3.9.1 Abstract Data Model

When this extension is implemented, the following additional state must be maintained. This is an extension to IKE Protocol version 1 as specified in [RFC2409].

Flow state table: The following information MUST be maintained:

• A flag indicating that DoS protection is active.

DoS Protection mode state: responder (1) MUST maintain the following state to implement Denial of Service Protection mode.

• A cookie field consisting of random data.

• A cookie timeout period, initialized to 150 secs.

This state is used by the cookie generation algorithm that is described in section 3.9.5.1.