Meraki

Community

How to troubleshoot route connection change errors

nuDz
New here
‎Aug 9 2022 12:37 AM
‎Aug 9 2022 12:37 AM

How to troubleshoot route connection change errors

Hello there,

I could not find anything on the Meraki support pages, so maybe somebody can help me out here:Since a few weeks we get the following error on one of our MX devices:

 

Route connection changepeer_type: l3_vpn, peer: XX:XX:XX:XX:XX:XX, connection_status: disconnected

&

Route connection changepeer_type: l3_vpn, peer: XX:XX:XX:XX:XX:XX, connection_status: connected

a few seconds afterwards.

 

the log does not show any device affected, and I am not sure if the hex code after "peer" relates to a mac- or an IPv6 address. Is there a way to find out which device/route is affected by this? The VPN logs itself do not show any disconnects, but an employee told me that there are indeed lost connections on a software level (the ERP-system gets a timeout). Also, our ISP says that there were no disconnects in the given timeframe.

 

What would be the right way to troubleshoot this issue?

Thanks in advance!

Labels:
0 Kudos
3 Replies 3
MyHomeNWLab
A model citizen
‎Aug 9 2022 1:54 AM
‎Aug 9 2022 1:54 AM

The Peer is the MAC address of the Auto VPN Peer.
Searching by Inventory makes it easy to identify the Peer.
I think the reason it is not the name of the device is to uniquely identify it when the name is changed.

 

There may be a problem between the MX of the Network that is outputting that log and the Auto VPN Peer.

Meraki MX's Auto VPN Tunnel Failure Detection is at 5 second intervals.

Therefore, It is possible that the ISP did not detect the problem due to a short period of flapping.

Incidentally I contacted support, but the detection interval cannot be changed.

 

For your information.

In my work environment, Meraki MX & vMX are flapping to the point of concern.

I think it is because we are using Internet connection and cannot control the quality.

Personally, I would like to know if it is the same in other production environments.

In response to MyHomeNWLab
nuDz
New here
‎Aug 9 2022 2:02 AM
‎Aug 9 2022 2:02 AM

Good to know about that, thanks!

How did you solve the problem? Is there a way to change  Auto VPN Tunnel Failure Detection to something more than 5 seconds? 

 

0 Kudos
In response to nuDz
MyHomeNWLab
A model citizen
‎Aug 10 2022 10:51 PM
‎Aug 10 2022 10:51 PM

Unfortunately, the problem has not been solved.  😫

 

* There is no way to change the fact that the communication will be over the Internet because of Meraki vMX on AWS in my work environment.

 

* Other devices (e.g. IOS-XE) might be able to adjust this with a DPD (Dead Peer Detection) timer.
   However, Meraki has been deployed. 💸

   But we can't adjust the timer in Meraki...

 

It seems that I will probably have to accept this to happen.

Personally, I want to check if another network device using the same internet connection would be more stable.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.