When two PDP Gateways share the same identities to the same PEP Gateway, orphaned entries are generated on PEP Gateway in the kernel table 'pep_client_db
'.
Most of the time, each PDP Gateway publishes unique identities, but sometimes the same identity is published from both PDP Gateways.
In such scenario:
- When the first publish arrives (from PDP GW #1), proper entries are created in the kernel table '
pep_src_mapping_db
' and in the kernel table 'pep_client_db
'.
- When the second publish arrives (from PDP GW #2), a new entry is added to the kernel table '
pep_client_db
' and the old entry in the kernel table 'pep_src_mapping_db
' is modified (to point to the new one). An old entry in the kernel table 'pep_client_db
' is not deleted.
- When an identity is expired on PDP GW #2, it is revoked and, as a result, only the old entry in the kernel table '
pep_client_db
' remains. The administrator sees this identity on PEP Gateway, but it is not enforced.