Learn about the INC_SC_PRIMARY_WAN_TUNNEL_FLAP incident.
Synopsis
The primary WAN tunnel <tunnel-name> for the service connection is flapping.
Incident CodeāINC_SC_PRIMARY_WAN_TUNNEL_FLAP
Required License
Prisma Access
Details
Raise condition
The tunnel flapped at least 5 times in 10 minutes.
Clear condition
The tunnel is up for at least 8 minutes.
Correlated Alerts
AL_SC_PRIMARY_WAN_BGP_DOWN
AL_SC_PRIMARY_WAN_BGP_FLAP
AL_SC_PRIMARY_WAN_TUNNEL_DOWN
AL_SC_PRIMARY_WAN_TUNNEL_FLAP
Remediation
Check for any resource utilization issues on the device where this tunnel
terminates.
If there are any in-path devices prior to the terminating device, check for any
resource utilization issues there, as well.
Perform a ping and traceroute to check for
any latency inconsistencies or packet loss between the site and Prisma Access location.
Contact your ISP in case of packet loss. If there is no packet loss or results
are inconclusive:
Isolate some test traffic and perform packet captures.
Check for any TCPs that are out of order, lost segments, or
retransmission, which might indicate packet loss through the
tunnel.
If you observe these issues, take packet captures of the ESP traffic, so
you can see the public IP addresses between the Prisma Access
location service IP address and the remote VPN peer IP address.
Review for gaps in the ESP sequence numbers, which indicates in-path
packet loss, or out-of-order ESP sequence numbers, which indicate
reordering by a network device in the path.
If there are other network devices in the path prior to the terminating
device, perform steps a through
d to help isolate the problematic network
device.
Contact your ISP to check for any issues at the remote site.