Packet Data Interworking Function Overview
â–€ Features and Functionality - Base Software
â–„ Cisco ASR 5000 Series Product Overview
If the IKEv2 cookie feature is enabled, and the number of half-opened IPSec sessions exceeds the configured limit of
any integer between 0 and 100,000, the call setup is as shown in the figure below.
Figure 122. DoS Cookie-Challenge-Enabled IKEv2 Message Exchange
Table 66. DoS Cookie Challenge Enabled IKEv2 Message Exchange
The MS places a call to the WiFi AP.
The WiFi AP returns the IP address of the PDIF.
The MS sends an IKE_SA_INIT request. message.
The PDIF sends the Notify (cookie) payload to the MS to request retransmission of the IKE_SA_INIT request message to
include the Notify (cookie) payload in the message.
Upon receipt of the retransmitted message, the PDIF verifies the cookie payload and ensures it is the same cookie as the
one it had sent.
If the cookie challenge is met, setup continues as normal with an IKE_SA_INIT response message.
Cookie Challenge Statistics
Cookie challenge statistics appear in the outputs for the following commands:
To Next Page
Loading...
Need help?
General
