Site-to-Site VPN Connection Bouncing Between WAN Interfaces

ZDonaldson
Getting noticed

Site-to-Site VPN Connection Bouncing Between WAN Interfaces

Hi All,

 

I am seeing a site-to-site vpn connection bounce between wan interfaces.  The reason given is 'wan performance' which makes me think it is seeing network latency and bouncing to the backup wan interface.  I then see reason as 'primary uplink' which would be the performance issue clearing up and the vpn moving back to the primary interface.

 

The problem with this is that the "failover" is happening every minute or so.  Also, we are unable to find any actual performance issues on either of our WAN interfaces, both are testing clean with good latency.  

 

Is anyone familiar with how I can find more detailed information on why it is bouncing and possibly how to make it less sensitive...maybe make it stick to one WAN interface a bit more?  I have thus far been unsuccessful in finding a configurable setting regarding VPN WAN interface failover.

Zane D - IT Manager in Sin City NV
3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

oldroo
Getting noticed

One thing to consider is to gather site to site statistics over a period of time.

 

Check for packet loss, possible routing changes occuring between ISP's, and latency.

GIdenJoe
Kind of a big deal

On every uplink decision row, where it says WAN1 or 2, that is clickable and you will be able to see the latency, loss, jitter and mos statistics for each uplink towards the peer.

 

If your primary WAN is not behaving correctly you should check if you have problems due to a bad connection or you are trying to send too much data over that link and the ISP is dropping packets accordingly.

 

If you feel the connection is stable enough then you could make a custom performance class that has less strict requirements and apply that to your uplink decision.

 

The takeway however is that your VPN is not actually bouncing.  You have continuous active active VPN links up.  It's the traffic you send that can vary per packet.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels