Title: Alarm for l2vpn_session_down Event ID: vpn.l2vpn_session_down Alarm Description
The L2VPN session <Session UUID> is down.
Purpose: Alarm is raised when a particular L2VPN Session status is Down.
Impact: Datapath traffic stops working for local and remote workloads.
Environment
VMware NSX-T Data Center VMware NSX
Edge Form factors:
Bare Metal Edge
VM Edge
Resolution
Steps to Resolve For 3.0.0 and higher
Recommended Action:
L2VPN session internally creates one Route Based IPSec VPN Session. Check the status of this associated VPN Session.
Get the associated VPN session from L2VPN session details by using API policy/api/v1/infra/tier-0s/{tier-0-id}/l2vpn-services/{service-id}/sessions/{session-id} or policy/api/v1/infra/tier-1s/{tier-1-id}/l2vpn-services/{service-id}/sessions/{session-id}.
Check transport_tunnels value which will give the associated VPN path.
Check if associated VPN session is down by getting the session and tunnel down reason from UI/API/CLI.
On UI, go to VPNāIPSec Sessions page and check particular session Status. Check IKE Status info icon, which will show session status along with the down reason.
For API, use "GET /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" or "GET /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" to get the session status details. Check the fail_reason in the output.
For CLI, use "get ipsecvpn session summary", "get ipsecvpn session sessionid <session-id>" CLIs to check the down reason.