Correction #15678
open
Update IPsec documentation
Added by Mike Moore 3 months ago.
Updated 27 days ago.
Description
Until redmine 14483 is rectified please add a note in the documentation where it states that any changes to any IPsec tunnel (description change, p1/p2) no matter how arbitrary, will result in ALL ipsec tunnels dropping traffic.
A colleague of mine recently got hit by this as well and i had to inform him of this issue. For background, this is a FinTech client with multiple tunnels to different vendors for FIX traffic and a description change on a non-prod tunnel , clicked Apply, led to all FIX traffic dropping.
This is a big deal and should be noted in the documentation until corrected.
I've also learned this the hard way - it's especially disruptive when changing the Mobile IPsec tunnel and everyone gets disconnected.
Strangely it seems that not every change does this, but there's no way of knowing.
I can understand that this issue takes time to unravel and fix. What i don't understand is why there is no notification about it in the official documentation. A warning blurb.
IPsec, from a reliability and connectivity perspective, is broken on the platform. Ignoring this redmine or at least not acknowledging it really rocks my confidence not just in the product but in the engineering that goes into it.
I can fully understand that this is an issue that may be complicated. I can understand a fix is coming. Businesses rely on this product to make money and as i wrote in this redmine, having 100 tunnels bounce at the beginning of the trade open because an engineer made an IPsec change for a single tunnel is unacceptable. Not putting any notification in the documentation is just unacceptable.
Also available in: Atom
PDF