Meraki MX Route traffic though Down Peer

LYYIHEANG
Comes here often

Meraki MX Route traffic though Down Peer

Dear Team,

 

Currently Our Meraki MX got issue which cause service interrupt. MX itself route VPN traffic to Down peer which are not in priority Peer. Normally, It should go through primary priority peer or working peer but recently it route VPN to down peer. instead. Is there anyone face the same issue?VPN_Status-01.png

3 REPLIES 3
MyHomeNWLab
A model citizen

I do not have the same problem in my environment (MX64, MX67, vMX-S).

 

However, there is a topic that may be relevant.

 

AutoVPN Connectivity Issues - The Meraki Community
https://community.meraki.com/t5/Meraki-Service-Notices/AutoVPN-Connectivity-Issues/ba-p/149812

Bruce
Kind of a big deal

The MX makes an uplink decision based on the status of the uplinks (I.e. up/down) and the status and performance of the VPN tunnels if you’ve configured SD-WAN routing in your environment.

 

The choice of the Auto VPN peer to send traffic to is purely based on IP address, and each site has different IP addressing, so if a particular site is unreachable (e.g. the VPN is down) then traffic destined for IP addresses at that site will go nowhere unless another site is also advertising the same IP addresses (which can be done using static routes via a non-Auto VPN path between sites, or if you’re using VPN concentrators as a head-end).

 

So, if you’re expecting traffic to failover to another peer, then make sure that other peer is advertising the same IP addresses as the primary peer.

BazMonkey
Getting noticed

We saw a similar Friday where we lost about 30  of our 730 VPNs.
We also saw a VRRP transition that preceeded the fault. We have to break the VRRP and the issues were resolved.
A few hours later we has issues where all our VPNs saw latency of 1500ms. I called TAC and there was a major P1 in the Meraki Cloud. They got all our spokes to re-sync there routes and config and it all came good

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels