Currently Our Meraki MX got issue which cause service interrupt. MX itself route VPN traffic to Down peer which are not in priority Peer. Normally, It should go through primary priority peer or working peer but recently it route VPN to down peer. instead. Is there anyone face the same issue?
The MX makes an uplink decision based on the status of the uplinks (I.e. up/down) and the status and performance of the VPN tunnels if you’ve configured SD-WAN routing in your environment.
The choice of the Auto VPN peer to send traffic to is purely based on IP address, and each site has different IP addressing, so if a particular site is unreachable (e.g. the VPN is down) then traffic destined for IP addresses at that site will go nowhere unless another site is also advertising the same IP addresses (which can be done using static routes via a non-Auto VPN path between sites, or if you’re using VPN concentrators as a head-end).
So, if you’re expecting traffic to failover to another peer, then make sure that other peer is advertising the same IP addresses as the primary peer.
We saw a similar Friday where we lost about 30 of our 730 VPNs. We also saw a VRRP transition that preceeded the fault. We have to break the VRRP and the issues were resolved. A few hours later we has issues where all our VPNs saw latency of 1500ms. I called TAC and there was a major P1 in the Meraki Cloud. They got all our spokes to re-sync there routes and config and it all came good