I'm using vpp 21.06, and sometimes my ipsec tunnel got broken, after debug i got the reason: TheĀ initiator sendĀ IKEV2_EXCHANGE_CREATE_CHILD_SA packet to responder to rekey ipsec sa after lifetime; the responder got the packet and do rekey process, but the response packet got lost, then the initiator will retry to send the rekey packet, but in this time the responder can't get child sa with the spi in the packet and do nothing (according to rfc 7269, it should better send NO_AS_FOUND to the initiator), the initiator deleted ipsec sa after 5 time retries, but the responder will never delete it's ipsec sa and it's ipip interface.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20446): https://lists.fd.io/g/vpp-dev/message/20446 Mute This Topic: https://lists.fd.io/mt/86905486/21656 Mute #ipsec:https://lists.fd.io/g/vpp-dev/mutehashtag/ipsec Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
