For a customer enterprise configured with a Hub-Spoke topology where internet backhaul is configured, and a Hub Edge is configured a local default route, LAN side users of an Edge that is a spoke to that Hub Edge may experience traffic dropping for flows
search cancel

For a customer enterprise configured with a Hub-Spoke topology where internet backhaul is configured, and a Hub Edge is configured a local default route, LAN side users of an Edge that is a spoke to that Hub Edge may experience traffic dropping for flows

book

Article ID: 373538

calendar_today

Updated On:

Products

VMware VeloCloud SD-WAN

Issue/Introduction

For a customer enterprise configured with a Hub-Spoke topology where internet backhaul is configured, and a Hub Edge is configured a local default route, LAN side users of an Edge that is a spoke to that Hub Edge may experience traffic dropping for flows matching the backhaul rule.

 

Checking the flow on the HUB, we see the return traffic from the VCO to the HUB showing a drop reason of "cloud_to_edge_drop"

debug.py  --flow_dump all all all 
FID        SECURE  SEGID    FDSN  MAX_RECV_FDSN  FDSN_READ  LAST_LATE_FDSN           SRC_IP          DEST_IP  SRC_PORT  DEST_PORT  PROTO  DSCP  PRIORITY                    APPLICATION                            APP_CLASS   TRAFFIC-TYPE              ROUTE  ROUTE-POL     LINK-POL                 BIZ-POL      NH-ID    LINK-ID              FLAGS1  VERSION    SRC            ADDR              SR              DR  FLOW AGE MS  IDLE TIME MS  CBH-FLOW  DROPS
-127010098         1      0         0              5          5               0    [VCO IP ADDR]    [HOST IP ADDR]       443      64086      6     0    normal                   APP_TCP(205)               APP_CLASS_OTHER_TCP_UDP(21)  transactional                 Internet Backhaul   backhaul  loadbalance            User Default  552edd79-      N/A  [OMITTED]        1   peer  [OMITTED]  [OMITTED]  [OMITTED]       173715        158696         0      9        cloud_to_edge_drop               29:pkt_path_ipv4_for_enterprise [OMITTED] 

Environment

Hub spoke topology.

Internet backhaul enabled on the spoke.
Hub contains a default route with the next hop of a LAN interface.

Cause

Issue 135937

A Hub Edge with a local default route drops the backhaul return packets from the Orchestrator with reason: cloud_to_edge_drop.

Other Internet bound traffic is not affected.

The issue is caused by the source route in the route key being set as a cloud route instead of the expected any type route.

The fix for this issue ensures that the source route is not overwritten in these conditions.

Resolution

Issue 135937 is resolved in 5.2.3.3 and later releases.

https://docs.vmware.com/en/VMware-SASE/5.2.3/rn/vmware-sase-523-release-notes/index.html

Powered by Wolken Software