For an MKA connection to remain active, a valid MKPDU must be received from the peer at least once every 6 seconds. Because MKPDUs are transmitted every 2 seconds, this allows for the loss of one or two MKPDUs without interruption. If in high-traffic load environments where MKA connections are bouncing due to MKPDU timeouts, increasing MKA lifetime may help stabilize MKA.
Use the set macsec kay mka-life-time command to change MKA lifetime. The same value should be programmed on each peer.