Hello.
I would like to know if anyone can help me out.
My colleague is concerned about what happens when the lifetime expires after a period of time where no communication occurs between shortcut tunnels.
As long as the Parent tunnel with the HUB continues to survive, will the shortcut tunnel also remain unflushed?
It’s the same as normal ipsec vpn.
No traffic and tunnel/keys run out, it will go down if you don’t have auto keep alive/ auto negotiate enabled.
What time without traffic? You stated you’re running bgp. Once the shortcut comes up, it’ll also have bgp advertisements over it — so it’ll never go long without traffic to keep it up.
If the hub is acting as a route reflector then peering is only between hub and spoke not directly between spokes.
Shortcuts are independent of the parent tunnel by default, that can be adjusted by using “set auto-discovery-shortcuts dependent” on the phase1 interface. The shortcut tunnels will inherit the lifetime of the parent tunnel. This can be adjusted by using “set idle-timeout enable” and “set idle-timeout interval x” where x is minutes on the phase1 interface. The tunnel will then timeout when idle, SLAs don’t count towards traffic for this.