[sctp-dev] SCTP over IPSec
Dennis Hjort
dennis.hjort at ericsson.com
Mon Mar 9 23:41:02 PDT 2009
Hi Evangelos,
Okey, in that case we are "in the same boat" so to speak ! ;-)
In our case, it will be in our implementation list, but not until Q3 or
Q4 of this year. Perhaps we do a test before that, and if that's the
case I'll try to post how we ran Ipsec ! :-)
Regards,
// D
> -----Original Message-----
> From: sctp-dev-bounces at openjdk.java.net
> [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of
> Evangelos Haleplidis
> Sent: den 9 mars 2009 22:41
> To: sctp-dev at openjdk.java.net
> Subject: Re: [sctp-dev] SCTP over IPSec
>
> Greetings Dennis,
>
> Sorry, but i have not have started working on IPsec yet.
>
> IPsec is not currently on my to implement list, but it may be
> in the near future, and that was the cause of my question.
>
> Regards,
> Evangelos Haleplidis.
>
> > -----Original Message-----
> > From: sctp-dev-bounces at openjdk.java.net
> > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Dennis Hjort
> > Sent: Monday, March 09, 2009 11:41 AM
> > To: sctp-dev at openjdk.java.net
> > Subject: Re: [sctp-dev] SCTP over IPSec
> >
> > Hi Evangelos !
> >
> > I was wondering if you have managed to get any further with IPSEC ?
> > Have you managed to run SCTP over IPSEC to this date or are
> you still
> > working on how to run IPSEC in the first place ?
> >
> > With kind regards
> >
> > // Dennis
> >
> > > -----Original Message-----
> > > From: sctp-dev-bounces at openjdk.java.net
> > > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of
> Christopher
> > > Hegarty - Sun Microsystems Ireland
> > > Sent: den 16 februari 2009 15:15
> > > To: Evangelos Haleplidis
> > > Cc: sctp-dev at openjdk.java.net
> > > Subject: Re: [sctp-dev] SCTP over IPSec
> > >
> > > Hi Evangelos,
> > >
> > > The simple answer is YES. You should be able to use a
> > standard IPSec
> > > implementation and run SCTP on top of it.
> > >
> > > There is no direct support for IPsec in the Java API of
> > course. IPsec
> > > (if configured) would live above the IP layer and below
> the native
> > > SCTP stack. Therefore, the Java SCTP implementation would
> > leverage the
> > > platforms IPsec implementation.
> > >
> > > There is an RFC, 3554, which I believe is an attempt to simplify
> > > running SCTP on top of IPsec, but even without this it
> should work.
> > > You will need to configure 2 * n * m Security Associations,
> > where one
> > > SCTP endpoint has n addresses and the other m. An
> implementation of
> > > RFC 3554 would reduce this number to 2.
> > >
> > > I checked both reference platforms, Solaris and LKSCTP, and both
> > > support this.
> > >
> > > Running a java.net.Socket over IPsec should be pretty much
> > the same as
> > > SCTP, only not as much SA's! But I have not tried this.
> > >
> > > -Chris.
> > >
> > > On 02/16/09 13:10, Evangelos Haleplidis wrote:
> > > > Greetings to the list,
> > > >
> > > > I have one question to make.
> > > >
> > > > Is there support of SCTP over IPsec in java? How can one use it?
> > > >
> > > > Also, this is out of scope of the mailing list, but
> > relevant to the
> > > > question, how can you use IPsec in Java (TCP over IPsec).
> > > >
> > > > Regards,
> > > > Evangelos Haleplidis.
> > > >
> > > >
> > >
>
>
>
More information about the sctp-dev
mailing list