 | This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) (Learn how and when to remove this message)
|
TheSecurity Parameter Index (SPI) is an identification tag added to the header while usingIPsec for tunneling the IP traffic. This tag helps the kernel discern between two traffic streams where different encryption rules and algorithms may be in use.
The SPI (as per RFC 4301) is a required part of an IPsecSecurity Association (SA) because it enables the receiving system to select the SA under which a received packet will be processed.[1] An SPI has only local significance, since it is defined by the creator of the SA; an SPI is generally viewed as an opaque bit string. However, the creator of an SA may interpret the bits in an SPI to facilitate local processing.
This works like port numbers in TCP and UDP connections. What it means is that there could be different SAs used to provide security to one connection. An SA could therefore act as a set of rules.
Carried inEncapsulating Security Payload (ESP) header orAuthentication Header (AH), its length is 32 bits.[2]
{{cite journal}}:Cite journal requires|journal= (help) | This Internet-related article is astub. You can help Wikipedia byadding missing information. |