Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3066
Views
0
Helpful
4
Replies

How long SDWAN data plane can survive when controller down?

Rakhmadian Purnama
Level 1
Level 1

‎02-26-2020 08:48 PM - edited ‎02-26-2020 10:44 PM

Hello All,

I want to confirm for how long the data plane tunnel can survive to forward user traffic when the CONTROL connection down? I am experiencing traffic disruption when I lost the connection to controller due to link problem (or even controller shutdown).

As far as I know from some Cisco Live slides, the IPSec rekey will be happened within 24 hours and OMP caching is about 12 hours by default. So, I assume that user traffic will be still forwarded before the new key is distributed from vSmart to vEdge devices although we lost Controller connection.

I have tried to modify the rekey timer from 24hrs to 72hrs, however I'm still getting lost traffic (just about 1-2 hours) since the controller is DOWN. 

I noticed from this capture below, there are routes received but NO routes are installed when vSmart is unreachable/DOWN:

JKT-RPO-DRC# show omp summary
oper-state             UP
admin-state            UP
personality            vedge
omp-uptime             73:05:10:39
routes-received        51819
routes-installed       0
routes-sent            0
tlocs-received         3
tlocs-installed        0
tlocs-sent             0
services-received      3
services-installed     0
services-sent          0
mcast-routes-received  0
mcast-routes-installed 0
mcast-routes-sent      0
hello-sent             307365
hello-received         307223
handshake-sent         38
handshake-received     37
alert-sent             34
alert-received         3
inform-sent            231
inform-received        231
update-sent            1355048
update-received        1833
policy-sent            0
policy-received        94
total-packets-sent     1662716
total-packets-received 309421
vsmart-peers           0

Is there any value / parameters in Viptela need to be adjusted so that we can safe data plane tunnel (user traffic) at least for 2-3 days when CONTROLLER unreachable at any reason?

0 Helpful
4 Replies 4

Manish Gogna
Cisco Employee
Cisco Employee

‎02-26-2020 11:10 PM

Please verify the omp graceful restart timer settings as per the following

https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/Release_18.2/03Routing/02Configuring_OMP

 

 

0 Helpful

Kapish2007
Level 1
Level 1

‎02-26-2020 11:35 PM

Hello,

 

Some insight on your query from my experience -

If control connections go down for more than a min, the vedge port-hops to the next port to regain connection. This is default behaviour!

But if the device port-hops, the BFD sessions also go down. DATA PLANE IS IMPACTED!

This is because BFD/tunnel are using the same ports as that of control connections.

This can be avoided if you configure no-port-hop for tunnel interface (not advised for spoke locations)

 

0 Helpful

Rakhmadian Purnama
Level 1
Level 1
In response to Kapish2007

‎02-26-2020 11:50 PM

Hi Kapish,
So, I just need to disable the port-hop in Hub vEdge only to maintain data plane/traffic between Hub-n-Spoke?
Thanks...
0 Helpful

Kapish2007
Level 1
Level 1
In response to Rakhmadian Purnama

‎02-27-2020 12:02 AM

No-port-hop is per Vedge per transport interface command. So you need to choose wisely on which interface you don't want to hop!



Eg:



Hub having transport MPLS & Internet = no-port-hop on internet so if hub hops, it's a network wide impact. {assuming you have reachability via MPLS} can put no-port-hop here.

Spokes = if single transport (especially internet) don't use as you will lose reachability and will have to have physical intervention(console) for restoration.


0 Helpful
Customers Also Viewed These Support Documents