Skip to content

Avoid overlapping rekeys of backup and main tunnel #19867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

Avoid overlapping rekeys of backup and main tunnel #19867

wants to merge 9 commits into from

Conversation

@ricardomacas
Copy link
Contributor

@ricardomacas ricardomacas commented Feb 10, 2025

Summary

This change will encourage users to not depend on their control plane at exactly the same moment for their pair of tunnels.
Guidance is proposed to offset the backup tunnel for an hour prior to ensure that should the main tunnel be rendered nonfunctional due to a control plane temporary error, the backup tunnel should have completed this transaction on a different moment where the issue likely did not manifest.

Documentation checklist

@ricardomacas
Copy link
Contributor Author

ricardomacas commented May 19, 2025

Am reviewing today as per request.

@hyperlint-ai
Copy link
Contributor

hyperlint-ai bot commented May 19, 2025

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Updated configuration guidance for VPN tunnels to prevent overlapping rekeys between backup and main tunnels, enhancing reliability during control plane disruptions.

  • Encouraged users to offset backup tunnel configurations by one hour from the main tunnel.
  • Updated configuration examples for AWS, Cisco, Fortinet, and VyOS to reflect new lifetime settings for IPsec tunnels.
  • Provided guidance to ensure that backup tunnels do not rekey simultaneously with main tunnels.

Modified Files

  • src/content/docs/magic-wan/configuration/manually/third-party/aws.mdx
  • src/content/docs/magic-wan/configuration/manually/third-party/cisco-ios-xe.mdx
  • src/content/docs/magic-wan/configuration/manually/third-party/fortinet.mdx
  • src/content/docs/magic-wan/configuration/manually/third-party/vyos.mdx
How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

@ricardomacas ricardomacas marked this pull request as ready for review May 20, 2025 14:10
@ricardomacas ricardomacas requested review from a team and marciocloudflare as code owners May 20, 2025 14:10
@marciocloudflare
Copy link
Contributor

marciocloudflare commented Oct 8, 2025

Hi @ricardomacas. PCX is in the middle of a revamp on the way we work and we're going through a backlog cleanup. Right now I need to close this PR since it's rather old by now. When you're ready to pick this up again, please ping me and I'll help seeing this through. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marciocloudflare marciocloudflare Awaiting requested review from marciocloudflare marciocloudflare is a code owner

Assignees

@marciocloudflare marciocloudflare

Labels

product:magic-wan size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ricardomacas @marciocloudflare