[strongSwan] packet loss during inline rekey
Nalla, Pradeep
Pradeep.Nalla at cavium.com
Fri Oct 21 09:29:40 CEST 2016
Hi
Query regarding packet loss during rekey. I was using reauth=no for inline rekeying. After soft expiry, new CHILD_SA is negotiated, established and followed by the policy update on both the gateways.
When does the old CHILD_SA gets deleted?. For my case it is deleted right after new SA establishment via INFORMATIONAL[D] requests messages exchanged between the gateways. How to have enough time between the new SA addition and old SA deletion.
There is a brief packet loss at the rekey initiator due to not finding inbound SA (It has encountered the packets encrypted using old CHILD_SA). Is this loss expected? If not how can this be avoided?
Thanks
Pradeep.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161021/d8a82989/attachment.html>
More information about the Users
mailing list