VPN Connectivity Change

Shubh3738
Building a reputation

VPN Connectivity Change

At day, Iam received continuously 3-4 times vpn connectivity change alert.

And that time, dns and services hosted on cloud that is connected through ip-sec tunnel is unreachable for 5-6 seconds.

This alert comes only during daytime, if there is any problem related to connectivity and power the alert should have come at night also.

Shubh3738_0-1713346457705.png

 

19 Replies 19
cmr
Kind of a big deal
Kind of a big deal

Where are the respective ends of the connection?

Do you only have one line at each site?

It looks like a temporary loss of connectivity at either a tail circuit on either site, or congestion over the internet somewhere in between.  I'd guess the latter as it is only happening in the day when the internet is generally busier.

Do you have SDWAN+ licensing or Insights?  If so you can do some monitoring of the path with those. 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

First, are you using a currently stable or better firmware image?

I have also seen this happen when the MX is overloaded.  You can see the load by going to Organization/Summary report.  Set the period to "1 day" at the top.  It is in the panel down the bottom left.

PhilipDAth_0-1713381711771.png

What model MX do you have, and how many users do you have?

Shubh3738
Building a reputation

Hi @PhilipDAth 

Shubh3738_0-1713442967850.png

Last day

Shubh3738_0-1713443457473.png

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

There should be a panel in the bottom left-hand corner like this:

PhilipDAth_0-1713474591650.png

If you still don't see it, change the report from being for the whole organization to just the one network with the MX.

Shubh3738
Building a reputation

Shubh3738_0-1713519393159.png

 

Shubh3738
Building a reputation

Shubh3738_0-1714124063089.png

 

Shubh3738
Building a reputation

Shubh3738_0-1714123696229.png

 

MX 450 in HA, Users around 500-650 including all devices

cmr
Kind of a big deal
Kind of a big deal

You are getting failover events that is causing the problem I believe.  This could be the SNORT engine or other crashing, or simply VRRP issues on the LAN side.  What devices are the LAN ports of the MXs connected to an how many links are there?  What version of MX code are you running?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Shubh3738
Building a reputation

Current version: MX 18.107.2

Links- 2 ISP leased line Links.

Lan ports in MXs connected- Only core Switches that is also in HA.

Shubh3738_0-1714132059534.png

 

cmr
Kind of a big deal
Kind of a big deal

I'd update to 18.107.10 as that has quite a few fixes for HA failures and CPU overload failures.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Shubh3738
Building a reputation

Few days ago , i upgrade MX firmware 18.107.2 to MX 18.210. Many Services got impacted. At last, i roll back to previous version then services starte...

And As i check 18.107.10 is not a stable version.

cmr
Kind of a big deal
Kind of a big deal

Indeed, it is a Stable Release Candidate patch firmware.  We've used it successfully, but if it doesn't work for you then absolutely roll back!

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Shubh3738
Building a reputation

Ok I will upgrade today, then see.

cmr
Kind of a big deal
Kind of a big deal

As for 18.2xx I too have seen issues with that release.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Shubh3738
Building a reputation

Iam upgraded my MX to 18.107.10 , All services working fine.

Hope! It will resolve my issues. See Tomorrow

cmr
Kind of a big deal
Kind of a big deal

Good luck! 🤞🙏

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Shubh3738
Building a reputation

Hi,

Still facing same issue.

Shubh3738_0-1714217668711.png

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Also, if this is to Amazon AWS or Azure, consider using a VMX to resolve this problem.

https://meraki.cisco.com/product/hybrid-cloud/vmx/vmx-small/ 

Shubh3738
Building a reputation

We are still approaching to host VMx on same VPC of the AWS, but not getting proper response to do the same from aws end.

Get notified when there are additional replies to this discussion.