redundancy replay-interval
Use redundancy replay-interval to set the anti-replay window lower bound value synchronization interval for inbound packets and the sequence number synchronization interval for outbound packets.
Use undo redundancy replay-interval to restore the default.
Syntax
redundancy replay-interval inbound inbound-interval outbound outbound-interval
undo redundancy replay-interval
Default
The active device synchronizes the anti-replay window lower bound value every time it receives 1000 packets and synchronizes the sequence number every time it sends 100000 packets.
Views
IPsec policy view
IPsec policy template view
Predefined user roles
network-admin
mdc-admin
Parameters
inbound inbound-interval: Specifies the interval at which the active device synchronizes the lower bound value of the IPsec anti-replay window to the standby device. This interval is expressed in the number of received packets, in the range of 0 to 1000. If you set the value to 0, the lower bound value of the anti-replay window will not be synchronized.
outbound outbound-interval: Specifies the interval at which the active device synchronizes the IPsec anti-replay sequence number to the standby device. This interval is expressed in the number of sent packets, in the range of 1000 to 100000.
Usage guidelines
The intervals take effect only after you enable IPsec redundancy by using the ipsec redundancy enable command.
A short interval improves the anti-replay information consistency between the active device and the standby device, but it sacrifices the forwarding performance of the devices.
Examples
# Set the anti-replay window lower bound value synchronization interval for inbound packets to 800. Set the sequence number synchronization interval for outbound packets to 50000.
<Sysname> system-view [Sysname] ipsec policy test 1 manual [sysname-ipsec-policy-manual-test-1] redundancy replay-interval inbound 800 outbound 50000
Related commands
ipsec anti-replay check
ipsec anti-replay window
ipsec redundancy enable