456
Figure 154 KS redundancy
The KSs use a proprietary protocol of Hewlett Packard Enterprise to perform primary KS election,
data exchange, and keepalive functions.
Primary KS election
The KSs elect the KS that has the highest priority as the primary KS. The priority of a KS is set in
"Configuring GDOI KS redundancy." If multiple KSs ha
ve the same priority, the KS with the highest IP
address is elected as the primary KS.
When the primary KS fails, the other KSs re-elect a new primary KS.
Data exchange
The primary KS exchanges data with secondary KSs to achieve data consistency and backup. The
primary KS advertises keys and GM information to secondary KSs, and the secondary KSs send
information about registered GMs to the primary KS.
Keepalive
The primary periodically sends hello messages to secondary KSs. If secondary KSs receive no hello
messages within a specific interval, they consider the primary KS has failed, and re-elect a new
primary KS. During the election, the secondary KSs do not accept registrations from GMs.
Protocols and standards
• RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)
• RFC 3547, The Group Domain of Interpretation(GDOI)
• RFC 3740, The Multicast Group Security Architecture
• RFC 5374, Multicast Extensions to the Security Architecture for the Internet Protocol
Configuration restrictions and guidelines
The IKE settings on the KSs and GMs must match. Otherwise, phase-1 IKE negotiation will fail.
To Next Page
Loading...
Need help?
General
