Controllerless Networks

 View Only

  • 1.  VPN tunnel drops constantly

    Posted Apr 27, 2023 09:52 AM

    Hello everyone.

    Currently the infrastructure I manage is multiple IAPs, which are grouped into several clusters (VC) and 2 VPNC for guest network tunnels.

    I am receiving alerts in the monitoring system related to br0. The physical ports of the IAP and VPNC are clean, without errors or losses.

    Master IAP alerts


    VPNC alerts


    VPNC alerts


    Can someone help me to understand and correct these alerts?



    ------------------------------
    LS
    ------------------------------


  • 2.  RE: VPN tunnel drops constantly

    Posted Apr 28, 2023 09:28 AM

    Looks like there is (at least) a connectivity issue between the IAP and the primary gateway VPNC-1. The VPN then moves to VPNC-2, but after some time the primary tunnel comes back and is made active again (pre-emption), after which the process starts again.
    Can you disable pre-emption on the VPN to see if the issue is just on the primary tunnel or on both tunnels?
    Is this happening all the time? Or does it come & go?
    If you can't find the issue in the connectivity, it would be best to get TAC involved as these messages 



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: VPN tunnel drops constantly

    Posted May 04, 2023 08:25 AM

    Thanks Herman for your support. 

    I was with holidays and that is the reason for my late response. I already disabled the pre-empt and I'll tell you how it goes during the day. These crashes cropped up multiple times a day on multiple master IAPs. The client is not affected in the network service, but multiple alerts were logged in the Entuity tool.

    Any news I inform you, and thanks again.



    ------------------------------
    LS
    ------------------------------

    Original Message


  • 4.  RE: VPN tunnel drops constantly

    Posted May 10, 2023 03:22 PM

    Regards Hermann,


    The situation keeps repeating itself. I already deactivated the preemption, the fast failover and I still have tunnel crashes in all the master IAPs.
    Just to add, initially everything started because I was receiving a lot of packet drop alerts in the br0 interface of all the masters and I saw reflected in Airwave that the uptime of the tunnels was restarted due to the falls of these tunnels. What is hard for me to believe is that all these IAPs have these problems or is it at the level of the VPNC that the drawbacks are.

    Thank you for all the support you can give me.



    ------------------------------
    LS
    ------------------------------

    Original Message


  • 5.  RE: VPN tunnel drops constantly

    Posted May 11, 2023 11:18 AM

    Hello again,

    This is the interface eth0 status whithout drops.


    This is the interface br0 status with drops.

    Is this normal status??



    ------------------------------
    LS
    ------------------------------

    Original Message


  • 6.  RE: VPN tunnel drops constantly

    Posted May 12, 2023 05:37 AM

    It can be, as the br0 is the IP interface (mostly for management) and eth0 is the physical interface with client traffic as well.
    But best to open a TAC Support case, as I'm out of suggestions and digging deeper in would probably be needed.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


Related Content