MX95 AutoVPN Dropping

Solved
jacobi50
Conversationalist

MX95 AutoVPN Dropping

Can anyone else report the following issue?

 

When making minor configuration changes on MX95 on firmware 18.107.2 (Static IP entry, for example, but really any change in the dashboard), we notice that AutoVPN drops for about 30 seconds to all locations connected to the MX. Internet does not drop at all, only connectivity to remote AutoVPN subnets. I opened a ticket with Meraki and they rolled me back to 17.10.4 and the issue is no longer occurring. We have verified this issue on multiple MX95s at different locations, but do not see this a documented bug. This does not seem to be affecting any other models besides the MX95.

 

Can anyone verify that this is a known issue or possibly fixed in 18.107.4 which would require a manual upgrade from Meraki support?

1 Accepted Solution
Malwina
Meraki Employee
Meraki Employee

Hi!

It looks like your environment is experiencing a known unexpected behaviour occurring on HA paris on MX18.1+. This is currently with our engineering team. Should you need any more assistance regarding this later, please don't hesitate to re-open your Meraki Support case 🙂 

View solution in original post

12 Replies 12
PhilipDAth
Kind of a big deal
Kind of a big deal

I haven't seen that issue.

 

Does the MX have a public IP address on it, or is it behind something doing NAT?

jacobi50
Conversationalist

The MX's are configured with static public IP, no double NAT. In my testing I start a continuous ping to 8.8.8.8 as well as a continuous ping to any remote AutoVPN subnet IP. Within 15 seconds of making a change in the dashboard, we see the ping across the AutoVPN timeout for at least 30 seconds while experiencing zero loss on the 8.8.8.8. I don't see this issue reported anywhere, so curious to know if the bug is affecting others who may not be aware.

Malwina
Meraki Employee
Meraki Employee

Hi!

It looks like your environment is experiencing a known unexpected behaviour occurring on HA paris on MX18.1+. This is currently with our engineering team. Should you need any more assistance regarding this later, please don't hesitate to re-open your Meraki Support case 🙂 

jacobi50
Conversationalist

Thank you for linking my issue to a known bug. We are indeed running our MX95s in HA pairs. We will continue to wait for the issue to be fixed in a future firmware.

Bucket
Getting noticed

Is there an ETA on this fix?

Tony-Sydney-AU
Meraki Employee
Meraki Employee

There's no ETA at this moment.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Bucket
Getting noticed

Any ETA on this? Getting a bit tired of having to do maintainance windows for minor changes 😉

Tony-Sydney-AU
Meraki Employee
Meraki Employee

No ETA at this stage. Please, don't kill the messenger! 😁

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Ryan_Miles
Meraki Employee
Meraki Employee

I think this is now addressed in 18.107.6 

 

"Corrected an issue that resulted in AutoVPN tunnels briefly dropping and re-establishing after configuration or WAN connectivity change if 1) the MX was configured in high availability (HA) mode and 2) both AutoVPN peers were running MX 18"

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
jacobi50
Conversationalist

I confirmed 18.107.6 is working for us. Thank you

Tony-Sydney-AU
Meraki Employee
Meraki Employee

Hello everyone! Yes, @Malwina Malwina is correct. That behaviour may be observed in other MX models if they also run in HA (a.k.a. Warm Spare). From my knowledge, you can workaround this issue by temporarily running firmware 17-10-8 if your don't mind having a previous firmware.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Tony-Sydney-AU
Meraki Employee
Meraki Employee

Good news everyone! This behaviour was fixed by firmware release 18.107.6 now. This solution was confirmed by @Ryan_Miles first and @jacobi50 later. Thanks for sharing!

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels