How about the following text? 3.8 Allocation of SPIs SPIs for child and IKE SAs MUST be unique with the same peer. However, in a cluster, both members may create SAs and assign SPIs to them, so a collision is possible. We believe that peers should not be required to accept duplicate SPIs for different SAs, and that this needs to be prevented by the cluster members by some out-of-scope method.
Yoav -----Original Message----- <snip/> 3. The Problem Statement <JMC> I didn't see anything about potential collisions (e.g. SPI for a specific SA on a member of the cluster is already used on another member) during a failover: is such an issue out of scope? <JMC> <snip/> _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
