SA exhaustion behavior

A security zone has 64 Rx-SAs and 64 Tx-SAs, as described in SA limits and network design. Two Rx-SAs are used for each Rx-SC for rollover purposes, and two Tx-SAs are used for Tx-SC for rollover purposes. This translates to 32 peers for each security zone.

Under each port, you can configure a max-peer command to assign the number of peers allowed on that port.

Note:

Ensure that the number of peers does not exceed the limit of maximum peers per security zone or maximum peers per port.

If the maximum peer is exceeded, the peer connectivity becomes random. In the case of a node failure or packet loss, peers join the CA randomly, on a first-come-first-served basis.

Caution:

Nokia strongly recommends that the maximum peer value is not exceeded per security zone or port.