Title: Alarm for l2vpn_session_down
Event ID: vpn.l2vpn_session_down
Alarm Description

The L2VPN session <Session UUID> is down.

• Purpose: Alarm is raised when a particular L2VPN Session status is Down.
• Impact: Datapath traffic stops working for local and remote workloads.

Steps to Resolve
For 3.0.0 and higher

Recommended Action:

• L2VPN session internally creates one Route Based IPSec VPN Session. Check the status of this associated VPN Session.
  • Get the associated VPN session from L2VPN session details by using API policy/api/v1/infra/tier-0s/{tier-0-id}/l2vpn-services/{service-id}/sessions/{session-id} or policy/api/v1/infra/tier-1s/{tier-1-id}/l2vpn-services/{service-id}/sessions/{session-id}.
  • Check transport_tunnels value which will give the associated VPN path.
• Check if associated VPN session is down by getting the session and tunnel down reason from UI/API/CLI.
  • On UI, go to VPN→IPSec Sessions page and check particular session Status. Check IKE Status info icon, which will show session status along with the down reason.
  • For API, use "GET /policy/api/v1/infra/tier-0s/{tier-0-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" or "GET /policy/api/v1/infra/tier-1s/{tier-1-id}/ipsec-vpn-services/{service-id}/sessions/{session-id}/statistics" to get the session status details. Check the fail_reason in the output.
  • For CLI, use "get ipsecvpn session summary", "get ipsecvpn session sessionid <session-id>" CLIs to check the down reason.
• As per the tunnel down reason, check the necessary actions to resolve the alarm in table mentioned at Alarms When an IPsec VPN Session or Tunnel Is Down.

Maintenance window required for remediation? No