SD-WAN Edge traffic drops VPN traffic and requires restart
Article ID: 333929
Updated On:
Products
VMware
VMware SD-WAN by VeloCloud
Issue/Introduction
Symptoms:
- VPN Traffic (VCMP tunnel) stops working randomly
- Affected traffic could be:
- Edge to Edge
- Edge to HUB
- Edge to Gateway
- Edge to NSD via Gateway
- Direct traffic is not affected
Environment
SD-WAN by VeloCloud
SD-WAN
Cause
This issue is identified by ID 106587
The problem is related to IPsec Security Association (SA) installation on the responder side. This issue might be hit in either an Edge or Gateway (VCG) for VCMP tunnels, and for IPSEC tunnels for NSDs via Gateway
Resolution
This issue is resolved in the versions below and later:
5.1.0.2 (R5102-20230310-GA)
5.2.0.0 (R5200-20230530-GA)
For information on how to upgrade please check the following article: VMware SD-WAN Software Upgrade FAQs
Workaround:
There are two workaround to this issue if you do not want to upgrade:
- If the affected traffic is Multipath traffic, switch it to direct traffic.
- A Partner or Operator user would need to reboot the Gateway to restart all the affected tunnels. For cloud Orchestrators hosted by VMware, please contact VMware SD-WAN – Support
Additional Information
Impact/Risks:
The workaround of this issue involves a reboot. While the VMware SDWAN device (Edge or Gateway) is rebooting, connectivity from/to this unit will be temporarily disrupted.
The workaround of this issue involves a reboot. While the VMware SDWAN device (Edge or Gateway) is rebooting, connectivity from/to this unit will be temporarily disrupted.
Feedback
Yes
No
Powered by
