Support Center > Search Results > SecureKnowledge Details
Identities are not shared with all gateways
Symptoms
  • Not all gateways that were configured to receive identities, are getting the identities.

  • Output of 'pdp monitor all' command shows that all users are shared between gateways.

  • Output of 'pdp control sync' command does not show any errors.

  • Output of 'pdp network registered' command shows that some networks do not transmit to all gateways.

  • Debug of PDP daemon ("pdp debug set all all") shows:

    [NETWORK(TD::Events)] void pdp::NetworkRegistrationDB::fetchRegisteredGateways(const unsigned int&, const unsigned int&, pdp::REGISTERED_GATEWAYS&): N matched gateways

    where number "N" is less gateways than should be (receiving the identities).
Cause

When using Identity Agent:

Packet tagging information, such as authentication key and encryption algorithm is propagated to PEP during session publishing only in 2 cases:

  • when 'PacketTaggingAck' is received
  • when packet tagging key is revoked

In all other cases, packet tagging information is not published. As a result, authentication key and encryption algorithm are not defined in PEP, and the rules with packet tagging Roles are not enforced.

 

When Identity Agent is not used:

In a multi-core gateway, there might be a case where the PEP daemon sends a request to unregister a network and at same time send a request to register a network, from a different core instance.

PDP might respond that the register command was not received.


Solution
Note: To view this solution you need to Sign In .