Tunnels Slow to Re-Form After Firmware Update

TRBO_KCMO
Getting noticed

Tunnels Slow to Re-Form After Firmware Update

Just bumped the firmware to 17.10.2 on MX84 hub. The spokes were completed already. After the update, it took a long time for spoke-to-hub tunnels to re-form, a few almost an hour. This is the first time we've tracked a firmware update on a hub, so I don't know if that is normal behavior. Seems like it. The spokes run the gamut of models, so we can't tie it to any specific model, even though we do have numerous Z3's on 18.107.

 

So my question is, how long should it take for tunnels to re-form after a firmware update to a hub? 

7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

Have you tried disabling all security policies? It's a known issue.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

None defined, surprisingly enough

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm used to it happening within minutes.  This is a long time.

 

Is the hub behind NAT without a manual NAT configuration?  That could impact recovery time.

That's where I was headed. I's in a DMZ  but with a manual NAT. Going to have to consult the FW team 

Configure this option (except configure it for manual), and it will repair any issues very quickly:

PhilipDAth_0-1684355782750.png

 

 

Already set that way. 

That would suggest that the configured UDP port is not being allowed in, or the configured public IP address is not correct.

Get notified when there are additional replies to this discussion.