SA Exhaustion Behavior

In SA Limits and Network Design, it was described that a security zone has 64 RxSAs and 64 TxSAs. Two RxSAs are used for each RxSC for rollover purposes and two TxSAs are used for TxSC for rollover purposes. This translates to 32 peers per security zone.

Under each port, a max-peer parameter can be configured. This parameter assigns the number of peers allowed on that port.

Caution:

Nokia strongly recommends that the operator ensures the maximum peer does not exceed the limit of maximum peers per security zone or maximum peers per port values (for example, exceed the port max-peer parameter). If the maximum peer is exceeded, the peer connectivity may be random in case of a node failure or packet loss. Peers may join the CA randomly, on a first-come first-served basis.