No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
dpd

dpd

Function

The dpd command sets the idle time for dead peer detection (DPD), DPD packet retransmission interval, and maximum DPD packet retransmission count.

The undo dpd command restores the default idle time for DPD, DPD packet retransmission interval, and maximum DPD packet retransmission count.

The default idle time for DPD is 30 seconds, the default DPD packet retransmission interval is 15 seconds, and the default DPD packet retransmission count is 3.

Format

dpd { idle-time interval | retransmit-interval interval | retry-limit times }

undo dpd { idle-time | retransmit-interval | retry-limit }

Parameters

Parameter

Description

Value

idle-time interval

Specifies the idle time for DPD.

The value is an integer that ranges from 10 to 3600, in seconds.

retransmit-interval interval

Specifies the DPD packet retransmission interval.

The value is an integer that ranges from 3 to 30, in seconds.

retry-limit times

Specifies the maximum DPD packet retransmission count.

The value is an integer that ranges from 3 to 10.

Views

IKE peer view

Level

2: Configuration level

Usage Guidelines

Usage Scenario

In IPSec communication, heartbeat detection detects the peer fault and prevents packet loss. However, periodically sending heartbeat messages consumes CPU resources at both ends. DPD is used to solve the problem. IKE peers send DPD packets to check whether its peer is available.

After the on-demand or periodic DPD mode is set using the dpd type command, IKE peers send DPD packets check whether its peer is available.
  • On-demand DPD

    When the local end needs to send IPSec packets to the remote end, the local end determines that the DPD idle time is reached and sends a DPD request packet to the remote end.

  • Periodic DPD

    The local end determines that the DPD idle time is reached, and periodically sends a DPD request packet to the remote end according to the DPD idle time.

If the local end does not receive a DPD response packet from the remote end within the DPD packet retransmission interval, the local end retransmits the DPD request packet. If the local end still does not receive a DPD response packet after the DPD packet retransmission count is reached, the local end considers that the remote end goes offline, and deletes the IKE SA and IPSec SA.

The dpd command must be used with the dpd type and dpd msg commands.

Precautions

Parameters in the dpd command can be set for each IKE peer separately and do not need to be the same as the parameters on the peer device.

Example

# Set the idle time for DPD to 300 seconds, DPD packet retransmission interval to 10 seconds, and maximum retransmission count to 3.

<Huawei> system-view
[Huawei] ike peer test v1
[Huawei-ike-peer-test] dpd idle-time 300 
[Huawei-ike-peer-test] dpd retransmit-interval 10 
[Huawei-ike-peer-test] dpd retry-limit 3 
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 103835

Downloads: 131

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next