This section describes NGE configuration guidelines and restrictions. For more information about configuring NGE using the NSP NFM-P, see the NSP NFM‑P User Guide.
Consider the following restrictions when performing NGE configuration tasks:
The authentication and encapsulation keys must contain the exact number of hexadecimal characters required by the algorithm used. For example, using sha256 requires 64 hexadecimal characters.
The key group bound to an SDP or service must be unbound from that SDP or service before the active outgoing SA for the key group can be removed.
The active outgoing SA must be removed (deconfigured) before the SPI can be deleted from the SA list in the key group.
The encryption or authentication algorithm for a key group cannot be changed if there are any SAs in the key group.
The encryption configured on an SDP used to terminate the Layer 3 spoke SDP of a VPRN (enabled or disabled) always overrides any VPRN-level configuration for encryption. See section ‟VPRN Layer 3 Spoke-SDP Encryption and MP-BGP-based VPRN Encryption Interaction” in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 3 Services Guide: IES and VPRN for more information.
The NSP NFM-P provides configuration parameters that are not configurable using the CLI. See Network services platform management for more information.