A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the IP Security Maintenance
and Extensions (IPSECME) WG of the IETF.
Title : IKEv2 support for per-queue Child SAs
Authors : Antony Antony
Tobias Brunner
Steffen Klassert
Paul Wouters
Filename : draft-ietf-ipsecme-multi-sa-performance-01.txt
Pages : 12
Date : 2023-06-06
Abstract:
This document defines three Notify Message Type Payloads for the
Internet Key Exchange Protocol Version 2 (IKEv2) indicating support
for the negotiation of multiple identical Child SAs to optimize
performance.
The CPU_QUEUES notification indicates support for multiple queues or
CPUs. The CPU_QUEUE_INFO notification is used to confirm and
optionally convey information about the specific queue. The
TS_MAX_QUEUE notify conveys that the peer is unwilling to create more
additional Child SAs for this particular Traffic Selector set.
Using multiple identical Child SAs has the benefit that each stream
has its own Sequence Number Counter, ensuring that CPUs don't have to
synchronize their crypto state or disable their packet replay
protection.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-multi-sa-performance/
There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-multi-sa-performance-01
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-ipsecme-multi-sa-performance-01
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
