Protocol Support for High Availability of IKEv2/IPsec
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, ipsecme mailing list <firstname.lastname@example.org>, ipsecme chair <email@example.com> Subject: Protocol Action: 'Protocol Support for High Availability of IKEv2/IPsec' to Proposed Standard (draft-ietf-ipsecme-ipsecha-protocol-06.txt) The IESG has approved the following document: - 'Protocol Support for High Availability of IKEv2/IPsec' (draft-ietf-ipsecme-ipsecha-protocol-06.txt) as a Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Sean Turner and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-ipsecme-ipsecha-protocol/
Technical Summary The IPsec protocol suite is widely used for business-critical network traffic. In order to make IPsec deployments highly available, more scalable and failure-resistant, they are often implemented as IPsec High Availability (HA) clusters. However there are many issues in IPsec and IKEv2 HA clustering. This document proposes an extension to the IKEv2 protocol to solve the main issues raised in the "IPsec Cluster Problem Statement" for the commonly deployed hot- standby cluster, and provides implementation advice for other issues. The main issues to be solved are the synchronization of IKEv2 Message ID counters, and of IPsec Replay Counters. Working Group Summary There were no notable issues with the WG process. The initial document review was more than satisfactory. More recently the WG has had a lower level of energy, and consequently fewer reviews of ongoing work. Document Quality We are not aware of implementations of this protocol. However this protocol is solving a set of well-known issues, so we expect vendors to implement it as IKEv2 becomes mainstream. Personnel Yaron Sheffer (firstname.lastname@example.org) is the document shepherd. Sean Turner (email@example.com) is the responsible AD. Tero Kivinen (firstname.lastname@example.org) is the expert reviewer.