redundancy replay-interval

Use redundancy replay-interval to set the anti-replay window lower bound value synchronization interval for inbound packets and the sequence number synchronization interval for outbound packets.

Use undo redundancy replay-interval to restore the default.

Syntax

redundancy replay-interval inbound inbound-interval outbound outbound-interval

undo redundancy replay-interval

Default

The active device synchronizes the anti-replay window lower bound value every time it receives 1000 packets and synchronizes the sequence number every time it sends 100000 packets.

Views

IPsec policy view

IPsec policy template view

Predefined user roles

network-admin

mdc-admin

Parameters

inbound inbound-interval: Specifies the interval at which the active device synchronizes the lower bound value of the IPsec anti-replay window to the standby device. This interval is expressed in the number of received packets, in the range of 0 to 1000. If you set the value to 0, the lower bound value of the anti-replay window will not be synchronized.

outbound outbound-interval: Specifies the interval at which the active device synchronizes the IPsec anti-replay sequence number to the standby device. This interval is expressed in the number of sent packets, in the range of 1000 to 100000.

Usage guidelines

The intervals take effect only after you enable IPsec redundancy by using the ipsec redundancy enable command.

A short interval improves the anti-replay information consistency between the active device and the standby device, but it sacrifices the forwarding performance of the devices.

Examples

# Set the anti-replay window lower bound value synchronization interval for inbound packets to 800. Set the sequence number synchronization interval for outbound packets to 50000.

<Sysname> system-view
[Sysname] ipsec policy test 1 manual
[sysname-ipsec-policy-manual-test-1] redundancy replay-interval inbound 800 outbound 50000

Related commands

ipsec anti-replay check

ipsec anti-replay window

ipsec redundancy enable