• United States
Executive Editor

Vendors to test drive interoperability standard

Mar 25, 20032 mins
Network SecurityNetworkingSecurity

* IPSec Plugfest puts IKEv2 to the test

IPSec VPN vendors have done a lot over the past several years to make their gear interoperable to the point that you can actually mix and match their products to create a single VPN if you want to.

At the all-VPN conference VPNCon for the past several years, interoperability demonstrations between as many as seven vendors’ equipment have shown that this is achievable, but work continues.

A new set of standards that involve or affect IPSec is being worked on, and bakeoffs are being organized to see whether equipment based on standards but made by different vendors can operate with each other. The standard problem with standards is that different vendors may interpret the specs differently or pick different methods for their gear to meet the standards. These differences can stand in the way of interoperability.

The latest such bakeoff is being organized by the European Telecommunications Standards Institute (ETSI), a not for profit organization whose mission is to produce the telecommunications standards. The IPSec Plugfest to be held this summer in France will focus on the emerging IKEv2 standard that is being worked on by the Internet Engineering Task Force (IETF). The standard has been in development for more than a year and is far enough along that some vendors have implementations ready to test.

IKE stands for Internet key exchange, and it is one of the IPSec standards. IKE authenticates the devices at either end of VPN tunnels, decides on the encryption and authentication algorithms that will be used in a session, and generates and manages encryption keys. IKEv2 would do less and accomplish it using fewer round-trip exchanges between devices.

This is good news for interoperability. Because the protocol is simpler, IKEv2 would also make it easier to establish secure tunnels across the Internet between IPSec VPN equipment made by different vendors. This interoperability would make it simpler, for example, to create VPNs with business partners, suppliers and customers.

While the results of the plugfest won’t be detailed, the results will be fed back to the standards-making bodies so they can clear up any confusion that the testing reveals.

The new IKE has been in the works for more than a year, and it looks like the end may be in sight.