626retry seconds: Specifies the DPD retry interval in the range of 2 to 60 seconds. The default is 5seconds.on-demand: Triggers DPD on demand. The device triggers DPD if it has IPsec traffic to send andhas not received any IPsec packets from the peer for the specified interval.periodic: Triggers DPD at regular intervals. The device triggers DPD at the specified interval.Usage guidelinesDPD is triggered periodically or on-demand. As a best practice, use the on-demand mode when thedevice communicates with a large number of IKEv2 peers. For an earlier detection of dead peers,use the periodic triggering mode, which consumes more bandwidth and CPU.The triggering interval must be longer than the retry interval, so that the device will not trigger a newround of DPD during a DPD retry.Examples# Configure on-demand IKEv2 DPD. Set the DPD triggering interval to 10 seconds and the retryinterval to 5 seconds. system-view[Sysname] ikev2 profile profile1[Sysname-ikev2-profile-profile1] dpd interval 10 retry 5 on-demandRelated commandsikev2 dpdencryptionUse encryption to specify encryption algorithms for an IKEv2 proposal.Use undo encryption to restore the default.SyntaxIn non-FIPS mode:encryption { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192 |aes-ctr-256 | camellia-cbc-128 | camellia-cbc-192 | camellia-cbc-256 | des-cbc } *undo encryptionIn FIPS mode:encryption { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192 | aes-ctr-256 } *undo encryptionDefaultNo encryption algorithm is specified for an IKEv2 proposal.ViewsIKEv2 proposal viewPredefined user rolesnetwork-adminParameters3des-cbc: Uses the 3DES algorithm in CBC mode, which uses a 168-bit key.aes-cbc-128: Uses the AES algorithm in CBC mode, which uses a 128-bit key.aes-cbc-192: Uses the AES algorithm in CBC mode, which uses a 192-bit key.