On Aug 26, 2011, at 11:06 AM, Prashant Batra (prbatra) wrote: > Hello, > > RFC-4555 (IKEv2 Mobility and Multihoming Protocol (MOBIKE)) defines the > extension of IKEv2 to support mobile users to offer seamless services when > connected using IPSec > and also the support for SCTP multi-homing in override mode. > > To support a load-share model for SCTP(2 associations) or for that matter for > any transport protocol between 2 gateways/nodes, 2 IKEv2 tunnels are needed > between the same pair of gw/nodes. > According to the current standards, the same pair of gateways has to go > through complete IKEv2 exchange twice(atleast 2, INIT and AUTH) to provide > such a service. > So, speaking the number of IKEv2 and IPSec tunnels needed between the > gateways will increase with the increase in the amount of load-sharing and > thus time to establish these tunnels. > > Going by the fact that the identity at both the gateways would be > authenticated in the first tunnel establishment, is there a better way to > achieve load-sharing?
By "better" I assume you mean "more efficient". If so, there probably is a "better" way to do it, but at the cost of greater complexity. I vaguely remember this being discussed in MOBIKE, but dismissed as too complicated for the value. Others here might remember more. --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
