[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Increased sequence number in ESP/AH



Dan Harkins wrote:

> I actually think Bill Sommerfeld's suggestion to negotiate multiple
> equivalent SAs (N SAs for N degrees of parallelism) is better. The trouble
> of parallelizing the processing is taken out of IPsec and left in the
> loadbalanceing code. That's seems cleaner and doesn't require changing
> anything: the receive window and receiver processing is as it was, the
> sender just does his simple 32bit add for the SA he owns, and IKE can
> already negotiate N SAs for a particular flow.
> 
> I'll shelve my proposal for now. Thanks,
> 
>   Dan.

It is indeed but by curiosity, what is the difference between negotiating 20 SA's every 20 hours instead of one every hour ?


References: