The current description of this leaf is "Rekey on peer loss." . This description should be updated to clearly state that when this leaf is set to "True", a peer loss will trigger a rekey only if the MKA key-server peer still has live peers available. If there are no live peers, the rekey behaviour will depend on the traffic policy ( link ).
This behaviour makes sense because, when the traffic policy is "use active-sak" (Arista) or an equivalent traffic policy implemented by other vendors is configured, the MACsec KaY should not perform a rekey on live peer loss. Instead, preserve the current SAK, and allow traffic exchange to continue using that SAK.
New Description : When set to true, the loss of a peer triggers a rekey only if the MKA session still has other live peers. If no live peers remain, the rekey behaviour is determined by the configured traffic policy. Depending on the policy, the implementation may continue using the currently active SAK to allow ongoing traffic or remove the SAK.
The current description of this leaf is "Rekey on peer loss." . This description should be updated to clearly state that when this leaf is set to "True", a peer loss will trigger a rekey only if the MKA key-server peer still has live peers available. If there are no live peers, the rekey behaviour will depend on the traffic policy ( link ).
This behaviour makes sense because, when the traffic policy is "use active-sak" (Arista) or an equivalent traffic policy implemented by other vendors is configured, the MACsec KaY should not perform a rekey on live peer loss. Instead, preserve the current SAK, and allow traffic exchange to continue using that SAK.
New Description : When set to true, the loss of a peer triggers a rekey only if the MKA session still has other live peers. If no live peers remain, the rekey behaviour is determined by the configured traffic policy. Depending on the policy, the implementation may continue using the currently active SAK to allow ongoing traffic or remove the SAK.