Hi Mahdi, I plan to add the missing API messages soon. As for the ikev2_initiate_sa_init returning always success will probably stay as is for now, returning an actual result of session initiation requires (probably big) architectural change for that message. Also initiate_sa_init does send INIT messages on regular basis until connection is established. The issue that responder isn't able to send requests is also known and will be addressed as well.
Thanks, Filip ________________________________ From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> on behalf of Mahdi Varasteh <mahdy.varas...@gmail.com> Sent: Sunday, May 31, 2020 7:51 AM To: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> Subject: [vpp-dev] questions on IKEv2 Hello VPP folks! I'm using VPP 20.01 stable release. Regarding IKEv2 plugin, I've got some questions about its design and applications( in present and in future). The first thing i've noticed, is the API. There are no dumps nor status of profiles/ SAs. I issue a ikev2_initiate_sa_init, and it always returns success. But if the responder is not available in that time, the tunnel is not established. The second thing, is in fact the ikev2_initiate_sa_init itself( it's somehow the first question). I believed on failure, it will retransmit the packets on regular basis until the tunnel is established. After looking the code, I realized it's a one-shot thing. I've seen a routine-checking approach is used for SA rekeying( and in the recent version, for DPD). Is there a chance that the same thing can happen for ikev2_initiate_sa_init? Or it's a design choice? I'll be really glad to hear the IKEv2 plugin's design and goals so i can make my plannings. There are some minor problems i've encountered which, based on changes in 20.05 release, seems will get fixed in the future releases( like the one that Initiator always requests and Responder always respond. which make SA removing from responder a problem). IKEv2 is a great plugin and it's improving each day passing. So i just want a little clarification about its roadmap. And of course its API. Because current API in 20.01( and as i've looked in 20.05) is not very usable for clients. I'd be glad if I could make contributions to improve functionality of this plugin.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16603): https://lists.fd.io/g/vpp-dev/message/16603 Mute This Topic: https://lists.fd.io/mt/74577612/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
