02-26-2020 08:48 PM - edited 02-26-2020 10:44 PM
Hello All,
I want to confirm for how long the data plane tunnel can survive to forward user traffic when the CONTROL connection down? I am experiencing traffic disruption when I lost the connection to controller due to link problem (or even controller shutdown).
As far as I know from some Cisco Live slides, the IPSec rekey will be happened within 24 hours and OMP caching is about 12 hours by default. So, I assume that user traffic will be still forwarded before the new key is distributed from vSmart to vEdge devices although we lost Controller connection.
I have tried to modify the rekey timer from 24hrs to 72hrs, however I'm still getting lost traffic (just about 1-2 hours) since the controller is DOWN.
I noticed from this capture below, there are routes received but NO routes are installed when vSmart is unreachable/DOWN:
JKT-RPO-DRC# show omp summary oper-state UP admin-state UP personality vedge omp-uptime 73:05:10:39 routes-received 51819 routes-installed 0 routes-sent 0 tlocs-received 3 tlocs-installed 0 tlocs-sent 0 services-received 3 services-installed 0 services-sent 0 mcast-routes-received 0 mcast-routes-installed 0 mcast-routes-sent 0 hello-sent 307365 hello-received 307223 handshake-sent 38 handshake-received 37 alert-sent 34 alert-received 3 inform-sent 231 inform-received 231 update-sent 1355048 update-received 1833 policy-sent 0 policy-received 94 total-packets-sent 1662716 total-packets-received 309421 vsmart-peers 0
Is there any value / parameters in Viptela need to be adjusted so that we can safe data plane tunnel (user traffic) at least for 2-3 days when CONTROLLER unreachable at any reason?
02-26-2020 11:10 PM
Please verify the omp graceful restart timer settings as per the following
02-26-2020 11:35 PM
Hello,
Some insight on your query from my experience -
If control connections go down for more than a min, the vedge port-hops to the next port to regain connection. This is default behaviour!
But if the device port-hops, the BFD sessions also go down. DATA PLANE IS IMPACTED!
This is because BFD/tunnel are using the same ports as that of control connections.
This can be avoided if you configure no-port-hop for tunnel interface (not advised for spoke locations)
02-26-2020 11:50 PM
02-27-2020 12:02 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide