Cisco Cisco Packet Data Interworking Function (PDIF) Documentation Roadmaps
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
If the IKEv2 cookie feature is enabled, and the number of half-opened IPSec sessions exceeds the configured limit of
any integer between 0 and 100,000, the call setup is as shown in the figure below.
any integer between 0 and 100,000, the call setup is as shown in the figure below.
Figure 122. DoS Cookie-Challenge-Enabled IKEv2 Message Exchange
Table 66. DoS Cookie Challenge Enabled IKEv2 Message Exchange
Step
Description
1
The MS places a call to the WiFi AP.
2
The WiFi AP returns the IP address of the PDIF.
3
The MS sends an IKE_SA_INIT request. message.
4
The PDIF sends the Notify (cookie) payload to the MS to request retransmission of the IKE_SA_INIT request message to
include the Notify (cookie) payload in the message.
include the Notify (cookie) payload in the message.
5
Upon receipt of the retransmitted message, the PDIF verifies the cookie payload and ensures it is the same cookie as the
one it had sent.
one it had sent.
6
If the cookie challenge is met, setup continues as normal with an IKE_SA_INIT response message.
Cookie Challenge Statistics
Cookie challenge statistics appear in the outputs for the following commands: