SD-WAN Edge traffic drops VPN traffic and requires restart
search cancel

SD-WAN Edge traffic drops VPN traffic and requires restart

book

Article ID: 333929

calendar_today

Updated On:

Products

VMware VMware SD-WAN by VeloCloud

Issue/Introduction

Symptoms:
  • VPN Traffic (VCMP tunnel) stops working randomly
  • Affected traffic could be:
    • Edge to Edge
    • Edge to HUB
    • Edge to Gateway
    • Edge to NSD via Gateway
  • Direct traffic is not affected


Environment

VMware SD-WAN by VeloCloud
VMware SD-WAN

Cause

This issue is identified by ID 106587
The problem is related to IPsec Security Association (SA) installation on the responder side. This issue might be hit in either an Edge or Gateway (VCG) for VCMP tunnels, and for IPSEC tunnels for NSDs via Gateway

Resolution

This issue is resolved in the versions below and later:

5.1.0.2 (R5102-20230310-GA) 
5.2.0.0 (R5200-20230530-GA)

For information on how to upgrade please check the following article: VMware SD-WAN Software Upgrade FAQs

Workaround:
There are two workaround to this issue if you do not want to upgrade:
  • If the affected traffic is Multipath traffic, switch it to direct traffic.
  • A Partner or Operator user would need to reboot the Gateway to restart all the affected tunnels. For cloud Orchestrators hosted by VMware, please contact VMware SD-WAN – Support


Additional Information

Impact/Risks:
The workaround of this issue involves a reboot. While the VMware SDWAN device (Edge or Gateway) is rebooting, connectivity from/to this unit will be temporarily disrupted.

Powered by Wolken Software