When a CHILD_SA is rekeyed, there is a time when SAD will have two SA
entries corresponding to the CHILD_SA that is rekeyed. In other words
this is the time, when stack has received a correct response  to
CREATE_CHILD_SA Request and hence has installed the new SA in SAD,
however it has yet not deleted the old SA entry from SAD.

During this time if a packet is to be sent out using the CHILD_SA, how
do we know which SA Entry is to be used out of the 2 Entries.

Thanks for your reply in advance.

Users mailing list

Reply via email to