VCMP tunnel down between SDWAN Gateway/HUB edge and SDWAN Spoke edges
search cancel

VCMP tunnel down between SDWAN Gateway/HUB edge and SDWAN Spoke edges

book

Article ID: 368351

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

The VCMP tunnel between the Gateway/HUB and SDWAN Spoke Edges may go down if any of the following conditions are met:

  1. ARP to the next hop IP address fails on the Gateway or Edge.
  2. UDP 2426 packets are blocked by the service provider or by the transit firewall.
  3. There is a network reachability issue between the Edge and Gateway WAN link IP.
  4. The Edge or Gateway is holding an invalid certificate.
  5. The Edge is hitting its tunnel capacity and dropping inbound tunnel request packets. Note that tunnel capacity issues will not impact outbound static tunnels.

This knowledge-base article focuses on the ARP issue that may impact VCMP tunnel creation between the Gateway/HUB and Spoke edges.

 

 

Environment

Edge version 5.2.3.2 GA or lower versions

Cause

Configuring the interface gateway IP address or the next hop IP address on all WAN links is mandatory to establish a VCMP tunnel. The next hop IP address can be configured directly in the WAN link advanced settings. If not configured there, the gateway IP address on the physical interface will act as the next hop IP address for the WAN link.

The ARP to the next hop IP address must be resolved to initiate or respond to the VCMP tunnel packets. However, due to software issue #117565, the gateway may send an ARP request to an incorrect next-hop IP address, leading to a failure in establishing a VCMP tunnel with the SDWAN edges.

Resolution

Upgrade the Edge software version to 5.2.3.2 GA or a later version to fix software issue #117565.

Additional Information

Workaround: Reboot the gateway to resolve the ARP issue.