HI Martin,<div><br></div><div>I have a requirement where I need to update the status of IKE to the ESP packet processing in a HA scenario. IKE and ESP processing runs on different cores. The only means to syncronize IKE and ESP Processing is via tables where tables updation is done by IKE and tables look ups by ESP processing. The tables are shared between IKE and ESP. </div>
<div><br></div><div>I could see the ha_message.h in strongswan sending messages to nodes in HA scenarios but in my case I need to update the tables so the ESP would timely update this. I don't have any IPC mechnisms to use apart from tables.</div>
<div><br></div><div>So was the reason I posted in my previous message on the chances of an IKE MIB so I could use the structures to update ESP Processing. But as Andreas confirmed of no MIB. </div><div><br></div><div>Please help me on the list of IKE structures for ike_keys(),ike_updown(),ike_<u></u>rekey(),message(),child_keys()<u></u>,child_state_change() hooks</div>
<div><br></div><div>Thanks,</div><div>KC</div><div><br></div><div><br><div class="gmail_quote">On Fri, Jul 27, 2012 at 3:39 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Krishna,<br>
<br>
strongSwan offers a High Availability Solution based on a Cluster of<br>
two physical hosts:<br>
<br>
<a href="http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability" target="_blank">http://wiki.strongswan.org/<u></u>projects/strongswan/wiki/<u></u>HighAvailability</a><br>
<br>
With this solution the VPN clients are not aware of the redundant<br>
hardware. They just connect to a virtual VPN gateway having a constant<br>
Layer3 IP and Layer2 MAC address. Therefore we don't need RFC 6311<br>
for synchronisation. The update of ESP sequence numbers is continuously<br>
done via Linux Cluster IP where both gateways get all ESP packets<br>
but only half of them are actually processed by each host.<br>
<br>
The mirroring of IKE and ESP keys is donevia a proprietary socket<br>
protocol over a either a dedicated or ESP-encrypted public network<br>
link between the two gateways. Therefore we provide hooks where<br>
ESP keying data can be extracted, although not in the form of<br>
an official SNMP MIB.<br>
<br>
For more information on HA please contact Martin Willi.<br>
<br>
Best regards<br>
<br>
Andreas<div class="im"><br>
<br>
On 07/27/2012 08:18 AM, krishna chaitanya wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Hi Team,<br>
<br>
On more query on the above request . Does strongswan support rfc 6027<br>
and rfc 6311 . Thanks<br>
<br>
On Thu, Jul 26, 2012 at 6:59 PM, krishna chaitanya<br>
<<a href="mailto:krishnachaitanya.sanapala@gmail.com" target="_blank">krishnachaitanya.sanapala@<u></u>gmail.com</a><br></div><div class="im">
<mailto:<a href="mailto:krishnachaitanya.sanapala@gmail.com" target="_blank">krishnachaitanya.<u></u>sanapala@gmail.com</a>>> wrote:<br>
<br>
Hi Team,<br>
<br>
Does strongswan support any kind of MIB(Tables/Datastructures) for<br></div>
*IKE monitoring*, reason being to update the ESP processing in case<br>
of *High Availability .*<br>
*<div class="im"><br>
*<br>
I could see hooks in the form<br>
of ike_keys(),ike_updown(),ike_<u></u>rekey(),message(),child_keys()<u></u>,child_state_change()<br>
but does strongswan maintain any MIB's/Tables.<br>
<br></div>
*I have a requirement where have to update ESP packet processing<br>
via Tables and not by any IPC mechanism. *<br>
<br>
Please advise.<br>
<br>
Thanks,<br>
KC<br>
</blockquote>
==============================<u></u>==============================<u></u>==========<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
==============================<u></u>=============================[<u></u>ITA-HSR]==<br>
</blockquote></div><br></div>