Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

Is keepalive mechanism involves sending periodic ping within the IPsec ? what is the packet size ? 

Mar 23, 2017 07:27 PM

Q:

Is keepalive mechanism involves sending periodic ping within the IPsec ? what is the packet size ?



A:

Keepalive mechanism involves sending periodic ping within the IPsec. This is a 96 byte packet and only sent out in the following scenarios –

  1. For Aruba IPSec – this is client traffic aware and keepalive is only sent if there is no Tx/Rx from/to the CL2 client behind the IAP. If the client is inactive – then the keepalive mechanism is triggered and failover happens if this fails for configured number of packets.
  2. For Aruba GRE – the tunnel maintenance does not rely on client data and a periodic ping is always sent through the Control-path IPsec tunnel.
  3. Controller does not have an independent keepalive mechanism to validate IAP VPN/GRE tunnels – those are aged out independently based on the AAA time out values for the user entries.
  4. This also implies that tunnel detection is not really bi-directional, and only relies on Tx/RX packet counts on the tunnel devices (tun0 or any other tunnel device) on the IAP.

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.