IKEv2 SA Negotiation Process

For IKEv2, in normal cases, two exchanges and four messages are required to create one IKE SA and a pair of IPsec SAs through negotiation. To create multiple pairs of IPsec SAs, only one additional exchange is needed for each additional pair of SAs. That is, two messages can accomplish the task.

IKEv2 SA Negotiation Process

IKEv2 defines three types of exchange, namely, initial exchange, creating Child SA exchanges, and notification exchange.

  1. Initial exchange

    IKE communication always starts from IKE SA initial exchange and IKE authentication exchange. The two exchanges usually involve four messages. The number may increase in certain scenarios. All communications that use IKE consist of requests and replies. After IKE SA initial exchange and IKE authentication exchange are completed, an IKE SA and the first pair of Child SAs (IPsec SAs) are established.

    Figure 1 IKEv2 initial negotiation procedure

    The details are as follows:

    1. First message pair (IKE_SA_INIT)

      The message pair is responsible for the negotiation of IKE SA parameters, including the encryption and authentication algorithm negotiation, and Nonce and DH exchange.

      A shared key material is generated once IKE_SA_INIT exchange is complete. Other related keys can be derived from the shared key material.

    2. Second message pair (IKE_AUTH)

      Starting from IKE AUTH exchange, all packets must be encrypted before exchange. IKE_AUTH exchange requires at least two messages. During the exchange of the two packets, identity authentication is implemented and a Child SA is established.

      For RSA signature authentication and pre-shared key authentication, the calculation methods of the authentication payloads (AUTH payloads) are different. In IKE_SA_INIT exchange, the key material for IPsec SA is generated and all keys for IPsec SA can be derived from the key material.

      Apart from RSA signature authentication and pre-shared key authentication, IKEv2 also supports EAP authentication. EAP authentication is implemented in IKE as an additional IKE_AUTH exchange. The initiator omits the AUTH payload in message 3 to indicate that EAP authentication is required.

  2. Creating Child SA exchanges

    If multiple IPsec SAs are required by an IKE SA, create Child SA exchanges to negotiate multiple SAs. Besides, creating Child SA exchanges can also be used for the renegotiation of IKE SAs.

    Creating a Child SA exchange involves an exchange and two messages. The exchange must be implemented after IKE initial exchange is completed. The initiator of the exchange can be the initiator or responder of IKE initial exchange. The two messages in the exchange need to be protected by the key negotiated in IKE initial exchange.

    Similar to PFS, a DH exchange can be re-implemented during the creation of the Child SA exchange to generate new key materials. After the key material is generated, all keys of the Child SA can be derived from the key material.

  3. Notification exchange

    The two ends involved in IKE negotiation sometimes send certain control messages such as error messages or notification messages. Such messages are transferred in notification exchange in IKEv2.

    Notification exchange must be protected by IKE SA. That is, notification exchange must come after initial exchange.

Parent Topic: IPsec SA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.