KLC_Engineer
Contributor
Contributor
‎09-25-2023 04:43 PM

Velocloud Business Policy "Link State" Logic broken

I recently discovered the Business Policies we have configured in the Velocloud Orchestrator for our Edges isn't working properly when defining "Available Wired" as the link preference.
Normally, this option steers the applicable traffic to a Wireless link (backup in our case) when a Wired link is not available.
However, I discovered this option is acting as "Mandatory Wired" - where the Velocloud edge will not send traffic over a wireless link under any circumstances.

We are currently deploying a new Voip solution, and the Voice team made us aware that when a location was temporarily operating on a wireless connection after a broadband failure while using an edge 510, none of their phones could register. We ultimately discovered that relabeling the Wireless link to "Wired" immediately resolved the problem and phones could register again. We also duplicated this behavior by relabeling a Wired (Comcast) link as Wireless, and observed the traffic then failing.


This problem surfaced in past software versions (and was fixed) before, but appears it has resurfaced.
Vmware advised this is a known bug, and was resolved in version 5.0.1.4, however I have confirmed that is not the case - the bug is still present and demonstrable in this latest software version.

I just wanted to post this here in case anyone is unaware of this bug and has certain traffic flows failing over a wireless link.

Our vendor has an open case with Vmware for this issue.


I find it curious that I don't see any other reports of this problem anywhere.
Anyone else having this experience?

Labels (5)
Reply
0 Kudos
TalalTayyaroğlu
Enthusiast
Enthusiast
‎10-10-2023 12:14 PM

Good day @KLC_Engineer 

I am using 510 with version 5.0.1.4 and we are not experiencing this issue.

Are your edges on 5.2.0?

Reply
0 Kudos
KLC_Engineer
Contributor
Contributor
‎10-10-2023 12:24 PM

No, Our 510 edges are on 4.5.1, but we are currently upgrading them to 4.5.2 since I confirmed the problem is resolved there.
We were able to reproduce this issue in 5.0.1.4 by making a business policy rule for some destinations set to "Available Wired" and manually setting the active link to "Public Wireless".

We found after doing this, we could not reach any destinations from a host connected through the edge in the Segment / VLAN applicable to that business policy.

Keep in mind that testing from the edge directly via the remote diagnostics page (Ping Test) will not reproduce this issue, since the remote diag tools do not flow through the business policy logic of the control plane.

Reply
0 Kudos
TalalTayyaroğlu
Enthusiast
Enthusiast
‎10-10-2023 12:28 PM

Good day @KLC_Engineer ,

 

Thanks for the great information.

I did not test this with the diagnostic tools, but we literally used this to block the backup traffic for a customer who is not paying for their backup link. So, I know it works because they started complaining.

Reply
0 Kudos
KLC_Engineer
Contributor
Contributor
‎10-10-2023 12:49 PM

That's somewhat amusing :slightly_smiling_face:

I think the legitimate way of doing that would be to make the BP rules for that traffic "Mandatory Wired" instead, since that is how it's supposed to function.

VMware has confirmed that this issue is not fixed in 5.0.1.4, and advised it will be resolved in an upcoming release.

Reply
0 Kudos
Benjaman
VMware Employee
VMware Employee
‎10-10-2023 07:53 PM

Dear @KLC_Engineer , Was there a LINK DEAD event when the broadband was down?

Thank you.

Reply
0 Kudos
KLC_Engineer
Contributor
Contributor
‎10-10-2023 08:50 PM

Hi Benjaman,


On version 4.5.1, I observed the problem both with and without a LINK DEAD condition:


A couple of our branches had a "Public Wired" LINK DEAD event and failed over to wireless. The traffic governed by the Business policy did not restore until the Wired Link restored the next day.


Also, when testing in my lab while on 4.5.1, I relabeled my wired link to "Public wireless", saved the config and all applicable traffic immediately stopped - my Voip phone de-registered and I could not reach any of the destinations in that business policy rule. 

I also restarted the edge in this condition and the problem remained.

I then relabeled the link as "Public wired" and saved the configuration, then the traffic immediately restored.
So in this scenario there was no LINK DEAD event.

This leads me to believe that an edge with only a wireless link available would have this problem permanently.

For version 5.0.1.4, I have only validated the condition by relabeling the link type between wired/wireless, not with a link down event.
I presume it would be the same scenario as on 4.5.1.

Coincidentally, I just acquired a Cradlepoint for my lab, so I could reproduce/test the link DEAD condition while on 5.0.1.4, if that is helpful.

Reply
0 Kudos
Benjaman
VMware Employee
VMware Employee
‎10-10-2023 11:09 PM

@KLC_Engineer 
From the symptoms, I think the set up is hitting the defect which is not fixed in 5.0.1.4 or 4.5.1.

The defect ID is #97152

This is fixed in 5.1.0.x, 4.5.2 and 4.3.1

Please feel free to check the release notes of those versions.

https://docs.vmware.com/en/VMware-SASE/5.1.0/rn/vmware-sase-510-release-notes/index.html

Reply
KLC_Engineer
Contributor
Contributor
‎10-11-2023 08:59 AM

Thank you for the info Benjaman!

Reply
0 Kudos