[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on SA Bundle

To: Lokesh <lokeshnb@intotoinc.com>, ipsec@lists.tislabs.com
Subject: Re: Question on SA Bundle
From: Ramana Yarlagadda <ramana.yarlagadda@analog.com>
Date: Tue, 08 Apr 2003 10:53:37 -0700
In-Reply-To: <5.1.0.14.0.20030408150612.0256cec0@172.16.1.10>
Sender: owner-ipsec@lists.tislabs.com

Lokesh

At 03:24 PM 4/8/03 +0530, Lokesh wrote:
>Hi all,
>I have a question on Ipsec.
>SA's are bundled in SABundle. and there can be multiple SA Bundles 
>existing linked together
>in a SPD entry.
>
>1]  under what conditions it is decided that a new SA created should be 
>bundled in a New SABundle? not in a existing one?

The SA  is negotiated (created) in two events:
1) where an SA doesn't exist for a flow, New SA.
2) the second case is because of an SA expiry timer.

The first case is a simple case and there shouldn't be any issues with 
this. But in second case you might run
into som problems like whether you should hold-on or delete the old SA ? 
And which one to use in case of
IPSec processing. And for more information about this refer to rekeying 
isses draft.

>can anyone point me to literature on this or similar issue ? ( that is 
>regarding SPD and SA Bundles)

-cheers
-ramana

References:
- Question on SA Bundle
  - From: Lokesh <lokeshnb@intotoinc.com>

Prev by Date: Question on SA Bundle
Next by Date: Re: Important question about draft-ietf-ipsec-doi-tc-mib-07.txt
Prev by thread: Question on SA Bundle
Next by thread: Re: Question on SA Bundle
Index(es):
- Date
- Thread