest in implementing this in their IPsec gateways. Personnel Paul Hoffman (email@example.com) is the document shepherd. Sean Turner (firstname.lastname@example.org) is the responsible AD. Tero Kivinen (email@example.com) is the expert reviewer.