1. I didn't want to make ha-03 dependent on bis, but since bis is now approved, we may as well do it.
2. OK 3. It should be out of scope, because this is internal to the cluster. We are not going to require a peer to accept having two SAs with the same SPIs with the same peer, so it's up to the members to prevent this using their own out-of-scope method. It is possible to mention this and then say that it's out of scope, if people think this is necessary. Yoav -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jean-Michel Combes Sent: Wednesday, May 26, 2010 4:22 PM To: Yaron Sheffer Cc: IPsecme WG Subject: Re: [IPsec] Working Group LC: draft-ietf-ipsecme-ipsec-ha-03 Hi, please, find my review of this document: 1. Introduction IKEv2, as described in [RFC4306] and [RFC4718], and IPsec, as described in [RFC4301] and others, allows deployment of VPNs between different sites as well as from VPN clients to protected networks. <JMC> Instead of mentioning [RFC4306) and [RFC4718], maybe replace with [draft-ietf-ipsecme-ikev2bis]? <JMC> [snip] 2. Terminology [snip] "Failover" is the event where a one member takes over some load from some other member. In a hot standby cluster, this hapens when a standby memeber becomes active due to a failure of the former active <JMC> s/memeber/member <JMC> [snip] 3. The Problem Statement <JMC> I didn't see anything about potential collisions (e.g. SPI for a specific SA on a member of the cluster is already used on another member) during a failover: is such an issue out of scope? <JMC> Thanks in advance for your reply. Best regards. JMC. 2010/5/25 Yaron Sheffer <[email protected]>: > With 5 more days to go, this is a quick reminder to review the problem > statement draft so we can move it along, and get to the juicy protocol > stuff. > > This time around, we will take silence as agreement. > > Thanks, > Yaron > > On 05/16/2010 03:53 PM, Yaron Sheffer wrote: >> >> This is to begin a 2 week working group last call for >> draft-ietf-ipsecme-ipsec-ha-03 >> (http://tools.ietf.org/html/draft-ietf-ipsecme-ipsec-ha-03). The target >> status for this document is Informational. >> >> Please send your comments to the ipsec list by May 30, 2010, as >> follow-ups to this message. >> >> Brief comments of the form: "I have read this draft and it looks fine" >> are also welcome. >> >> Quick heads up: this is a requirements definition draft. Once we have >> determined consensus around it, we would like to move forward with >> solutions. Individual solution drafts are welcome as usual, but we would >> like to establish at some point a design team to hash out a common >> solution document. Let us know by private mail if you're interested. >> >> Thanks, >> Yaron > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec Scanned by Check Point Total Security Gateway. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
