3.3.1 Abstract Data Model

When this extension is implemented, the following additional state is maintained. This is an extension to IKE Protocol version 1 as specified in [RFC2409].

Main mode security association database (MMSAD): The entry for each MM SA contains the following IKE fragmentation–specific data elements.

• Fragmentation supported: A flag that MUST be set if the peer supports receiving fragmented messages.

• Fragmentation active: A flag that MUST be set if the IKE messages MUST be fragmented.

• Fragmentation determination: The fragmentation need is determined by the firing of the fragmentation timer. See section 3.3.2 and the associated endnotes for more details. After determining that fragmentation is needed, the chosen MTU MUST be the minimum MTU for the protocol, which is 576 bytes for IPv4 and 1280 bytes for IPv6.

• Fragment queue: A queue holding the fragments that correspond to incomplete IKE messages, indexed by the Fragment ID. Each entry in the queue MUST contain:

  • The Fragment ID, which is set to the Fragment_ID field in section 2.2.3.1.

  • The Fragment Number, which is set to the Fragment_Number field in section 2.2.3.1.

  • A Flag that is set to the Flags field in section 2.2.3.1 to indicate whether this fragment is the last one (that is, the LAST_FRAGMENT bit is set in the Fragment payload).

  • The Fragment Data, which is set to the Fragment_Data field in section 2.2.3.1.

Flow state table: The following information MUST be maintained.

• Fragment ID counter: MUST be maintained and MUST be a 16 bit number. A Fragment ID counter SHOULD be implemented as a global counter.