[sctp-dev] SCTP over IPSec
Christopher Hegarty - Sun Microsystems Ireland
Christopher.Hegarty at Sun.COM
Mon Feb 16 06:15:29 PST 2009
Hi Evangelos,
The simple answer is YES. You should be able to use a standard IPSec
implementation and run SCTP on top of it.
There is no direct support for IPsec in the Java API of course. IPsec
(if configured) would live above the IP layer and below the native SCTP
stack. Therefore, the Java SCTP implementation would leverage the
platforms IPsec implementation.
There is an RFC, 3554, which I believe is an attempt to simplify running
SCTP on top of IPsec, but even without this it should work. You will
need to configure 2 * n * m Security Associations, where one SCTP
endpoint has n addresses and the other m. An implementation of RFC 3554
would reduce this number to 2.
I checked both reference platforms, Solaris and LKSCTP, and both support
this.
Running a java.net.Socket over IPsec should be pretty much the same as
SCTP, only not as much SA's! But I have not tried this.
-Chris.
On 02/16/09 13:10, Evangelos Haleplidis wrote:
> Greetings to the list,
>
> I have one question to make.
>
> Is there support of SCTP over IPsec in java? How can one use it?
>
> Also, this is out of scope of the mailing list, but relevant to the
> question, how can you use IPsec in Java (TCP over IPsec).
>
> Regards,
> Evangelos Haleplidis.
>
>
More information about the sctp-dev
mailing list