Perfect Forward Secrecy - Cisco CRS-1 - Carrier Routing System Router Configuration Manual

Information About Implementing IPSec Networks
During IPSec SA negotiations with IKE, the peers search for a transform set that is the same at both
peers. When such a transform set is found, it is selected and applied to the protected traffic as part of
both peers' IPSec SAs.
If you change a transform set definition, the change is applied only to crypto profile entries that reference
the transform set. The change will not be applied to existing SAs, but is used in subsequent negotiations
to establish new SAs. If you want the new settings to take effect sooner, you can clear all or part of the
SA database by using the clear crypto ipsec sa command.
Global Lifetimes for IPSec Security Associations
You can change the global lifetime values that are used when negotiating new IPSec SAs.
Two lifetimes exist: a "timed" lifetime and "traffic-volume" lifetime. An SA expires after the first of
these lifetimes is reached. The default lifetimes are 3600 seconds (1 hour) and 4,194,303 kilobytes (10
MBps for 1 hour).
A lifetime per profile is also supported. If a profile is configured with a lifetime, it overrides the global
definition.
If you change a global lifetime, the new lifetime value is not applied to currently existing SAs, but is
used in the negotiation of subsequently established SAs. If you want to use the new values immediately,
you can clear all or part of the SA database. For more information, see the documentation of the clear
crypto ipsec sa command in Cisco IOS XR System Security Configuration Guide.
IPSec SAs use one or more shared secret keys. These keys and their SAs time out together.
Assuming that the particular crypto profile entry does not have lifetime values configured, when the
router requests new SAs it specifies its global lifetime values in the request to the peer; it uses this value
as the lifetime of the new SAs. When the router receives a negotiation request from the peer, it uses the
smaller of either the lifetime value proposed by the peer or the locally configured lifetime value as the
lifetime of the new SAs.
The SA (and corresponding keys) expire according to whichever comes sooner, either after the number
of seconds has passed (specified by the seconds keyword) or amount of traffic in kilobytes is passed
(specified by the kilobytes keyword).
A new SA is negotiated before the lifetime threshold of the existing SA is reached, to ensure that a new
SA is ready for use when the old one expires. The new SA is negotiated approximately 30 seconds before
the seconds lifetime expires or when the volume of traffic through the tunnel reaches 300 kilobytes less
than the kilobytes lifetime (whichever comes first).
If no traffic has passed through the tunnel during the entire life of the SA, a new SA is not negotiated
when the lifetime expires. Instead, a new SA is negotiated only when IPSec sees another packet that
should be protected.

Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) ensures that a given key of an IPSec security association (SA) is not
derived from any other secret, such as some other keys. In other words, if someone broke a key, PFS
would ensure that the attacker would not be able to derive any other key. If PFS is not enabled, someone
can hypothetically break the IKE SA secret key, copy all the IPSec-protected data, and use knowledge
of the IKE SA secret to compromise the IPSec SAs set up by this IKE SA. With PFS, breaking IKE does
not give an attacker immediate access to IPSec. The attacker needs to break each IPSec SA individually.
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-84
Implementing IPSec Network Security on Cisco IOS XR Software
OL-20382-01