Restrictions

  1. Priority based failover is not supported. It is assumed that both the primary and backup controllers are of the same priority.

  2. When there is a failover to backup controller, the primary controller will not try to re-establish the IPsec session even it becomes active.

  3. Failover to the other (either primary or secondary) controller results in data loss. All the existing application sessions in the switch are expected to be terminated.
    NOTE: The failover will take up to three minutes.

  4. The events such as time change and port flap, breaks the existing IPsec session and triggers a failover. The new IPsec session is established with a backup controller. In such scenario, switch does not perform any reachability test before selecting a controller to retry.