Protocol Support for High Availability of IKEv2/IPsec

Citations Over Time

Abstract

The protocol suite is widely used for the deployment of virtual private networks (VPNs). In order to make such VPNs highly available, more scalable and failure-resistant, these VPNs are implemented as IPsec High Availability (HA) clusters. However there are many issues in HA clustering, and in particular in IKEv2 clustering. An earlier document, IPsec Cluster Problem Statement, enumerates the issues encountered in the IKEv2/IPsec HA cluster environment. This document attempts to resolve these issues with the least possible change to the protocol. This document proposes an extension to the IKEv2 protocol to solve the main issues of IPsec Cluster Problem Statement in the commonly deployed hot-standby cluster, and provides implementation advice for other issues. The main issues to be solved are the synchronization of IKEv2 Message ID counters, and of IPsec Replay Counters.

Related Papers

• A Kind of Implementation of VPN Based on IPSec(2005)
• Research of VPN Based on IPsec(2008)
• The Virtual Private Network Based on IPSec(2006)
• Susquehanna Chorale Spring Concert "Roots and Wings"(2017)
• → DETERMINING QUALITY REQUIREMENTS AT THE UNIVERSITIES TO IMPROVE THE QUALITY OF EDUCATION(2018)