Editing Internet Key Exchange (section)

==Protocol extensions==
The IETF ipsecme working group has standardized a number of extensions, with the goal
of modernizing the IKEv2 protocol and adapting it better to high volume,
production environments. These extensions include:

* '''IKE session resumption''': the ability to resume a failed IKE/IPsec "session" after a failure, without the need to go through the entire IKE setup process ({{IETF RFC|5723|link=no}}).
* '''IKE redirect''': redirection of incoming IKE requests, allowing for simple load-balancing between multiple IKE endpoints ({{IETF RFC|5685|link=no}}).
* '''IPsec traffic visibility''': special tagging of ESP packets that are authenticated but not encrypted, with the goal of making it easier for middleboxes (such as [[intrusion detection system]]s) to analyze the flow ({{IETF RFC|5840|link=no}}).
* '''Mutual EAP authentication''': support for [[Extensible Authentication Protocol|EAP]]-only (i.e., certificate-less) authentication of both of the IKE peers; the goal is to allow for modern [[Password-authenticated key agreement|password-based authentication]] methods to be used ({{IETF RFC|5998|link=no}}).
* '''Quick crash detection''': minimizing the time until an IKE peer detects that its opposite peer has crashed ({{IETF RFC|6290|link=no}}).
* '''High availability extensions''': improving IKE/IPsec-level protocol synchronization between a cluster of IPsec endpoints and a peer, to reduce the probability of dropped connections after a failover event ({{IETF RFC|6311|link=no}}).