[strongSwan] packet loss during inline rekey
Pradeep.Nalla at cavium.com
Fri Oct 21 09:29:40 CEST 2016
Query regarding packet loss during rekey. I was using reauth=no for inline rekeying. After soft expiry, new CHILD_SA is negotiated, established and followed by the policy update on both the gateways.
When does the old CHILD_SA gets deleted?. For my case it is deleted right after new SA establishment via INFORMATIONAL[D] requests messages exchanged between the gateways. How to have enough time between the new SA addition and old SA deletion.
There is a brief packet loss at the rekey initiator due to not finding inbound SA (It has encountered the packets encrypted using old CHILD_SA). Is this loss expected? If not how can this be avoided?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users