How does MSR IKE DPD work?
Q:How does MSR IKE DPD word?
A:
DPD has 2 parameters: idle timer and overtime timer. Idle timer is used to judge whether need to send DPD request. If idle timer finished, but still not receive encrypted packet, thus need DPD check. Otherwise during the idle time, if receives one encrypted packet, the idle timer will be reset. DPD is checked by overtime timer. Overtime timer is used to judge if need to resend request. Generally, send three time requests(request->overtime->request->overtime->request->overtime) and don’t receive any DPD response, we should delete SA. If send encrypted packet later, that needs re-negotiate SA. At the same time, if receives encrypted packet, that means the original SA will notify the opposite port to re-negotiate SA.
