Technology Whiteboard: IKEv1 vs. IKEv2

Friday, February 9, 2018

IKEv1 vs. IKEv2

IKEv1 and v2 aren't interoperable
Fragmentation

In IKEv1, large packets are encrypted then segmented. The segments are encapsulated in UDP packets
In IKEv2, large packets are segmented then segments are encrypted.

Delete Notification

In IKEv1, delete notifications aren't acknowledged. Once delete is sent, SA will be deleted from local SAD
In IKEv2, delete notifications are acknowledged. The initiator will wait for ACK or re-Xmit timeout before deleting SA from SAD

This is resolved if DPD is used

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)