[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question on SA Bundle
Lokesh
At 03:24 PM 4/8/03 +0530, Lokesh wrote:
>Hi all,
>I have a question on Ipsec.
>SA's are bundled in SABundle. and there can be multiple SA Bundles
>existing linked together
>in a SPD entry.
>
>1] under what conditions it is decided that a new SA created should be
>bundled in a New SABundle? not in a existing one?
The SA is negotiated (created) in two events:
1) where an SA doesn't exist for a flow, New SA.
2) the second case is because of an SA expiry timer.
The first case is a simple case and there shouldn't be any issues with
this. But in second case you might run
into som problems like whether you should hold-on or delete the old SA ?
And which one to use in case of
IPSec processing. And for more information about this refer to rekeying
isses draft.
>can anyone point me to literature on this or similar issue ? ( that is
>regarding SPD and SA Bundles)
-cheers
-ramana