We are testing the GET VPN scenario over the MPLS infrastructure by using 2 key servers. In the one of the key server, we defined the local priority greater than the other key server. The key servers among themselves choosed the higher priority defined key server as the primary.
In the group member configuration, we defined the key server addresses in the order of primary and secondary.
When we unplug the primary key server and all the members of that group registers with the secondary key server and when the primary key server came back, the member registration shows with the secondary key server. Is there a way like in HSRP to preempt to the primary key server.
Second thing is, when we unplug the secondary key server, the members who were registered to secondary key server still shows registration with that key server irrespective that key server goes down. Is that a normal thing ?
Kindly assist us.
Anantha Subramanian Natarajan
The GM shows the 'Active' KS from the Group Server List as the KS that the GM LAST registered with. It doesn't mean the GM will re-register with this KS first should it fail to get a rekey. The GM always starts at the top of it's ordered list.