V1 getOrganizationApplianceVpnStats

JGill
Here to help

V1 getOrganizationApplianceVpnStats

Ok,  First post on the Developers & API's section so let me know if this is the wrong forum.   

I've run into an issue with data for the VPN status .  I have Duel WAN connected MX's running multiple VPN tunnels to multiple data centers.   We've noticed occasionally a WAN link will not establish its Auto-VPN for some reason.  The Meraki dashboard does not reflect this as an issue as long as one VPN tunnel is connected to a datacenter, so I wanted to create a dashboard to pick out the issue. 

 

The process works great "if" both WAN links are up and running and a VPN link is down.  Problem I'm trying to solve is for a location that only has a single connection (either due to failure or just a single connection).  The two data elements are populated if both WAN1 and WAN2 exist.  But if only one exist only one data element is populated (as expected).  Problem is there is no way to denote if its WAN1 or WAN2 missing.  There is a senderUplink / ReceiverUplink settings you would think would only show the active connection.  What I've seen in the data is you still see both WAN interfaces listed in the data even if its down, or not connected (or never connected!).   

 

Here's my api call:

vpnstats = dashboard.appliance.getOrganizationApplianceVpnStats(organization_id, total_pages='all', timespan='300')

 

Here is an extract of a network MOS section where the WAN1 link is in a failed status (one set of MOS data). 

 

'mosSummaries': [{'avgMos': 4.1,
'maxMos': 4.1,
'minMos': 4.1,
'receiverUplink': 'wan1',
'senderUplink': 'wan2'}],

 

(How can the wan1 interface be used as a receiver if its hard down?)

 

For reference here's the MOS data for a site with both interfaces up (two sets of data). In this case I can tell WAN1 is always the first entry, WAN2 is always the second entry based on comparing MOS (loss, etc values) to the dashboard. 

 

'mosSummaries': [{'avgMos': 4.1,
'maxMos': 4.1,
'minMos': 4.1,
'receiverUplink': 'wan1',
'senderUplink': 'wan1'},
{'avgMos': 4.1,
'maxMos': 4.1,
'minMos': 4.1,
'receiverUplink': 'wan1',
'senderUplink': 'wan2'}],

 

My question is if you can't trust the receiverUplink / senderUplink values, how do you denote which interface is having the issue?  It would seem like the Sender / Receiver WAN values should match either way unless there is some asymmetric routing going on.  I could see if two data elements were always present and you had 0 values, but when the data is a single entry regardless of WAN1 or WAN2 its impossible to denote which has failed (just shows 1 has failed). Kinds of kills having a nice columnar web page to review...  

 

Any thoughts or directions to navigate for a solution? 

 

(For what its worth it does solve the original issue of unestablished VPN tunnels they show as 0.0 values, just makes reporting clunky around failed links)

 

Sample extracted report

**************************************************************************************************************
Network                                 Example-HUB1-Datacenter   Example-HUB2-Datacenter Example-HUB3-Datacenter
                                        MOS:    WAN1     WAN2  MOS:     WAN1    WAN2   MOS:     WAN1    WAN2
Example-###-LAB                                     4.1     4.1             4.1     4.1             4.0     4.1
Example-#####-Office                              4.1     4.1             4.1     4.1             4.1     4.1
Example-Netwok-NotCollecting                      --      --              --      --              --      --
Example-##19-******                                 4.1     4.1             4.1     4.1             4.0     4.1
Example-##05-******                                 4.1     4.1             4.1     4.1             4.0     4.1
Example-##03-******dria                             4.1     4.1             4.1     4.1             4.1     4.1
Example-##14-Bingo*x                                4.1     0.0             4.1     0.0             4.0     0.0
Example-##09-******as                               4.1     4.1             4.1     4.1             4.0     4.1
Example-####-******nt                               4.1     4.1             4.1     4.1             4.0     4.1
Example-####-******wn                               4.1     4.1             4.1     0.0             4.0     4.1

 

 

 

1 REPLY 1
JGill
Here to help

Think I have the answer to this question.  The  'senderUplink':  shows the active WAN interface for the VPN tunnel to the HUB.  The 'receiverUplink': is what interface the HUB "sent" the data from.  Since the HUB's are one arm concentrators its always WAN1.   So the answer is you can use the value in the senderUplink to denote the active WAN interface for each tunnel.   

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.