ike dpd
Function
The ike dpd command enables the dead peer detection (DPD) function.
The undo ike dpd command restores the default configuration.
By default, the DPD function is disabled
This command is supported only on the NetEngine 8000 F1A.
Parameters
| Parameter | Description | Value |
|---|---|---|
| check-interval |
Indicates the interval of transmitting DPD packets. |
It is an integer that ranges from 10 to 3600, in seconds. |
| retry-interval |
Indicates the interval of timeout retransmission of DPD packets. |
It is an integer that ranges from 2 to 60, in seconds. The default value is 5 seconds. |
| on-demand |
Indicates that the DPD function works in traffic-triggering mode. |
- |
| immediately |
Indicates the mode of becoming effective immediately. |
- |
| interval |
Indicates that the DPD function works in polling mode. |
- |
Usage Guidelines
Usage Scenario
Pay attention to the following items:
- interval being configured indicates that the DPD function is in polling mode and DPD packets are sent periodically. If traffic from the peer end is not received within the check-interval, DPD packets are sent periodically. By default, the number of times DPD packets are retransmitted upon timeout is 5. If the retransmission interval is set to a small value, DPD packets are retransmitted more times to ensure that the probe is performed for at least 30 seconds. For example, if the retransmission interval is set to 3 seconds, a maximum of 10 retransmissions can be retransmitted.
- on-demand being configured indicates that the DPD function is in traffic-triggering mode and DPD packets are sent only when there is no traffic in the tunnel. When the local end sends packets, if traffic from the peer end is not received within the check-interval, DPD packets are sent.
- If interval or on-demand is not configured, the DPD function is in traffic-triggering mode by default.
- retry-interval can be configured for a maximum of 3 times. If retry-interval is not configured, the interval for retransmitting the DPD packet is five seconds. Setting a parameter value lower than the configured one is not recommended.
Precautions
The IKE DPD function must be configured so that both ends of an IPsec tunnel can detect the peer status and maintain consistent IPsec tunnel status to ensure uninterrupted IPsec services.
When using the IKEV1 version, IKE DPD must be configured at both ends of the IPsec tunnel at the same time, otherwise the DPD function will not take effect.