[CM] Push down Tunnel Route causes the device to lose some existing Tunnel Route

CTI Jimy Lv2Posted 22 Dec 2021 17:20

Last edited by CTI Jimy 29 Dec 2021 10:10.

Warning Name: CM push down Tunnel Route causes the device to lose some existing Tunnel Route  
Product: CM
Version:  BBC 2.5.6 and above
Warning Level: 1
Discover Date: 17/11/2021

Phenomena:
1.   The first-time branch device connects to the CM, the device will report the existing tunnel route configuration to the CM. For example, report tunnel route A to the CM.
2.   You can also configure the tunnel route by logging in to the device via the CM. For example, configure tunnel route B by logging in to the device via the CM.
3.   Then, the tunnel route is configured on the CM. For example, configure tunnel route C; push down configuration to the branch device, only tunnel route A and tunnel route C is shown on the branch device, lost tunnel route B.

Trigger conditions】
1.   NGAF/IAG/WANO/MIG connect to the CM device for the first time. The device will report the tunnel route configuration to the CM. The CM will save the tunnel route configuration.
2.   There are two ways to configure tunnel routes on NGAF/IAG/WANO/MIG device. Method 1 is by pushing the tunnel route configured on the CM to the branch device; method 2 is through logging in branch device via the CM to configure the tunnel route (NGAF will not be able to configure tunnel route through the CM log in the device after version 8.0.32).  
3.   When pushing down configuration via method 1, the CM will push down the tunnel route configuration to all connected devices (the device which connects to the CM for the first time will report the tunnel route configuration to the CM and the configuration configured on the CM is pushed down)
4.   The mixed usage of the above mention methods will trigger the issue.


Root Cause】
CM push down configured tunnel routes to all branches, and because the new tunnel routes added by the branches previously were not reported to the CM, when CM sent the tunnel route configuration existing on the CM to overwrite, resulting in the loss of the local tunnel route configuration of the connected devices.


How to check】
BBC 2.5.6 and above, with tunnel route configuration. The connected device has an existing tunnel route configuration.
NGAF 8.0.7 and above
IAM 12.0.18 and above
WANO 9.5.3 and above
MIG 6.2.1
Note: As long as there is a tunnel route configuration, there is the risk of this problem occurring.


Solution】
Temporary solution:
Strictly control to always configure the tunnel route in the CM only or branch device itself only.


Precautions】
1.   BBC version 2.5.6 or above, the branch device has configured VPN tunnel route, there is a risk of losing tunnel route configuration when switching to the CM configuration of tunnel route.
2.   VPN tunnel route will only be reported when configured. It is not regularly reported, no impact on the client production.
Newbie308427 Posted 19 Oct 2022 23:57
  
nice sharing
Faisal P Posted 01 Nov 2022 12:22
  
Thank you very much for the information ...
Faisal P Posted 01 Nov 2022 12:23
  
Nice article ...
Faisal P Posted 01 Nov 2022 12:23
  
Great info …
Faisal P Posted 01 Nov 2022 12:23
  
Very informative …
Faisal P Posted 01 Nov 2022 12:24
  
Nice guidance ...

Trending Topics

Board Leaders