Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
5
Helpful
1
Replies

Cloudsec rekey and NDO failure

Go to solution
kjdhghsghsfg
Level 1
Level 1

‎08-01-2022 03:29 AM

Hi

Let's assume ACI Multi-site environment with Cloudsec. Assume ND/NDO cluster fails completely. Normally this does not affect data plane and (some) of the management can still be done via APICs.

Question: what happens to cloudsec rekey process? NDO has a role in the process. Will cloudsec continue using old keys until NDO cluster is restored ("forever")? Or will rekey fail and break inter-site connectivity? Or something else?

I do know that ND/NDO is a redundant cluster of multiple nodes but I have seen the entire cluster failing e.g. due to bugs.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎08-04-2022 11:21 AM

If NDO is unavailable in this situation, the existing Keys will continue to be used (indefinately) and intersight communication will continue to flow encrypted.  Once NDO comes back online, all switches will rekey as usual without intervention required.

Robert

View solution in original post

1 Reply 1

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎08-04-2022 11:21 AM

If NDO is unavailable in this situation, the existing Keys will continue to be used (indefinately) and intersight communication will continue to flow encrypted.  Once NDO comes back online, all switches will rekey as usual without intervention required.

Robert

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License