[strongSwan] Current Status of High Availability Extension
martin at strongswan.org
Wed Sep 17 17:47:55 CEST 2014
> A node may drop packets before it can process them (heavy load, network
> errors). This leads to outgoing replay counters synchronization
> problems between nodes.
Yes, this can happen. But as we explicitly advance the outgoing sequence
number counter on fail-over, sequence number reuse can be avoided. A
jump forward in sequence numbers is usually not a problem.
In practice this has not been much of an issue, as the loss of packets
happens usually before the cluster, and for both nodes. Hence we advance
the sequence number by a small amount only. But feel free to adjust that
window, refer to  and  for details.
More information about the Users