{"draft":"draft-ietf-ipsecme-ipsecha-protocol-06","doc_id":"RFC6311","title":"Protocol Support for High Availability of IKEv2\/IPsec","authors":["R. Singh, Ed.","G. Kalyani","Y. Nir","Y. Sheffer","D. Zhang"],"format":["ASCII","HTML"],"page_count":"26","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IP Security Maintenance and Extensions","abstract":"The IPsec protocol suite is widely used for business-critical network\r\ntraffic.  In order to make IPsec deployments highly available, more\r\nscalable, and failure-resistant, they are often implemented as IPsec\r\nHigh Availability (HA) clusters.  However, there are many issues in\r\nIPsec HA clustering, and in particular in Internet Key Exchange\r\nProtocol version 2 (IKEv2) clustering.  An earlier document, \"IPsec\r\nCluster Problem Statement\", enumerates the issues encountered in the\r\nIKEv2\/IPsec HA cluster environment.  This document resolves these\r\nissues with the least possible change to the protocol.\r\n\r\nThis document defines an extension to the IKEv2 protocol to solve the\r\nmain issues of \"IPsec Cluster Problem Statement\" in the commonly\r\ndeployed hot standby cluster, and provides implementation advice for\r\nother issues.  The main issues solved are the synchronization of\r\nIKEv2 Message ID counters, and of IPsec replay counters.  [STANDARDS-TRACK]","pub_date":"July 2011","keywords":["[--------]","IPsec high availability","load sharing","clustering","fail-over"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6311","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc6311"}