Meraki

Community

Meraki MX warm spare failover: Sticky ICMP flows

Frank-NL
Building a reputation
‎Jun 3 2025 8:52 AM
‎Jun 3 2025 8:52 AM

Meraki MX warm spare failover: Sticky ICMP flows

Hi,

 

We are seeing some strange behaviour, when doing a failover (and failback) with our MX85 (MX18.211.5.2). It happens specifically with ICMP flows, and only resolves when we reboot both MX'es to clear all flows.

 

We are seeing this when we do a failover MX active -> standby, and also when we failover WAN1 -> WAN2.

 

Certain running icmp ping flows just start being dropped and will not be routed anymore, until we reboot both MX's in the same time.

 

 

Anybody else experiencing similar issues? I will be reporting to support as well.

 

 

Kind regards, Frank

6 Replies 6
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Jun 3 2025 10:27 AM
‎Jun 3 2025 10:27 AM

When you do the failover from the active to standby, is the active also the Primary MX?

What are you pinging, and from what?

 

What setting do you have on the WAN Failover and Failback?

rhbirkelund_0-1748971424741.png

 

The graceful settings behaves in such a way that when a failover occurs, and flows going out WAN1 will not failover to WAN2 immediately, and fall back to WAN1, once that connection is restored. It will only failback to WAN1 once a new flow is begun. 

I'm wondering if this may be what you are seeing.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
Frank-NL
Building a reputation
‎Jun 4 2025 12:22 AM
‎Jun 4 2025 12:22 AM

Thank you, it is configured as immediate. Also with any other protocol we see the flows failing over/back as expected. It is just ICMP. 

 

We started an ICMP ping from a random client towards:

- Internet IP endpoint

- Remote AutoVPN endpoint

 

When we do a failover from the primary (active) towards the backup, all other flows immediately continue but the ICMP ping no longer gets routed.

Second test is we removed WAN1 connection, for failover towards WAN2, and same behaviour is seen.

 

 

 

 

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 3 2025 2:14 PM
‎Jun 3 2025 2:14 PM

You should also consider upgrading to 18.211.6.

0 Kudos
In response to PhilipDAth
Frank-NL
Building a reputation
‎Jun 4 2025 12:22 AM
‎Jun 4 2025 12:22 AM

Yes we will try this, I corrected the post there was a typo, we are running now:

MX18.211.5.2

0 Kudos
Brash
Kind of a big deal
Kind of a big deal
‎Jun 3 2025 8:47 PM
‎Jun 3 2025 8:47 PM

As @rhbirkelund mentioned, check which failback behaviour is configured.

As a side note, if your network is assigned to a template, you won't see the explicit and dropdown to change and it will be hard set to graceful.

0 Kudos
In response to Brash
Frank-NL
Building a reputation
‎Jun 4 2025 12:23 AM
‎Jun 4 2025 12:23 AM

Good to know, thank you. THe network is configured to immediate and not part of a template. Notice that other protocols have no sticky flows

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.