No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
dpd type

dpd type


The dpd type command configures the Dead Peer Detection (DPD) mode.

The undo dpd type command cancels the configuration.

By default, no DPD mode is configured.


dpd type { on-demand | periodic }

undo dpd type






Indicates the on-demand DPD mode.


Indicates the periodic DPD mode.



IKE peer view


2: Configuration level

Usage Guidelines

Usage Scenario

In IPSec communication, heartbeat detection detects the peer fault and prevents packet loss. However, periodically sending heartbeat messages consumes CPU resources at both ends. DPD is used to solve the problem. IKE peers send DPD packets to check whether its peer is available.

After the on-demand or periodic DPD mode is set using the dpd type command, IKE peers send DPD packets check whether its peer is available.
  • On-demand DPD

    When the local end needs to send IPSec packets to the remote end, the local end determines that the DPD idle time is reached and sends a DPD request packet to the remote end.

  • Periodic DPD

    The local end determines that the DPD idle time is reached, and periodically sends a DPD request packet to the remote end according to the DPD idle time.

If the local end does not receive a DPD response packet from the remote end within the DPD packet retransmission interval, the local end retransmits the DPD request packet. If the local end still does not receive a DPD response packet after the DPD packet retransmission count is reached, the local end considers that the remote end goes offline, and deletes the IKE SA and IPSec SA.


The sequence of the payload in DPD packets configured on IKE peers using the dpd msg command must be the same. Otherwise, DPD does not take effect.

When multiple branches are connected to the headquarters and the DPD mode of the headquarters is set to periodic detection, DPD detection fails frequently if the network is unstable. As a result, the IPSec tunnel may flap, causing high CPU usage and affecting the establishment of other IPSec tunnels. You are advised to increase the DPD idle time, DPD packet retransmission interval, or number of DPD packet retransmissions of the headquarters or to set the DPD mode of the headquarters to on-demand detection.


# Configure the on-demand DPD mode.

<Huawei> system-view
[Huawei] ike peer huawei v1
[Huawei-ike-peer-huawei] dpd type on-demand
Related Topics
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 88844

Downloads: 121

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next