Running SRX550 12.3x48-D30 and have a few VPN tunnels using IKEv2 . Tunnels, zones, interfaces are all broken out into custom routing tables for complete separation. OSPF is also running over the st0.x interface. At random times on random pick of tunnel(s) a log message of : "IKE negotiation failed with error: IKE SA rekey successfully completed. IKE Version: 2" (YES YOU READ THAT CORRECTLY, A FAILURE FOR A SUCCESS) followed by an immediate drop of the tunnel generating message "KMD_VPN_DOWN ......IPSec SAs cleared as corresponding IKE SA deleted" . Of course when the tunnel drops off, OSPF drops adjacencies as well. Only reason I feel IKEv2 may be unstable is becuase I have IKEv1 tunnels running in a near identical configuration and have for years and they are completely stable (only differences are IKEv1, JunOS versions, and the new ones are using stronger encryption)
From what I can tell the link is fine. If the link these tunnels are traveling was having issues I would expect to see all tunnels on an individual link drop and not 1 of 10 tunnels drop.
The logs it generates seem buggy and I am almost ready to go back to to IKEv1 but just wondering if anyone has seen similar logs like above or had IKEv2 tunnels be so unsable. I have already disabled VPN monitoring as I suspected that originally.
Alos these are not multi-vendor tunnels, it is 100% SRX all around running identical versions of JunOS.