Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

dead-peer-detection

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 8.5. Support for the optimized and probe-idle-tunnel options added in Junos OS Release 12.1X46-D10.

Description

Enable the device to use dead peer detection (DPD). DPD is a method used by devices to verify the current existence and availability of IPsec peers. A device performs this verification by sending encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the peer.

Options

intervalSpecify the amount of time that the peer waits for traffic from its destination peer before sending a dead-peer-detection (DPD) request packet.

Default: 10 seconds

Range: 2 through 60 seconds

always-sendInstructs the device to send dead peer detection (DPD) requests regardless of whether there is outgoing IPsec traffic to the peer.
optimizedSend dead peer detection (DPD) messages if there is no incoming IKE or IPsec traffic within the configured interval after outgoing packets are sent to the peer. This is the default DPD mode.
probe-idle-tunnelSend dead peer detection (DPD) messages during idle traffic time between peers.
thresholdSpecify the maximum number of unsuccessful dead peer detection (DPD) requests to be sent before the peer is considered unavailable.

Default: 5

Range: 1 through 5

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.