|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: IP Services Oracle Solaris 10 1/13 Information Library|
For a complete listing of new Oracle Solaris features, see Oracle Solaris 10 1/13 What’s New. Since the Solaris 9 release, IPsec includes the following functionality:
When a Sun Crypto Accelerator 4000 board is attached, the board automatically caches IPsec SAs for packets that use the board's Ethernet interface. The board also accelerates the processing of the IPsec SAs.
IPsec can take advantage of automatic key management with IKE over IPv6 networks. For more information, see Chapter 22, Internet Key Exchange (Overview).
For new IKE features, see Changes to IKE for the Oracle Solaris 10 Release.
The parser for theipseckey command provides clearer help. The ipseckey monitor command timestamps each event. For details, see the ipseckey(1M) man page.
IPsec algorithms now come from a central storage location, the Cryptographic Framework feature of Oracle Solaris. The ipsecalgs(1M) man page describes the characteristics of the algorithms that are available. The algorithms are optimized for the architecture that they run on. For a description of the Cryptographic Framework, see Chapter 13, Oracle Solaris Cryptographic Framework (Overview), in System Administration Guide: Security Services.
IPsec works in the global zone. IPsec policy is managed in the global zone for a non-global zone. Keying material is created and is managed manually in the global zone for a non-global zone. IKE cannot be used to generate keys for a non-global zone. For more information on zones, see Chapter 16, Introduction to Solaris Zones, in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.
IPsec policy can work with the Streams Control Transmission Protocol (SCTP) and SCTP port number. However, the implementation is not complete. The IPsec extensions for SCTP that are specified in RFC 3554 are not yet implemented. These limitations can cause complications when creating IPsec policy for SCTP. For details, consult the RFCs. Also, read IPsec and SCTP and SCTP Protocol.