[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Increased sequence number in ESP/AH

To: Dan Harkins <dharkins@cips.nokia.com>
Subject: Re: Increased sequence number in ESP/AH
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Tue, 23 Jan 2001 15:17:43 -0500
cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Tue, 23 Jan 2001 11:23:30 PST." <200101231923.LAA18858@potassium.network-alchemy.com>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

>   While we're on the subject of sequence numbers and IKE negotiation
> I'd like to make use of them negotiable. Right now the sender must always
> send them even if the recipient is not using them. Parallelization of
> IPsec processing is much easier if both sides can agree to forgo the
> benefits of the anti-replay check.

If all you care about is performance, it's even faster if you leave
out the crypto. :-)

If you want to avoid multiple crypto engines single-threading on the
counter increment, negotiate multiple equivalent SA's and load-balance
across the SA's..

					- Bill

Follow-Ups:

Re: Increased sequence number in ESP/AH

From: Dan Harkins <dharkins@cips.nokia.com>

References:

Re: Increased sequence number in ESP/AH

From: Dan Harkins <dharkins@cips.nokia.com>

Prev by Date: Re: Increased sequence number in ESP/AH
Next by Date: Re: Increased sequence number in ESP/AH
Prev by thread: Re: Increased sequence number in ESP/AH
Next by thread: Re: Increased sequence number in ESP/AH
Index(es):
- Main
- Thread