02-17-2021 02:19 AM
02-17-2021 04:36 AM
Hello,
tough one. Sounds like you already have done a lot of troubleshooting. How much traffic is flowing over the link ? Make sure that you are not running into a traffic volume based rekeying problem. Your best option is to set the 'Traffic Volume' to unlimited. The link below has a screenshot of how to enable this in ASDM (point 4.).
02-18-2021 12:34 PM
Thanks for the Input. I will give this a try as well.
We are in contact with the DC as well, it could be DDOS Protection or something similar kicking in. At least that's one option we are looking into.
02-18-2021 12:38 PM
Sorry I forgot: we have around 20Mbit/s between both Datacenters.
02-17-2021 08:08 AM
For your PingPlotter results, pinging external to the tunnel, you see no jump in latencies and/or drops along the path?
If not, possibly that's because of your asymmetrical route paths.
In the past I've found using IP source routing handy for probing paths "invisible" to "normal" routing, but now a days, most disallow that option.
If you could cause your routing to stop using the two paths, for alternate directions, you might be able to "see" a problem node when this happens.
02-18-2021 12:37 PM
Hi Joseph,
That's right. We don't see any jump in Latency along the Path. We are currently in touch with the DC to make sure no DDOS Protection is kicking in or so.
We are in the process of getting private circuits. Should be done in 4 weeks. But I'm still trying to change the routing before that for testing.
02-18-2021 03:27 PM
Hello
You don’t say what outage it is your experiencing - do you drop bgp /tunnel peering - do you see igp failover, convergence etc...
Can you elaborate a bit more on the actual outage
02-18-2021 11:17 PM
Hi Paul,
The Outage means all Data Traffic between those two Datacenters stopped.
We are using an Active / Standby Cluster but no Failover happened during the Outage time on both sides.
The VPN Tunnel between both Datacenters stayed up, probably due to the preserve VPN Option.
When checking the BGP and the Logs, there was no route change or reconvergence. Everything stayed the same (from what i can see on the logs).
Logging is set to Export everything with Warning / Error Level. BGP Messages could be at Informational or Debugging Level? So i may have to fine tune that. I will look into that now and adjust it.
I've attached a picture of how it looks in Pingplotter. The picture is the same Site A --> Site B | Site B --> Site A
I've upgraded the US-Datacenter now to 9.8.4(32) as well.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: