|
n
|
|
n
|
 |
Verify this in the Apply Overlays tab.
View the active software releases on Maintenance > System Information.
Verify this in the Business Intent Overlay tab, in the Route Matched Traffic to these WAN Ports section.
Verify that at least one of the Primary Labels selected in the Business Intent Overlay is identical to a Label assigned on the appliance's Deployment page. Tunnels are built between matching Labels on all appliances participating in the overlay.
We only assign the same Site Name if we don't want those appliances to connect directly. To view the list of Site Names, go to the Configuration > Tunnels tab and click Roles/Sites at the top.
As needed, use the options Tunnel template to configure and push these options.
 |
|
n
|
|
n
|
Coalescing Enabled allows the appliance to coalesce smaller packets into larger packets.
|
|
n
|
Coalescing Wait is the number of milliseconds that the appliance should hold packets while attempting to coalesce smaller packets into larger ones.
|
|
n
|
DSCP determines which DSCP marking the keep-alive messages should use.
|
|
n
|
Fastfail Thresholds – When multiple tunnels are carrying data between two appliances, this feature determines how quickly to disqualify a tunnel from carrying data.
|
The Fastfail connectivity detection algorithm for the wait time from receipt of last packet before declaring a brownout is:
where Base is a value in milliseconds, and N is the multiplier of the average Round Trip Time over the past minute.
The appliance declares a tunnel to be in brownout if it doesn’t see a reply packet from the remote end within 300mS of receiving the most recent packet.
In the Tunnel Advanced Options, Base is expressed as Fastfail Wait-time Base Offset (ms), and N is expressed as Fastfail RTT Multiplication Factor.
|
•
|
Fastfail Enabled – This option is triggered when a tunnel's keepalive signal doesn't receive a reply. The options are disable, enable, and continuous. If the disqualified tunnel subsequently receives a keepalive reply, its recovery is instantaneous.
|
|
•
|
If set to disable, keepalives are sent every second, and 30 seconds elapse before failover. In that time, all transmitted data is lost.
|
|
•
|
If set to enable, keepalives are sent every second, and a missed reply increases the rate at which keepalives are sent from 1 per second to 10 per second. Failover occurs after 1 second.
|
|
•
|
When set to continuous, keepalives are continuously sent at 10 per second. Therefore, failover occurs after one tenth of a second.
|
|
•
|
|
n
|
|
n
|
FEC Ratio is an option when FEC is set to auto, that specifies the maximum ratio. The options are 1:2, 1:5, 1:10, or 1:20.
|
|
n
|
IPSec Anti-replay window provides protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. The default window size is 64 packets.
|
|
n
|
Local IP is the IP address for the local appliance.
|
|
n
|
Max BW (Kbps) is the maximum bandwidth for this tunnel, in kilobits per second. This must be less than or equal to the upstream bandwidth of your WAN connection.
|
|
n
|
Min BW (Kbps) is the minimum bandwidth for this tunnel, in kilobits per second.
|
|
n
|
|
n
|
MTU (bytes) (Maximum Transmission Unit) is the largest possible unit of data that can be sent on a given physical medium. For example, the MTU of Ethernet is 1500 bytes. Silver Peak provides support for MTUs up to 9000 bytes. Auto allows the tunnel MTU to be discovered automatically, and it overrides the MTU setting.
|
|
n
|
Remote IP is the IP address for the remote appliance.
|
|
n
|
Reorder Wait (ms) - Maximum time the appliance holds an out-of-order packet when attempting to reorder. The 100ms default value should be adequate for most situations. FEC may introduce out-of-order packets if the reorder wait time is not set high enough.
|
|
n
|
Retry Count is the number of failed keep-alive messages that are allowed before the appliance brings the tunnel down.
|
|
n
|
Status indications are as follows:
|
|
•
|
Down = The tunnel is down. This can be because the tunnel administrative setting is down, or the tunnel can't communicate with the appliance at the other end. Possible causes are:
|
|
•
|
Intermediate QoS policy (be packets are being starved. Change control packet DSCP marking)
|
|
•
|
|
•
|
IPsec is misconfigured: (1) enabled on one side (see show int tunnel configured), or (2) mismatched pre-shared key
|
|
•
|
Down - In progress = The tunnel is down. Meanwhile, the appliance is exchanging control information with the appliance at the other end, trying to bring up the tunnel.
|
|
•
|
Down - Misconfigured = The two appliances are configured with the same System ID. (see show system)
|
|
•
|
Up - Active = The tunnel is up and active. Traffic destined for this tunnel will be forwarded to the remote appliance.
|
|
•
|
Up - Active - Idle = The tunnel is up and active but hasn't had recent activity in the past five minutes, and has slowed the rate of issuing keep-alive packets.
|
|
•
|
Up - Reduced Functionality = The tunnel is up and active, but the two endpoint appliances are running mismatched software releases that give no performance benefit.
|
|
•
|
UNKNOWN = The tunnel status is unknown. This can be because the appliance is unable to retrieve the current tunnel status. Try again later.
|
|
n
|
UDP destination port is used in UDP mode. Accept the default value unless the port is blocked by a firewall.
|
|
n
|
UDP flows is the number of flows over which to distribute tunnel data. Accept the default.
|
|
n
|
Uptime is how long since the tunnel came up.
|
