MKA Hello timer
MKA uses a member identifier (MI) for each node in the CA domain.
A participant proves liveness to each of its peers by including its MI and an acceptably recent message number (MN) in an MKPDU.
To avoid having a new participant respond to each MKPDU from each partner as it is received, or trying to delay its reply until it is likely that MI MN tuples have been received from all potential partners, each participant maintains and advertises both of the following:
-
live peers list
-
potential peers list
A live peers list includes all the peers that included the participant MI and a recent MN in a recent MKPDU.
A potential peers list includes all the other peers that transmitted an MKPDU that was directly received by the participant or peers that were included in the live peers list of an MKPDU transmitted by a peer that has proved liveness.
Peers are removed from each list when an interval between MKA Life Time and MKA Life Time plus MKA Hello Time has elapsed since the most recent participant MN transmission. This interval is sufficient to ensure that two or more MKPDUs have been lost or delayed prior to the incorrect removal of a live peer.
The following table describes the MKA participant timer values supported on the 7705 SAR.
|
Timer use |
Timer |
Timeout (option) in seconds |
|---|---|---|
Per participant periodic transmission, initialized for each transmission on expiry |
MKA Hello Time or MKA Bounded Hello Time |
2.0 |
Per peer lifetime, initialized when adding to or refreshing the potential peers list or live peers list; expiry causes removal from the list |
MKA Life Time |
6.0 |
Participant lifetime, initialized when the participant is created or following the receipt of an MKPDU; expiry causes the deletion of the participant |
||
Delay after last distributing a SAK, before the Key Server distributes a fresh SAK following a change in the live peers list while the potential peers list is still not empty |