<?xml version="1.0" encoding="us-ascii"?>
  <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
  <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.2.13 -->

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC8174 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
<!ENTITY RFC7296 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7296.xml">
]>

<?rfc rfcedstyle="yes"?>
<?rfc toc="yes"?>
<?rfc tocindent="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc docmapping="yes"?>

<rfc docName="draft-mglt-ipsecme-multiple-child-sa-00" category="std">

  <front>
    <title abbrev="Multiple Child SA">Negotiation of multiple Child Security Association with the Internet Key Exchange Protocol Version 2 (IKEv2)</title>

    <author initials="D." surname="Migault" fullname="Daniel Migault">
      <organization>Ericsson</organization>
      <address>
        <postal>
          <street>8275 Trans Canada Route</street>
          <city>Saint Laurent, QC</city>
          <code>4S 0B6</code>
          <country>Canada</country>
        </postal>
        <email>daniel.migault@ericsson.com</email>
      </address>
    </author>
    <author initials="S." surname="Klassert" fullname="Steffen Klassert">
      <organization>Secunet</organization>
      <address>
        <postal>
          <street></street>
          <city></city>
          <code></code>
          <country></country>
        </postal>
        <email>steffen.klassert@secunet.com</email>
      </address>
    </author>

    <date year="2019" month="November" day="17"/>

    <area>security</area>
    <workgroup>ipsecme</workgroup>
    <keyword>Internet-Draft</keyword>

    <abstract>


<t>IPsec packet processing with one Security Association (SA) per core is
more efficient than having a SA shared by the multiple cores.</t>

<t>This document optimizes the negotiation of multiple unidirectional SAs
in order to minimize the impact SAs being shared by multiple cores.</t>



    </abstract>


  </front>

  <middle>


<section anchor="requirements-notation" title="Requirements Notation">

<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described BCP 14
<xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all
capitals, as shown here.</t>

</section>
<section anchor="sec-intro" title="Introduction">

<t>IPsec processing (on Linux) is more efficient with SA attached to a
given core as opposed to a SA shared by multiple cores. Suppose an
initiator and a responder respectively with n and p cores establish an
IPsec protected communication defined by Traffic Selectors (TSi, TSr).
IPsec processing performance may be increased if the initiator (resp.
the responder) processes IPsec packets via n (resp. p) distinct
unidirectional SAs rather than having a SA shared by the n (resp p)
cores.</t>

<t>Optimally the number of SAs is expected to be equal to the number of
cores which can be different for each peer. When peers have a different
number of cores, the number of SA is expected to be equal to the highest
number of cores to minimize context switching and the minimum number of
cores to optimize memory space. In fact, having fewer SAs than the
number of cores may result in switching the SA context to unused cores.
On the other hand, having a greater number of SAs results in a core
sharing multiple SAs for the same purpose, which does not improve
performances at the cost of an additional SA stored in the kernel.</t>

<t>Currently Child SA are agreed with IKEv2 <xref target="RFC7296"/> CREATE_CHILD_SA
exchange. Additional Child SAs (in our case n or p) would require n or p
CREATE_CHILD_SA exchanges that add multiple round trips carrying similar
payloads (TSi, TSr, SA) which is not necessary.</t>

<t>This document describes the MULTIPLE_CHILD_SA Notify Payload used in a
CREATE_CHILD_SA to indicate the support of Multiple SA Extension as well
as to agree on the additional number negotiated SA.</t>

</section>
<section anchor="protocol-exchange" title="Protocol Exchange">

<t>The support for Multiple Child SA extension as well as the number of
additional Child SAs is performed during the CREATE_CHILD_SA exchange
via the MULTIPLE_CHILD_SA Notify Payload.</t>

<t>The initiator indicates in a single MULTIPLE_CHILD_SA notification, the
requested additional number of SA (nChildSAi), the maximum number of Child SA
(maxChildSA) a responder is able to request, and a Nonce (SPIi_Nonce), that is
used to generate the SPIi associated to the SPIi of the Child SAs. The
initiator MUST chose the Nonce value such as SPIi associated to maxChildSA
remains available. The associated SPIi values are generated as follows:</t>

<figure><artwork><![CDATA[
{SPIi_1, ..., SPIi_maxChildSA} = prf+(SPIi_Nonce)



 initiator                         responder
 ------------------------------------------------------------------
 HDR, SK {IDi, [CERT,] [CERTREQ,]
     [IDr,] AUTH, SAi2, TSi, TSr,
     N(MULTIPLE_CHILD_SA(nChildSAi, maxChildSA, SPIi_Nonce))}  -->
]]></artwork></figure>

<t>Upon receiving a request for the CREATE_CHILD_SA exchange, the responder
builds the CREATE_CHILD_SA Response. The MULTIPLE_CHILD_SA Notify
Payload is processed only when the CREATE_CHILD_SA can be successfully
completed and that the responder supports the Multiple Child SA
extension. Otherwise the MULTIPLE_CHILD_SA Notify Payload is ignored.
Only the first encountered MULTIPLE_CHILD_SA notification is considered,
others are ignored.</t>

<t>Upon receiving the MULTIPLE_CHILD_SA Notify Payload, a responder indicates the
accepted number of additional SA (nChildSA) it is willing to generate.
nChildSAr MUST be equal or greater to nChildSAi and lower or equal to maxChildSA. In
addition, the responder provides a Nonce (SPIr_Nonce) that will be used to
generate the nChildSAs. maxChildSA is left unchanged. The responder MUST chose
Nonce such that the nChildSA SPIs are available. The SPIs are generated as
follows:</t>

<figure><artwork><![CDATA[
{SPIr_1, ..., SPIr_nChildSA} = prf+(SPIi_Nonce)

                 <--  HDR, SK {IDr, [CERT,] AUTH,
                          SAr2, TSi, TSr, 
                           N(MULTIPLE_CHILD_SA(nChildSA, maxChildSA, SPIr_Nonce))}
]]></artwork></figure>

<t>Initiator and responder generate material for ChildSA and nChildSA additional
Child SAs, e.g  KEYMAT, SPIi, SPIr, TSi, TSr. Note that material derived for
the Child SA is performed as defined in <xref target="RFC7296"/></t>

<t>KEYMAT for the Child SA as well as the nChildSAa are generated as follows, with
Ni, Nr provided in the IKE_AUTH exchange.  Note that the generation of KEYMAT
remains compatible with <xref target="RFC7296"/> section 2.17 for the Child SA.</t>

<texttable>
      <ttcol align='left'>{KEYMAT_ChildSA, KEYMAT_1&#8230;, KEYMAT_maxChildSA } = prf+(SK_d, Ni</ttcol>
      <ttcol align='left'>Nr)</ttcol>
</texttable>

<t>SPIs (SPIi_1, SPIi_nChildSA) and (SPIr_1, SPI_nChildSA) associated to the
nChildSA are generated as follows. The SPIs of the Child SA are SPIi, SPIr
provided in the SA2 payload exchanged.</t>

<t>{SPIi_1, &#8230;, SPIi_nChildSA} = prf+(SPIi_Nonce)
   {SPIr_1, &#8230;, SPIr_nChildSA} = prf+(SPIr_Nonce)</t>

<t>TSi, TSr have the same value for the Child SA and nChildSA additional Child
SAs.</t>

</section>
<section anchor="error-handling" title="Error Handling">

<t>There may be conditions when the responder for some reason is unable or
unwilling to create additional Child SAs.  This inability may be
temporary or permanent.</t>

<t>Temporary inability occurs when the responder doesn't have enough
resources at the moment to generate Child SAs. In this case, the
responder SHOULD reject the request to clone the IKE SA with the
TEMPORARY_FAILURE notification.</t>

<figure><artwork><![CDATA[
                           <--  HDR, SK {N(TEMPORARY_FAILURE)}
]]></artwork></figure>

<t>After receiving this notification, the initiator MAY retry its request
after waiting some period of time.  See Section 2.25 of <xref target="RFC7296"/> for
details.</t>

<t>In some cases, the responder may have restrictions on the number of
coexisting SAs with one peer.  These restrictions may be either implicit
(some devices may have enough resources to handle only a few SAs) or
explicit (provided by some configuration parameter).  If the initiator
wants more SAs than the responder is able or is configured to handle,
the responder SHOULD reject the request with the NO_ADDITIONAL_SAS
notification as defined in <xref target="RFC7296"/>.</t>

<figure><artwork><![CDATA[
                           <--  HDR, SK {N(NO_ADDITIONAL_SAS)}
]]></artwork></figure>

<t>This condition is considered permanent and the initiator SHOULD NOT
retry creating Child SAs until some of the existing SAs with the
responder are deleted. This condition is considered permanent and the
initiator SHOULD NOT retry cloning an IKE SA until some of the existing
SAs with the responder are deleted.</t>

</section>
<section anchor="payload-description" title="Payload Description">

<t>Figure 1 illustrates the Notify Payload packet format as described in
Section 3.10 of <xref target="RFC7296"/> used for both the MULTIPLE_CHILD_SA
notifications.</t>

<figure><artwork><![CDATA[
                       1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  | Next Payload  |C|  RESERVED   |         Payload Length        |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |  Protocol ID  |   SPI Size    |      Notify Message Type      |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |            nChildSA           |          maxChildSA           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                             SPI_Nonce                         |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                     Figure 1: Notify Payload
]]></artwork></figure>

<t>The fields Next Payload, Critical Bit, RESERVED, and Payload Length are
defined in <xref target="RFC7296"/>.  Specific fields defined in this document are:</t>

<t><list style="symbols">
  <t>Protocol ID (1 octet):  Set to zero.</t>
  <t>Security Parameter Index (SPI) Size (1 octet):  Set to zero.</t>
  <t>Notify Message Type (2 octets):  Specifies the type of notification
message.  It is set to TBD1 for the MULTIPLE_CHILD_SA notification.</t>
  <t>nChildSA (2 octets): number of set of SAs. The value set by the initiator
is nChildSAi and the one set by the responder is nChildSAr.</t>
  <t>maxChildSA (2 octets): Maximum number of acceptable set of SAs. This value
is set by the initiator and set to zero by the responder.</t>
</list></t>

<t>NOTES:
   &#8212; IKE_SA
   SKEYSEED = prf(Ni | Nr, g^ir)</t>

<t>{SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr}
                   = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
   &#8212; SAs
   KEYMAT = prf+(SK_d, Ni | Nr)</t>

</section>
<section anchor="iana-considerations" title="IANA Considerations">

<t>IANA has allocated two values in the "IKEv2 Notify Message Types -
 Status Types" registry:</t>

<figure><artwork><![CDATA[
   Value    Notify Messages - Status Types
 -----------------------------------------
   TBD1    MULTIPLE_CHILD_SA
]]></artwork></figure>

</section>
<section anchor="security-consideration" title="Security Consideration">

<t>The protocol defined in this document does not modify IKEv2.  Security
considerations. Generating multiple SA is equivalent as the
CREATE_CHILD_SA exchange described in <xref target="RFC7296"/>.</t>

</section>


  </middle>

  <back>

    <references title='Normative References'>

&RFC2119;
&RFC8174;
&RFC7296;


    </references>




  </back>

<!-- ##markdown-source:
H4sIAJYG0V0AA7VabXPbNhL+jl+BSz+c3Eqa2E2b1nN3U8VWLp74rZbTm0yn
54FJSMKFIlWAtK0m+e/37AIESb04zbRVp6FEAovF4tlnX+jBYCBKU2b6UJ7r
WVEaVZoil8VULqqsNMtMy6O5yVI50UllTbmSI+eKJAy7N+VclnMtT/JS21yX
8rVeyfFDMlf5TMtLW5RFUmTyJ20djT+QvZPX47uDPaFub62+O5Rna6uMRFok
uVpAn9SqaTlYzLJyYJZOJws9qHUaJDR64NTg6VMhhLJaHUoXNBT3s0MZZoh3
94dRucExSRSJKjG4TIVIitTkGFy5gXKJMWJpDoWUdpro1JUrMspKO9zBLlpf
TZ7qvKxvuMKWVk9d/L1adH6W1iRxcFIsFpgbn5o8M3lcBltfqOWSdaI7QlXl
vLCkE30G4UrTIOF4KM/MTMEk8b433LHKjc42HhYWYsfQBgeYx7vQT2vo993B
82/ktVW5k0cqV6mSV0VV6jgugWUP5USZvJSnqrLYRV/+eNQ8L1Is/Wwin774
tnWzykuLeV5kvK8XymQ4YVZ0uPCK/qCDbkNYafuWJ0P5OlPOabu+50mpp1Od
bz7mXRN4AYCNTccbg7V9bnvAG9z6wG9yy6OwT+eVG74Lyv3gvD68UXwGg4FU
t1BKJaUQJ5d4LJcqeQd/Wtoi0c4BEt7Zilxvd8XeZLQnl9pCHaulcWJBV6xr
EoOzgpeqXM7VHUlS8DPp5nCbVN6u2IGjt9N0N5RCXM+NI0RWBFhZLEuzML9p
x6PzHVRR5SY1Vif0QGVYxQmDETaFXmUhFyZnISzDLLDFksbIW01aNQqtKwOr
s40WJk0zDYN9Ia/0rxVWYmeS50XJupDSWr4DBd1jTSefnL2ZXD/p+6s8v+Dv
V+Mf35xcjY/p++TV6PQ0fvEjBH5cvDkNz+lbM/Po4uxsfH7sJ+OuXLt1NnqL
i8pT8eTi8vrk4nx0+gTIxX7btsQ2yRq3sAEx09LqEvtWGKFdYs0tfrw4upT7
z8T793+7enl0sL///ceP0v/4bv/5M/y4n+ucVwIislX4CbOuJAhEK0urqiwD
2S1NqTLXJ/luXtwDBNrqIdkQvGiLtOLTku+/AOoGhm59jBhswNfDkFOTVw97
wJZcwxYjE5BSZamSOdTH7pSYmTs4JMMRaxfLZeHCoy781k97UvFQbA7gMQSz
wvJOlcTzZZETmugb4exO0+5p/ZzHLL0UqV2pbjPj5iQm7qbEFCxKLAyoJh7A
qZ6Cg1kV8B9tCh6WYWRhnexdT0xfXk/s3nDTKHC3aWEXKk/gQGrlTzRBMKKN
mqmHedxCj3QeCroZ97FXi4PKbb938s4obMnPkcs9mRpXQngpNn1MWgWh9lMu
HqRBmIhOfkFuDZyEEdXiFnLg0SQV56wflt5iHq7wOayI753BXhogaJK5TKAC
RqYGhEcxQsJAUgMVMJa2Q/kfAJW/OtIUh9wMFc3yLLG/odOnVJqb2RwHvy6o
Qz1JAZ97KKUDaJBFkKkAG6ZAGlItNjaG2TX7yYUG9FfS4ZT0EA4kp+Cwfm30
qb7HRLIdHwWEbqhCMMEVkCcPbZQgBbDBWjusWeWVY6zSUYkLFicLPmgIT/vN
Sc+AOPDI2vH5VRwTAUsRBAeaER2OhtH5kGSHMCqXlSXX64fDTAtonBclcbUt
7rRoAd7B23liUriS1sSGVZqaCEtEvYLQZ7zm7ygFy8DlQN1RZenAgbo662NO
VNgIJrA3c5oYKO/5wfffgvKOrsaj6/HN0auT0+MbJIo6pJlDOWrWrQXCcyny
VIiH8EZJQYi86L6o8Nj64BHuijXBshbMx1jSrhqTWQR7wMUiv4Rka1ccuQCO
TFmxVKusUGmLNfqSwrK3pvG2zDX5u7Irb4tumK0jgA+zZ29Or08uT1uqIdKZ
6Upe+oUkI4QOeGMPABDSVKI4H20dkarlgzprjh+peqlzTs1B0fcaAUMx4Pko
EFp4butYA8Tq+K/J1BxLYqpfJ/8+FtfLEso2Un0Yem11una5RW07WlgsIBEK
pJWtHWjXQQoi099jUJ/3tEm7NmLwI6L9bJucnOSEiMLEJQhkICOK7Bv282zW
y3lLk5HZ81y3UA9dBmqqoh6ehdF7nUAIWyDQcUIRVuyHYHleUFzqTS5PzA1/
51UAaCSHVQjFM51rW2OERuIEfE7pn8fbhY9m8QyGEnZqxWfOsJI5xW0a59e+
U1lFGAD4cbBbxDebgrmQK6P4UHdImWlHvEJ7PM9nkY7potadU6dpkWXFvfNJ
OP/znje+35fD4bDPk2+a5T7KfyLyTr9qW4cy8VBq1Lva9Ynm9xMGf/jj5bw6
voKmr+X7k2PQx89H46vr/i/+iqy1/0usK+TPJ8cWj0Zvrl8RxZgDYptAOc2o
894GUBvM9VvWD/bxdtj7SDv6lxBvsEdsNdEmBJoAsBgzdvmbR3NjpNsKq7it
U654kAunvcs/RU145PkhYWplvlslh0wE6KPh0wpJDgL6AgTEkOGgH0JY402B
rwL9bvQmImEN5QVF4nsT8P5JpobiZpZTQKRYHvKtqbGwps65gtQULB8nFpKC
DMGZlAb3BWcD3hlq4RRS1s7t9+jX73JKJD0iMgUDLslmDS11A33EFGoDYhdE
8CzjlRuCGYp6UOCKmLsBS3UCg/ERnnxCcGla0DZpXoNZSr9ieFhDHIHkDlZy
HRq0AeD+4ElJ0iJQoehQYa0GeK5ZkbaW6WmJ1MzjPPWobZZtWFD4ZZn7Is5q
qeRt/tjW2C7eb3ObaLgtEpttE5u9yR+lta0U9g/U023CsQ3hMKtsnxU/OMc2
58hPDH+UijaYyEYmQiXaKQEbU8fjWhB0DNBBrFQbmMZGazdoFTF+9aUezqR8
PX57Nrr29OeXbjY1JB/R/vTiIlgaNWdKi4l2QOzmJFzL+6oSaUMnixXCr9mQ
aEyB13KgoL7aGez6nCqLc6h7HiEfE25k0Dd0krLJk1sbohFBZmjieLViHCaq
xDNKLTgh72zC+fJTHgz3n29sZOgDMP3/3gu9iYcbfu8zdMOPloM1+H19A046
N/IDtgYIs2P06ojO14Z06LB7tVPg2n60ns2IBhU7rNryxLWkh6c0SBHrFp+M
DmQoAaLROaXcno086rS/389t9PMauL6yjkWdz8I24bbdRfwAwdQnKbMfW4up
rzCcOJ3zYxvbHYhGfqJrAnHjo7SmKxZ0Szkfvqqcs1V4T5W3wkTCEWBDDZ9p
Sq6RDGaajNqefm1R6gViNQopruI0laUooVCNXMcHzZwiSSq7VUkqcvO/l95o
Oi+q2RxO4FA6torcRcHlWTtjbil4Ejp8VGrWyX8tPrQQrf4ffCYs7bMo2nZG
/dzgrXQo9QsVcT0+u7y4Gl29vXk5Ojl9czXuJALDHaS+i97PexvyiFtH05Jb
aU2m4GvUbiXTyofPRm8xvCTLlq7eiFAs5l5hFBXDdOA4DlOk7EBmQcwz0dy3
Dqxx8A096lAKEWqqS4RDNyTW93LIom49uNP582nhFr9dYfyFYrXdvdEP3DSb
cdEY2+e+EUVe7tZEBFBrw10Wg1zRJKYUPVYl1XcmCR2cFlZkgxUcKHVmCN6U
4SnqB9HSewR3/eClyV6kjdtV2GSRT82sClS8VBZeC4vuQcmTtSaiuFfU8Ob+
a7vPtKUgLGxIF1m2J0CvXr/bg3wEovH93vnFzej4+MS3tBG7J6KTl+6Od5+P
1I2lCKnMAJFsunlw4/uxldcgtungCw9cZhrCRNNOQPJtMn8UgfE3gdN1agoE
qeZKYig/TzexTbfgVEQHviNZ88Fu1URbNbldNcGvSuoS5Jh7S0v/ouQlg0Lu
S3BwRW+eQra/XreE11Dc9Su77yhMLmqP/nq4/3TDozmxphBwWwQtN1LADorc
41jZ33LvYMu9r2shTzHlQH4tn8lv5LfyufxOfv8594KYrwZ/8L8gB4kMNXZr
u8oPRx+kvBpPxlc/jY/5ef2ph5zqfAbDhc+HP12fpmd3cuzXRzYhJ9TmbvQJ
cDijluVMy+vVUv9l+jSfmJc0n9bzVsLYev5X6rPxoSzTV3i7Pn+2Pls+tQ8f
rjmt8E3MqdHUdWnDri+PLNgnQX71wpT9iD/fMlwDHphE7GJ1WGCpE3LdepnW
yI23nYdCfNlBW28fCVmpy71Dygw4FfpN22KIYfHl9mUdB5FepfqBM/w9D89H
pm/Da+/AD3c83usd2K6k5yCuNg+JhZ9M4ZfbGc4vcf3ieD+m0Y83akiTiOH2
8k0LhYT6NzW+4Ai9UtwNr+uamE9JWactwm+C8s7oTvyPrRYUH1+23aWtytlG
s9k3ejh56GoHkayeCMZY15CVcs1BbChFRZBAnBtPuEFL7/KpPEUAIF9CHTgZ
gwS5pumFoq8vZ/81di8UTygHcRcXZcLV+qsOv3X4vQy/l/bjNsfxZROwFNaM
NSbNov4yX+xerSX9BYOs2wS7ilN+lz46H8mjEPd9OEMWSzfnCJoKlWXiq9D7
ou5hh6rxiX/VtQW4jv6SZFKqsnL+9xNYdIbwT39sUu/uJ8aNXGdqzO1M/cxG
dS2dMY/PZuTGnqOrdvbtyWdZe/tOXogvFxdFSoqzGbhSCH/GlXSsOZT/Du2K
7htMfif8a2VgVGYb37Pc1ZnupC/riar4Pw6OEOUNJwAA

-->

</rfc>

