10-28-2010 02:50 PM - edited 02-21-2020 04:56 PM
Hi, imagine that for redundancy reasons, I want to setup a Key Server in California and another Key Server in Hong Kong.
Is there any latency issue to be aware when deploying Key Servers far away from each other?
Solved! Go to Solution.
10-29-2010 06:46 AM
I don't think so. The 2 key servers have a secure tunnel between each other so if there is a problem you should see it with that tunnel. The key servers don't provide any latency sensitive information that I have seen.
10-29-2010 06:46 AM
I don't think so. The 2 key servers have a secure tunnel between each other so if there is a problem you should see it with that tunnel. The key servers don't provide any latency sensitive information that I have seen.
10-29-2010 08:02 PM
Hi,
Minor correction here, with GETVPN the pseudo-time passed between the Key Servers is time sensitive, since it doesn't use a wall clock (eg., ntp) as a time reference. The pseudo-time will be exchanged during the KS election, and will later be used for both data and control plane time-based anti-replay. For the most part, the inaccuracy in pseudo-time due to latency is negligible (1 sec is a loooong time in networking ), so you shouldn't have to worry about it with any reasonable anti-replay threshold configured.
Thanks,
Wen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide