Non-symmetric work queue configuration behaviour is ill-defined
eugeneia opened this issue · 1 comments
eugeneia commented
Vita scales by using multiple work queues, each having a dedicated public interface. Further, each work queue performs independent AKE negotiations and uses its own private SPI space for SAs.
It is not well defined how configurations with different numbers of work queues at each end of a route should behave. Currently, work queues do fall back to using the first gateway of a route. However, this leads to a defunct setup since the key manager does not handle negotiations from multiple concurrent remote parties gracefully.
We should either explicitly forbid these kinds of configurations or implement a sane fallback behaviour.