Hello everyone,
I encounter a malfunction that I can't solve, if someone could help me.
Indeed, I implement a Meraki SD-WAN solution whose architecture is as follows:
Main site: 2* MX250 in HA which are in VPN Concentrator mode
Remote sites: in routed mode (Full-tunnel)
The problem:
On the remote sites, I have important packet losses (about 30%) when I make a request (ping) to 8.8.8.8 for example or on an IP located on the Main site.
When I stop one of the two MX250 so I cut the HA of the main site or I put the remote site in split-tunnel, I have no more packet loss on the remote sites.
Actions taken:
I changed version to 15.43 and tried even the last ones in beta (16.9 and 16.10) but nothing to do.
Thanks for your help
Solved! Go to solution.
Hello,
So good news, after opening a ticket, I was suggested to put the 15.42.1 version (I was told that it is a known problem on the versions I was using).
Since then, no more packet loss on remote sites.
Thanks @PhilipDAth and @ww
What is the device utilization on the mx250 when you have packet loss.
Are you using a VIP on the mx250? Can you try without vip?
Thanks in advance,
Yes I use a VIP.
When you are in Passthrough or VPN Concentrator mode, the deployment mode of the warm spare is only done in VIP unlike the routed mode where you have the two choices "use virtual uplink IPs" or "Use MX uplink IPs".
At the main site, can the device in front of the MX250s doing the NAT ping the VIP address without issue?
Also, whatever is providing the layer 3 gateway to the MX250's, can it ping the VIP address without issue?
Thanks in advance PhilipDAth
Yes, no problem there too.
I tried two types of architecture (the MX are directly connected to a firewall (Fortinet).
The loss is really felt when at the remote site.
Does the Fortinet firewall show any traffic being blocked?
Hello,
So good news, after opening a ticket, I was suggested to put the 15.42.1 version (I was told that it is a known problem on the versions I was using).
Since then, no more packet loss on remote sites.
Thanks @PhilipDAth and @ww
Hi all,
same on my side with 15.43 - I´ll give it a try and will upgrade to 15.43.1!
thanks @Thierno for the information! 🙂
Hello,
I was using 15.43 when I encountered the problem.
It is by downgrading to 15.42.1 that I was able to solve the problem.
But now, on the Meraki dashboard, I can't find this version anymore.
If I understood correctly, as 15.42.1 was the last stable version and today they are on version 15.44. I think you can use this one
first I´ve upgraded to Version 15.43.1 -> no change, issue still existing, now I changed to the stable one which is 15.44 -> no change as well, the problem unfortunately still exists 😞
I´ll open a case and check with the support-team...
@whistleblower do you not have the same selection as I have below (perhaps excluding IPv6 v17) where 15.42.3 is an option?
@whistleblower that's interesting, on the one hand I can see you don't see the 15.42.3 option required, but on the other, you still have MS12.28.1 which is no longer an option for me.
It looks like Meraki maintain legacy stable versions in an organisation dashboard where they are upgrades, but not downgrades. I have an MX HA pair as a VPN concentrator running 15.42, and you must have some 12.<28.1 switches...
In this case I'd ask support to apply 15.42.3 to your MX pair.