Troubleshooting incorrect Public IP address detection on WAN Overlay
Article ID: 324614
Updated On:
Products
VMware SD-WAN by VeloCloud
VMware VeloCloud SD-WAN
Issue/Introduction
Symptoms:
- The WAN overlay intermittently auto-detects WAN links with an incorrect IP. This is observed in Edge > Configuration > Device
Please refer to below example from lab :
Interface GE3 is configured with a public address directly. - In normal situations, the Public IP should be displayed the same as Correct IPs:
- In issue situations, the auto-detected IP differs from the one statically configured or dynamically assigned to the interface. If the incorrect address is under private range, the link type is updated to Private.
- Events in VCO show an "Applied new configuration for WAN version" message, and mentioned that the publicIpAddress is changed. It will also cause link dead if link mode is changed to private. Because private link will not form tunnel with existing public peers, and exiting tunnels will be down.
- These symptoms continue occurring consistently following the same pattern.
Environment
VeloCloud SD-WAN all supported releases.
Cause
VCEs learn their public IP address not only from the VCGs but also from their tunnel peers. For this reason, inbound NAT rules at remote peer locations could modify the source IP address as seen by the remote peer.
The incorrect IP address information is sent back to the affected VCE. This is corrected once the correct IP address is detected by the VCGs and other peers. However, the cycle continues indefinitely.
The incorrect IP address information is sent back to the affected VCE. This is corrected once the correct IP address is detected by the VCGs and other peers. However, the cycle continues indefinitely.
Resolution
Identify the remote site introducing the incorrect IP address and remove the problematic inbound NAT rule from the FW/router/modem connected in front of the remote VCE.
Contact Velocloud SD-WAN support to assist in identifying the remote site introducing the incorrect IP.
Workaround:
- Edit the existing WAN Overlays and use the "User Defined WAN Overlay" option to manually configure the correct IPs and next-hop:
- This will fix the link type as public, and prevent the links from going DEAD and the associated user impact. However, the incorrect IPs would still intermittently appear in the Edge > Configuration > Device panel:
Additional Information
Impact/Risks:
There's no Impact in applying the workaround.
Feedback
Yes
No
Powered by
