08-01-2022 03:29 AM
Hi
Let's assume ACI Multi-site environment with Cloudsec. Assume ND/NDO cluster fails completely. Normally this does not affect data plane and (some) of the management can still be done via APICs.
Question: what happens to cloudsec rekey process? NDO has a role in the process. Will cloudsec continue using old keys until NDO cluster is restored ("forever")? Or will rekey fail and break inter-site connectivity? Or something else?
I do know that ND/NDO is a redundant cluster of multiple nodes but I have seen the entire cluster failing e.g. due to bugs.
Thanks
Solved! Go to Solution.
08-04-2022 11:21 AM
If NDO is unavailable in this situation, the existing Keys will continue to be used (indefinately) and intersight communication will continue to flow encrypted. Once NDO comes back online, all switches will rekey as usual without intervention required.
Robert
08-04-2022 11:21 AM
If NDO is unavailable in this situation, the existing Keys will continue to be used (indefinately) and intersight communication will continue to flow encrypted. Once NDO comes back online, all switches will rekey as usual without intervention required.
Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide