1. Priority based failover is not supported.
  2. When there is a failover to backup controller, the primary controller will not try to re-establish the IPsec session when it becomes active.

  3. Failover to the other (either primary or secondary) controller results in data loss. All the existing application sessions in the switch will be terminated.
    NOTE: The failover will take up to three minutes.
  4. The events such as time change and port flap, breaks the existing IPsec session and triggers a failover. The new IPsec session is established with a backup controller. In such scenario, switch does not perform any reachability test before selecting a controller to retry.