I want deploy 500-600 branch with get vpn to encrypt the traffic and i have issue :
- When keyserver rekey the GM, all GM within 20-30 seconds have cpu process around 99%. Is this issue normal for Router GM when receive rekey
from keyserver ??
Capture log :
Jun 3 09:24:27.561: %GDOI-5-GM_RECV_REKEY: Received Rekey for group GDOI-GROUP1 from 10.192.1.1 to 10.148.192.2 wi 22
0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
Router-GM#sh processes cpu
CPU utilization for five seconds: 99%/0%; one minute: 22%; five minutes: 41%
- After GM fail closed because keyserver down, can GM will be fail open again besides using "clear crypto gdoi". Because if keyserver down in worse
case, can traffic which encrypt go in clear text(not encrypt) like normal traffic.
- And if I want deploy 500 branch(GM) using get vpn and I use different Router as keyserver ( Router 3845 and Router 3825 ) will this make issue went keyserver primary goes down and keyserver secondary became primary?? So far I try is no problem.
Topology that i use : keyserver -> Router Wan (GM) -> ISP(MPLS) -> Router branch (GM). Please help me with that issue, because i affraid that i do wrong way.