[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Increased sequence number in ESP/AH



Mike,

We're looking at 10 Gb/s IPsec implementations. At that speed, if one 
were to send minimum size packets over a single SA (a worst case 
scenario, I admit) the SA would run out of sequence number space in a 
few minutes. So, to avoid the cost of rekeying the SA (and migrating 
the traffic to the new SA), I suggest that we extend the sequence 
number space.

Steve


Follow-Ups: References: