[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Manual SA SPI range



At 02:27 PM 1/15/01 , Brian Swander wrote:
>Does anyone know if there is a hard specification in any of the RFCs
>that nails down ranges for manual SA SPIs?  I remember hearing that
>below 256 was set aside for manual SAs, but I cannot find text to that
>effect anywhere.

No, there is no specific range set aside for manual SPIs.  Of course,
since with IKE, a system selects the SPIs for SAs that it decrypts,
a system can set aside any range it wished for manual SPIs, and have
IKE always select SPIs outside that range for the SPIs it creates.

SPIs below 256 are not set aside for manual SAs.  0 is reserved
for an implementation's internal use (must not be sent on the wire),
and 1-255 are reserved for IANA's future use.  See RFC2402 (section
2.4) and RFC2406 (section 2.1) for the official pronouncements.

-- 
scott




References: