Dear community,
after a failure in one of our KS, I noticed something on all the KSs. I don't know if what I will describe is the correct behaviour, but I sure would like to understand the output of the issued commands.
We have 4 KS in our environment. Two in the main site (KS1, KS2) and two at the disater site (KS3 , KS4). All of them are functional and our company's remote sites are configured to register to each one in a round robin fashion. KS1 is configured as the primary KS, KS2 has priority 90, KS3 priority 80 and KS4 priority 70.
KS3 failed for about 6 hours due to power supply failure. When issuing the command "show crypto gdoi ks coop" on KS1 I noticed that for all the KSs (even the failed one):
Peer KS Status: Alive. I should have expected that for KS3 the status would have been Unknown, since the device has been unresponsive for over 6 hours.
All other KSs showed the Peer KS Status for the dead KS as unknown.
KS3 finally came up and I wanted to check if anything had changed in the way that the rest of the KSs "knew" one another. So again on KS1 I issued the command "show crypto gdoi ks coop" and once again all the KSs were alive.
On KS2 the "Peer KS status" was alive for KS1 only and unknown for KS3 and KS4.
On KS3 the "Peer KS status" was alive for KS1 only and unknown for KS2 and KS4.
On KS4 the "Peer KS status" was alive for KS1 only and unknown for KS2 and KS3.
Shouldn't all KSs peer with one another? Or do they just peer with the KS that is primary at any given moment? If a KS fails shouldn't it show as unknown on the primary KS?
Thanks in advance,
Katerina
