cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX84 with two internet links. One in failed state, but transmitting

SOLVED
Highlighted
Conversationalist

MX84 with two internet links. One in failed state, but transmitting

Hello, 

I have an MX84, two internet links (100Mbps each). WAN2 shows as Active, WAN1 as failed. 

Both are configured with static IP addresses, and worked when tested with the same addresses from a laptop connected directly to the ISP.

 

Pablo__1-1590682829427.png

What is strange, is that a traceroute from the MX will show the correct path when tested with each uplink. WAN1 (in failed state), will show the expected next hop and the ISPs internal hosts. Those will be different from WAN2.

Pablo__3-1590683058516.png

 

Hourly tested is configured in SD-WAN, and both links show packet loss near 0% (WAN1 shows 100% until it was plugged in, of course)

 

Pablo__0-1590682688727.png

 

The route table shows:

Pablo__4-1590683144372.png

 

The configuration is below. Clearly, traffic can flow on that interface, but status will not change to Active, and I suspect this means it will not send client traffic through it (it is configured to load balance).

 

I've restarted already. Any ideas?

 

Thank you,

Pablo

 

Pablo__2-1590682848004.png

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: MX84 with two internet links. One in failed state, but transmitting

The ping test to 8.8.8.8 is not used for detecting failure.  It is only used for monitoring.  These is the failover logic:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo... 

 

Is the DNS configured on the failed WAN port correct and working?

View solution in original post

7 REPLIES 7
Highlighted
Kind of a big deal
Kind of a big deal

Re: MX84 with two internet links. One in failed state, but transmitting

The failed state means that it cannot reach the primary monitored IP (8.8.8.8 in your case).  If you add another monitoring IP that you can reach over that link and make that primary it will show as active.

 

cmr_0-1590683789347.png

 

Kind of a big deal

Re: MX84 with two internet links. One in failed state, but transmitting

If adding an additional IP for monitoring doesn't bring it up, you may also need to contact your ISP. Some ISPs will lock static IPs to mac addresses, and take forever to time it the arp table on their device.

Unfortunately, using a laptop to troubleshoot can make that timeout process last even longer. Still a very good troubleshooting step!

Highlighted
Conversationalist

Re: MX84 with two internet links. One in failed state, but transmitting

Hello, and thank you for your message.

 

The traceroute shows the MX can reach 8.8.8.8 with either link, and in each case going through the ISP assigned to that link.

 

I've added 172.217.10.142 (one of google.com's addresses), and i get the same results: I can run a traceroute from the MX, each one goes a different route and through the ISP connected to each link, but WAN1 remains in failed state.

 

The historical data seems to show that 8.8.8.8 is reachable for both connections too:

 

Pablo__0-1590692432915.png

 

Thank you,


Pablo

 

Highlighted
Conversationalist

Re: MX84 with two internet links. One in failed state, but transmitting

Thank you, guys. I'll let it run for a bit with the new target IP. So far it's testing fine on both, but remains in failed state.

Will try to force traffic through the one marked as failed with an SD-WAN policy too.

 

Best,

 

Pablo

Highlighted
Kind of a big deal

Re: MX84 with two internet links. One in failed state, but transmitting

The ping test to 8.8.8.8 is not used for detecting failure.  It is only used for monitoring.  These is the failover logic:

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo... 

 

Is the DNS configured on the failed WAN port correct and working?

View solution in original post

Highlighted
Conversationalist

Re: MX84 with two internet links. One in failed state, but transmitting

You nailed it. I trusted the ISP DNS servers instead of going with Cloudflare.

 

Once I set 1.1.1.1, the DNS test succeeded and the link became active. The link you added was very useful in understanding the process.

 

Thank you!

 

Pablo

Highlighted
Kind of a big deal

Re: MX84 with two internet links. One in failed state, but transmitting

Ooh, glad you got it, but yeah. Never trust your ISP DNS unless you've absolutely got to for some reason.

 

Hint: Haven't met a reason yet.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.