Hello ipsecme folks ! Here is a new version of the anti-replay subspaces draft.
We are also happy to announce that we are currently working on two different implementations, one of which is on the open-source VPP data-plane. Here is a list of the changes in this new version: * Clarification of how this draft relates to ESN. * Using subspace IDs from 0 to N, where N is the number of subspaces negociated (For performance optimization). * Added Hadi Dernaika author, who is working on the VPP implementation. * Editorial nits Many thanks to the folks who have supported the draft so far and provided reviews. Since we are planning to start deploying this technology in the coming months, we are extremely eager to get actionable feedback from the working group. In particular, we would like to know if this is something the working group would like to adopt and continue working on, or if there are concerns that we need to discuss. Many thanks. De : internet-dra...@ietf.org <internet-dra...@ietf.org> Date : lundi, 10 juillet 2023 à 11:57 À : Guillaume Solignac (gsoligna) <gsoli...@cisco.com>, Hadi Dernaika <hb...@mail.aub.edu>, Mohsin Shaikh (mohsisha) <mohsi...@cisco.com>, Paul Ponchon (pponchon) <pponc...@cisco.com>, Pierre Pfister (ppfister) <ppfis...@cisco.com> Objet : New Version Notification for draft-ponchon-ipsecme-anti-replay-subspaces-02.txt A new version of I-D, draft-ponchon-ipsecme-anti-replay-subspaces-02.txt has been successfully submitted by Pierre Pfister and posted to the IETF repository. Name: draft-ponchon-ipsecme-anti-replay-subspaces Revision: 02 Title: IPsec and IKE anti-replay sequence number subspaces for traffic-engineered paths and multi-core processing Document date: 2023-07-10 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-02.txt Status: https://datatracker.ietf.org/doc/draft-ponchon-ipsecme-anti-replay-subspaces/ Htmlized: https://datatracker.ietf.org/doc/html/draft-ponchon-ipsecme-anti-replay-subspaces Diff: https://author-tools.ietf.org/iddiff?url2=draft-ponchon-ipsecme-anti-replay-subspaces-02 Abstract: This document discusses the challenges of running IPsec with anti- replay in multi-core environments where packets may be re-ordered (e.g., when sent over multiple IP paths, traffic-engineered paths and/or using different QoS classes). A new solution based on splitting the anti-replay sequence number space into multiple different sequencing subspaces is proposed. Since this solution requires support on both parties, an IKE extension is proposed in order to negotiate the use of the anti-replay sequence number subspaces. The IETF Secretariat
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
