Solved: SDWAN - VB_TMO, VM_TMO, VP_TMO, VS_TMO: Peer Timeout

XinniX · ‎02-03-2022

Hi All,

I have been experiencing frequent VS_TMO flaps on a daily basics at multiple locations which usually recovers by itself within 10mins. As such, I am trying to pin point the causes for these flap and mitigate them as much as I can.

Cisco Control Connection Troubleshooting guide have suggested the following:

"What has been observed is that if the packets are rate-limited to below 1Mbps, control connection(s) mayn't be formed and you will see "VM_TMO" errors. Make sure to look into the underlay, for any potential BW / throughput issues"

At the moment I am able to obtain the packet capture remotely via vManage but was not able to identify any obvious issues. So am in the blind how I can identify and resolve this..

I am wondering if anyone have experienced this and could point me at the right direction on ways I could identify potential BW / throughput issues in the underlay that is restricting the packet below 1Mbps.

Simplified network diagram for references:

svemulap@cisco.com · ‎02-07-2022

Hi XinniX -

Based on the past experience we have seen, it is mostly caused by the underlay than the overlay (SD-WAN), when XX_TMO error is seen.
(eg.: VM_TMO / ORPTMO)

As you mentioned, in addition to what is documented in the https://community.cisco.com/t5/networking-documents/sd-wan-routers-troubleshoot-control-connections/ta-p/3813237 ,
some of the underlay devices could be running without a license, hence throughput was limited to 1Mbps.

Checkout Table 8 on what is needed for control connection at a minimum for the BW -
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/vedge-20-x/systems-interfaces-book/configure-interfaces.html#c-VPN_Interface_Ethernet_PPPoE-12766
It is ~ 650 - 700 Kbps per device for control connections.
Could be less too. But a gives a ballpark number, from which, we can extrapolate.

HTH

View solution in original post

svemulap@cisco.com · ‎02-07-2022

Hi XinniX -

Based on the past experience we have seen, it is mostly caused by the underlay than the overlay (SD-WAN), when XX_TMO error is seen.
(eg.: VM_TMO / ORPTMO)

As you mentioned, in addition to what is documented in the https://community.cisco.com/t5/networking-documents/sd-wan-routers-troubleshoot-control-connections/ta-p/3813237 ,
some of the underlay devices could be running without a license, hence throughput was limited to 1Mbps.

Checkout Table 8 on what is needed for control connection at a minimum for the BW -
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/vedge-20-x/systems-interfaces-book/configure-interfaces.html#c-VPN_Interface_Ethernet_PPPoE-12766
It is ~ 650 - 700 Kbps per device for control connections.
Could be less too. But a gives a ballpark number, from which, we can extrapolate.

HTH

riveraf · ‎04-28-2024

Old post but relevant, so here is what I found. I am using version 20.9.5 (manager/controller/vbond) and c8000v for edges.

After activate the chassis you will find its serial number:

cEdge_1#request platform software sdwan vedge_cloud activate chassis-number C8K-aaaaaaaa-0CBE-aaa-7074-2aaaa50A token c8blablalalaal. (*****)

cEdge_1#show sdwan control local-properties | in chassis
chassis-num/unique-id C8K-aaaaaaaa-0CBE-aaa-7074-2aaaa50A

Now, on vbond, check if the serial exist:

vbond# show orchestrator valid-ved | begin C8K-4E0560CC-0CBE-7A1E-7074-2CD6D173550A
orchestrator valid-vedges C8K-aaaaaaaa-0CBE-aaa-7074-2aaaa50A
serial-number 1B7B7ADD ---->>>

Now on cEdge, activate the chassis once again, but this time, use SERIAL number as token:

cEdge_1#request platform software sdwan vedge_cloud activate chassis-number C8K-aaaaaaaa-0CBE-aaa-7074-2aaaa50A token 1B7B7ADD

cEdge_1#show sdwan control connection-h

cEdge_1#show sdwan control connections
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vbond dtls 0.0.0.0 0 0 10.10.0.3 12346 10.10.0.3 12346 blalbalas biz-internet - up 0:00:36:20 0
vmanage dtls 10.200.1.10 700 0 10.10.0.5 12346 10.10.0.5 12346 blablala biz-internet No up 0:00:36:19 0

Hope this help somebody.

-Francisco