Last Modified: Sep 11, 2019
See more info
Known Affected Versions:
14.1.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 14.1.2, 15.0.0, 15.0.1
Opened: Apr 30, 2019
A restarted standby system can end up with missing SAs, if the high availability (HA) process that mirrors the SAs from persistent storage runs before the configuration of IPsec has completed.
A tunnel outage can occur (until SAs are renegotiated) after failover, if the newly active system lost some mirrored SAs when it was restarted while still acting as the standby system. The impact cannot be observed until standby becomes active, when the missing SAs require a new key negotiation.
The loss of mirrored SAs requires this sequence of events: -- A system becomes standby after failover; then is restarted. -- During restart, HA manages to run before IPsec configuration. -- SAs unsupported by current config are lost despite mirroring. -- After another failover, the newly active system is missing SAs.