Protocol Extensions
The IETF ipsecme working group has standardized a number of extensions, with the goal of modernizing the IKEv2 protocol and adapting it better to high volume, production environments. These extensions include:
- IKE session resumption: the ability to resume a failed IKE/IPsec "session" after a failure, without the need to go through the entire IKE setup process (RFC 5723).
- IKE redirect: redirection of incoming IKE requests, allowing for simple load-balancing between multiple IKE endpoints (RFC 5685).
- IPsec traffic visibility: special tagging of ESP packets that are authenticated but not encrypted, with the goal of making it easier for middleboxes (such as intrusion detection systems) to analyze the flow (RFC 5840).
- Mutual EAP authentication: support for EAP-only (i.e., certificate-less) authentication of both of the IKE peers; the goal is to allow for modern password-based authentication methods to be used (RFC 5998).
- Quick crash detection: minimizing the time until an IKE peer detects that its opposite peer has crashed (RFC 6290).
- High availability extensions: improving IKE/IPsec-level protocol synchronization between a cluster of IPsec endpoints and a peer, to reduce the probability of dropped connections after a failover event (RFC 6311).
Read more about this topic: Internet Key Exchange
Famous quotes containing the word extensions:
“The psychological umbilical cord is more difficult to cut than the real one. We experience our children as extensions of ourselves, and we feel as though their behavior is an expression of something within us...instead of an expression of something in them. We see in our children our own reflection, and when we dont like what we see, we feel angry at the reflection.”
—Elaine Heffner (20th century)