VPN HA - secondary tunnel

wojpol · 08-11-2023 05:14 AM

I have configured HA VPN with BGP session with my on-premis datacenter. I see that connection and BGP session are established. When sending requests from on-premise to my internal load balancer usually everything works fine but I noticed that some requests randomly hang and I get a time-out error.

I also noticed when I remove the secondary tunnel then this problem disappears. Any suggestion on what may be wrong?

Marvin_Lucero

Hi @wojpol ,

@wojpol wrote:

usually everything works fine

What do you mean by this? Can you add some more details about it?

Also, adding the screenshot of the error, or any articles or documentations that you used prior to this setup helps resolving your issue in no time. You can edit or add it to your question.

Marvin_Lucero

Hi @wojpol ,

Your issue might be resolved with the help of this documentations. It contains the error messages that you might have encountered. Also, for troubleshooting steps on the Cloud Router side, you can check this documentation.

wojpol

I've dug deeper and have more details. Tunnels are established correctly, BGP sessions are established as well. But it looks like GCP uses both tunnels in order to send data. It sometimes happens that traffic may be sent through a secondary tunnel, and response goes through primary tunnel, because Alibaba Cloud VPN accepts connection on both tunnels but send a response always throw the primary tunnel. Is there any workaround for this situation? Otherwise, I get a connection timeout for many requests