[sctp-dev] SCTP over IPSec
Haleplidis Evangelos
e_halep at yahoo.gr
Wed Dec 8 11:25:41 PST 2010
Greetings everyone,
I know this is a very old question, but we've just got to the point that we
need to implement SCTP over IPSec.
Has it been implemented by anyone? Is it's possible to provide any pointers
other than the one Mr. Hegarty proposed one year from now?
"There is an RFC, 3554, which I believe is an attempt to simplify running
SCTP on top of IPsec, but even without this it should work.
You will need to configure 2 * n * m Security Associations, where one SCTP
endpoint has n addresses and the other m. An implementation of
RFC 3554 would reduce this number to 2."
Thank you in advance.
Regards,
Evangelos Haleplidis.
> -----Original Message-----
> From: sctp-dev-bounces at openjdk.java.net [mailto:sctp-dev-
> bounces at openjdk.java.net] On Behalf Of Dennis Hjort
> Sent: Tuesday, March 10, 2009 8:41 AM
> To: sctp-dev at openjdk.java.net
> Subject: Re: [sctp-dev] SCTP over IPSec
>
> Hi Evangelos,
>
> Okey, in that case we are "in the same boat" so to speak ! ;-)
>
> In our case, it will be in our implementation list, but not until Q3 or
> Q4 of this year. Perhaps we do a test before that, and if that's the
> case I'll try to post how we ran Ipsec ! :-)
>
> Regards,
>
> // D
>
> > -----Original Message-----
> > From: sctp-dev-bounces at openjdk.java.net
> > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of
> > Evangelos Haleplidis
> > Sent: den 9 mars 2009 22:41
> > To: sctp-dev at openjdk.java.net
> > Subject: Re: [sctp-dev] SCTP over IPSec
> >
> > Greetings Dennis,
> >
> > Sorry, but i have not have started working on IPsec yet.
> >
> > IPsec is not currently on my to implement list, but it may be
> > in the near future, and that was the cause of my question.
> >
> > Regards,
> > Evangelos Haleplidis.
> >
> > > -----Original Message-----
> > > From: sctp-dev-bounces at openjdk.java.net
> > > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of Dennis
> Hjort
> > > Sent: Monday, March 09, 2009 11:41 AM
> > > To: sctp-dev at openjdk.java.net
> > > Subject: Re: [sctp-dev] SCTP over IPSec
> > >
> > > Hi Evangelos !
> > >
> > > I was wondering if you have managed to get any further with IPSEC ?
> > > Have you managed to run SCTP over IPSEC to this date or are
> > you still
> > > working on how to run IPSEC in the first place ?
> > >
> > > With kind regards
> > >
> > > // Dennis
> > >
> > > > -----Original Message-----
> > > > From: sctp-dev-bounces at openjdk.java.net
> > > > [mailto:sctp-dev-bounces at openjdk.java.net] On Behalf Of
> > Christopher
> > > > Hegarty - Sun Microsystems Ireland
> > > > Sent: den 16 februari 2009 15:15
> > > > To: Evangelos Haleplidis
> > > > Cc: sctp-dev at openjdk.java.net
> > > > Subject: Re: [sctp-dev] SCTP over IPSec
> > > >
> > > > Hi Evangelos,
> > > >
> > > > The simple answer is YES. You should be able to use a
> > > standard IPSec
> > > > implementation and run SCTP on top of it.
> > > >
> > > > There is no direct support for IPsec in the Java API of
> > > course. IPsec
> > > > (if configured) would live above the IP layer and below
> > the native
> > > > SCTP stack. Therefore, the Java SCTP implementation would
> > > leverage the
> > > > platforms IPsec implementation.
> > > >
> > > > There is an RFC, 3554, which I believe is an attempt to simplify
> > > > running SCTP on top of IPsec, but even without this it
> > should work.
> > > > You will need to configure 2 * n * m Security Associations,
> > > where one
> > > > SCTP endpoint has n addresses and the other m. An
> > implementation of
> > > > RFC 3554 would reduce this number to 2.
> > > >
> > > > I checked both reference platforms, Solaris and LKSCTP, and both
> > > > support this.
> > > >
> > > > Running a java.net.Socket over IPsec should be pretty much
> > > the same as
> > > > SCTP, only not as much SA's! But I have not tried this.
> > > >
> > > > -Chris.
> > > >
> > > > On 02/16/09 13:10, Evangelos Haleplidis wrote:
> > > > > Greetings to the list,
> > > > >
> > > > > I have one question to make.
> > > > >
> > > > > Is there support of SCTP over IPsec in java? How can one use
> it?
> > > > >
> > > > > Also, this is out of scope of the mailing list, but
> > > relevant to the
> > > > > question, how can you use IPsec in Java (TCP over IPsec).
> > > > >
> > > > > Regards,
> > > > > Evangelos Haleplidis.
> > > > >
> > > > >
> > > >
> >
> >
> >
More information about the sctp-dev
mailing list