Symptom
SD-WAN BFD session down because of IPSec anti-replay packet drops.
Conditions
This issue is likely observed when NAT session flap or the peer router get reloaded.
Workaround
Manually do IPsec rekey from remote end via "request platform software sdwan security ipsec-rekey" to reset SPI sequence number.
Further Problem Description
IPSec SA receives anti-replay error and SD-WAN BFD session get stuck into down state because of all of IPsec packets getting dropped for one direction.
