# # exp1-ikev1.dml * _schema [_find .schemas.Net] Net [ frequency 100000000 randomstream [ generator "MersenneTwister" stream "seedstarter1" reproducibility_level "timeline" ] traffic [ pattern [ client 0:0 servers [ port 10 nhi 1:0(0) ] ] pattern [ client 0:1 servers [port 10 nhi 1:1(0) ] ] pattern [ client 0:2 servers [port 10 nhi 1:2(0) ] ] pattern [ client 0:3 servers [port 10 nhi 1:3(0) ] ] pattern [ client 0:4 servers [port 10 nhi 1:4(0) ] ] pattern [ client 0:5 servers [port 10 nhi 1:5(0) ] ] pattern [ client 0:6 servers [port 10 nhi 1:6(0) ] ] pattern [ client 0:7 servers [port 10 nhi 1:7(0) ] ] pattern [ client 0:8 servers [port 10 nhi 1:8(0) ] ] pattern [ client 0:9 servers [port 10 nhi 1:9(0) ] ] ] link [attach 0:500(1) attach 1:500(1) delay 0.05 ] # 50ms Net [ id 0 host [ idrange [ from 0 to 9 ] interface [id 0 _extends .ipsec.100Mb ] nhi_route [dest default interface 0 next_hop 500(10) ] _find .appl.tcpclient_1.graph ] router [ id 500 interface [id 10 _extends .ipsec.100Mb ] interface [id 1 _extends .ipsec.1-5Mb ] nhi_route [dest 1:500(10) interface 1 ] _find .ipsec.sg_graph.graph security [ use_encrypt_delay true # The global default values for life type and duration. ike_lifetype SECONDS ike_lifeduration 1000 user_ike_soft false ipsec_lifetype SECONDS ipsec_lifeduration 400 user_ipsec_soft false _extends .dictionary.crypto_delay0 _extends .dictionary.ikespd_0_500 ipsec_policy [ ipsec_interface [id 1 _extends .dictionary.ipsecspd_0_500 ] ] ] # end of security ] # end of router link [ attach 500(10) attach 0(0) attach 1(0) attach 2(0) attach 3(0) attach 4(0) attach 5(0) attach 6(0) attach 7(0) attach 8(0) attach 9(0) ] ] # end of Net Net [ id 1 host [ idrange [ from 0 to 9 ] interface [id 0 _extends .ipsec.100Mb ] nhi_route [dest default interface 0 next_hop 500(10) ] _find .appl.tcpserver_1.graph ] router [ id 500 interface [id 10 _extends .ipsec.100Mb ] interface [id 1 _extends .ipsec.1-5Mb ] nhi_route [dest 0:500(10) interface 1 ] _find .ipsec.sg_graph.graph security [ use_encrypt_delay true # The global default values for life type and duration. ike_lifetype SECONDS ike_lifeduration 1000 user_ike_soft false ipsec_lifetype SECONDS ipsec_lifeduration 400 user_ipsec_soft false _extends .dictionary.crypto_delay0 _extends .dictionary.ikespd_1_500 ipsec_policy [ ipsec_interface [id 1 _extends .dictionary.ipsecspd_1_500 ] ] ] #end of security ] # end of router link [ attach 500(10) attach 0(0) attach 1(0) attach 2(0) attach 3(0) attach 4(0) attach 5(0) attach 6(0) attach 7(0) attach 8(0) attach 9(0) ] ] # end of Net ] dictionary [ crypto_delay0 [ crypto_delay [ _extends .ipsec.crypto_encrypt _extends .ipsec.crypto_auth # the time taken to sign and verify the digital signature in seconds. signature_delay [ signature_entry [ id RSA sign 0.0 verify 0.0 ] signature_entry [ id DSS sign 0.017 verify 0.021 ] # signature_entry [ id PRE_SHARED sign 0.0 verify 0.0 ] ] DH_exchange_delay [ DH_group_entry [ id group2 delay 0.1 ] # modp 1024bit, 100ms ] ] ] ikespd_0_500 [ ikespd [ # alternatives; IPV4_range/IPV4_subnet spdentry [ id 0 nhi_remoteSG 1:500(10) ex_mode MAIN identity_type IPV4_ADDR soft_threshold 85 _extends .ipsec.ike_policy.policy2 ] ] ] ikespd_1_500 [ ikespd [ spdentry [ id 0 nhi_remoteSG 0:500(10) ex_mode MAIN identity_type IPV4_ADDR soft_threshold 95 _extends .ipsec.ike_policy.policy2 ] ] ] ipsec_instrument [ use SSF.niist.IPSec.instrument.MeasurementCollector collect_interval 10 debug false ] # ipsec default values can be specified here ipsecinit [ timer_interval 2.0 # timer interval used for checking SAs init_action DROP # KEEP or DROP; #initial action when no sa available default_identity_type IPV4_ADDR anti_replay true replaywindow [ use SSF.niist.IPSec.ReplayWindow32 window_size 32 ] rekeying_mode deleteMsg #rttd, deleteMsg, fixed, immediate default_fixed_time 30 debug false trace false logfile "ipsec.log" ] ikeinit [ timer_interval 2.0 # in seconds majorVersion 1 minorVersion 0 debug false trace false logfile "ike.log" p1_rekeying_mode continuous #or non-continuous global_default [ rxt_maxcount 4 rxt_min 2.0 # in seconds rxt_max 64.0 rtt_default 3.0 replay true send_infoEx true ] dos false ] ike_instrument [ use SSF.niist.IKE.instrument.IkeSACollector collect_interval 10 debug false ] ike_initiator [ rxt_maxcount 4 rxt_min 2.0 # in seconds rxt_max 64.0 rtt_default 3.0 replay true send_infoEx true ] ike_responder [ rxt_maxcount 4 rxt_min 2.0 # in seconds rxt_max 64.0 rtt_default 3.0 replay true send_infoEx true ] ipsecspd_0_500 [ spd_outbound [ # the first two entries are for ISAKMP traffic. spdentry [ id 0 _extends .ipsec.bypass0 ] spdentry [ id 1 _extends .ipsec.bypass1 ] spdentry [ id 2 selector [type SRC_IP value_type S value 0:0(0) ] selector [ type DEST_IP value_type S value 1:0(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 3 selector [type SRC_IP value_type S value 0:1(0) ] selector [ type DEST_IP value_type S value 1:1(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 4 selector [type SRC_IP value_type S value 0:2(0) ] selector [ type DEST_IP value_type S value 1:2(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 5 selector [type SRC_IP value_type S value 0:3(0) ] selector [ type DEST_IP value_type S value 1:3(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 6 selector [type SRC_IP value_type S value 0:4(0) ] selector [ type DEST_IP value_type S value 1:4(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 7 selector [type SRC_IP value_type S value 0:5(0) ] selector [ type DEST_IP value_type S value 1:5(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 8 selector [type SRC_IP value_type S value 0:6(0) ] selector [ type DEST_IP value_type S value 1:6(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 9 selector [type SRC_IP value_type S value 0:7(0) ] selector [ type DEST_IP value_type S value 1:7(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 10 selector [type SRC_IP value_type S value 0:8(0) ] selector [ type DEST_IP value_type S value 1:8(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 11 selector [type SRC_IP value_type S value 0:9(0) ] selector [ type DEST_IP value_type S value 1:9(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] ] # end of spd_outbound #spd_inbound spd_inbound [ spdentry [ id 0 _extends .ipsec.bypass0 ] spdentry [ id 1 _extends .ipsec.bypass1 ] spdentry [ id 2 selector [type SRC_IP value_type S value 1:0(0) ] selector [ type DEST_IP value_type S value 0:0(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 3 selector [type SRC_IP value_type S value 1:1(0) ] selector [ type DEST_IP value_type S value 0:1(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 4 selector [type SRC_IP value_type S value 1:2(0) ] selector [ type DEST_IP value_type S value 0:2(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 5 selector [type SRC_IP value_type S value 1:3(0) ] selector [ type DEST_IP value_type S value 0:3(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 6 selector [type SRC_IP value_type S value 1:4(0) ] selector [ type DEST_IP value_type S value 0:4(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 7 selector [type SRC_IP value_type S value 1:5(0) ] selector [ type DEST_IP value_type S value 0:5(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 8 selector [type SRC_IP value_type S value 1:6(0) ] selector [ type DEST_IP value_type S value 0:6(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 9 selector [type SRC_IP value_type S value 1:7(0) ] selector [ type DEST_IP value_type S value 0:7(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 10 selector [type SRC_IP value_type S value 1:8(0) ] selector [ type DEST_IP value_type S value 0:8(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 11 selector [type SRC_IP value_type S value 1:9(0) ] selector [ type DEST_IP value_type S value 0:9(0) ] action APPLY encap_mode TUNNEL remoteSG 1:500(10) sourceSG 0:500(10) usepfs true _extends .ipsec.ESP ] ] # end of spd_inbound ] # end of ipsecspd_0_500 ipsecspd_1_500 [ spd_outbound [ # the first two entries are for ISAKMP traffic. spdentry [ id 0 _extends .ipsec.bypass0 ] spdentry [ id 1 _extends .ipsec.bypass1 ] spdentry [ id 2 selector [ type SRC_IP value_type S value 1:0(0) ] selector [ type DEST_IP value_type S value 0:0(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 3 selector [ type SRC_IP value_type S value 1:1(0) ] selector [ type DEST_IP value_type S value 0:1(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 4 selector [ type SRC_IP value_type S value 1:2(0) ] selector [ type DEST_IP value_type S value 0:2(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 5 selector [type SRC_IP value_type S value 1:3(0) ] selector [ type DEST_IP value_type S value 0:3(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 6 selector [type SRC_IP value_type S value 1:4(0) ] selector [ type DEST_IP value_type S value 0:4(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 7 selector [type SRC_IP value_type S value 1:5(0) ] selector [ type DEST_IP value_type S value 0:5(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 8 selector [type SRC_IP value_type S value 1:6(0) ] selector [ type DEST_IP value_type S value 0:6(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 9 selector [type SRC_IP value_type S value 1:7(0) ] selector [ type DEST_IP value_type S value 0:7(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 10 selector [type SRC_IP value_type S value 1:8(0) ] selector [ type DEST_IP value_type S value 0:8(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 11 selector [type SRC_IP value_type S value 1:9(0) ] selector [ type DEST_IP value_type S value 0:9(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] ] # end of spd_outbound #spd_inbound spd_inbound [ spdentry [ id 0 _extends .ipsec.bypass0 ] spdentry [ id 1 _extends .ipsec.bypass1 ] spdentry [ id 2 selector [ type SRC_IP value_type S value 0:0(0) ] selector [ type DEST_IP value_type S value 1:0(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 3 selector [ type SRC_IP value_type S value 0:1(0) ] selector [ type DEST_IP value_type S value 1:1(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 4 selector [ type SRC_IP value_type S value 0:2(0) ] selector [ type DEST_IP value_type S value 1:2(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 5 selector [type SRC_IP value_type S value 0:3(0) ] selector [ type DEST_IP value_type S value 1:3(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 6 selector [type SRC_IP value_type S value 0:4(0) ] selector [ type DEST_IP value_type S value 1:4(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 7 selector [type SRC_IP value_type S value 0:5(0) ] selector [ type DEST_IP value_type S value 1:5(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 8 selector [type SRC_IP value_type S value 0:6(0) ] selector [ type DEST_IP value_type S value 1:6(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 9 selector [type SRC_IP value_type S value 0:7(0) ] selector [ type DEST_IP value_type S value 1:7(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 10 selector [type SRC_IP value_type S value 0:8(0) ] selector [ type DEST_IP value_type S value 1:8(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] spdentry [ id 11 selector [type SRC_IP value_type S value 0:9(0) ] selector [ type DEST_IP value_type S value 1:9(0) ] action APPLY encap_mode TUNNEL remoteSG 0:500(10) sourceSG 1:500(10) usepfs true _extends .ipsec.ESP ] ] # end of spd_inbound ] #end of ipsecspd_1_500 ] # end of dictionary