tailieunhanh - Scalable voip mobility intedration and deployment- P35

Scalable voip mobility intedration and deployment- P35: The term voice mobility can mean a number of different things to different people. Two words that can be quite trendy by themselves, but stuck together as if forgotten at a bus station long past the last ride of the night, the phrase rings a number of different, and at times discordant, bells. | 340 Chapter 8 parties although everyone must support 32 and 64 is recommended. The idea of the window is that the receiver keeps the highest sequence number that it has seen from a packet that has been successfully authenticated. Forgeries may try to push the window around and so must be ignored for setting the window. Any packet received with a sequence number older than the current receive one minus the window size is dropped right away. That leaves the packets in the middle of the window. For those packets a list of sequence numbers already seen is kept. If the packet with the same sequence number comes in twice the second one is dropped. Otherwise the packet is allowed in and its sequence number recorded. IPsec is flexible enough to allow for a number of different encryption and authentication protocols to be negotiated. Common encryption protocols are 3DES-CBC and AES-CBC. A common authentication protocols is HMAC-SHA1. Recall that an HMAC is a special type of signature that requires a private key to validate. If a message is received the key and the packet data together produce the signature which is then compared to the one on the packet. If they match the sender has the right key. So the possession of the key by the sender is proof of the authenticity of the packet. IPsec Key Negotiation Because IPsec is only a transport there must be a protocol to set up the tunnels. The simplest protocol allowed is to use none and IPsec connections are allowed to be set up on both sides manually. However it is usually far simpler for management of the connections to use some sort of user authentication and negotiation protocol. The Internet Security Association and Key Management Protocol ISAKMP is used between devices to negotiate the type of IPsec connection and to establish the security association. The two endpoints decide on the type of tunnel the type of encryption or authentication algorithm to use and other parameters using this protocol. ISAKMP is defined