Running a mobility master environment I came across the WAN health check service.
Is this something that should be enabled on each mobility device to check the status? Should it be set to UDP and to ping a host like say google DNS? 18.104.22.168 to ensure the uplink for each MD is up and able to get out to the internet or is this not the purpose of this feature?
The WAN health check feature is used to determine reachability/Latency to the master via various WAN links (Configured for redundancy).
The main purpose is to let the branch devices know if their master is reachable or not.
There are two modes to verify reachability,
1.) Using Ping probes
2.) Using UDP probes
you can check if they are configured in the running config , the default config looks more or less like the one below
(A_RAK)#show running-config | include “ip probe”
ip probe "default"
ip probe "health-check"
The major difference between these modes is that for UDP port 4500 is used whcih is usually not blocked, while ICMP may be blocked on a network for security concerns.
You can also verify the reachability using the command "show ip health-check <probe ip>" which gives more details regards to the health of the link.
The Master's public IP is usually configured for the probe.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.--Problem Solved? Click "Accepted Solution" in a post.
Great detail given on this thank you!
We don't have a public IP set on our master we have it going across our site-to-site VPNs - the mobility master has created tunnels on port udp 4500 however when i tried to set the health check probe mode to UDP it showed 3 or 4 sites unreachable even though they were still up on the MM and locally.
What is the output of the command show ip probe? Are there new health check profiles mapped or are you using the default ones?
This can be checked using the command " show ip health-check ".
What is the state of the probe IP in the previous command.
If the state is showing as down, then try issuing the command show ip health-check <ip probe ip address> for a more detailed output.
Show IP probe returns
IP Probe Entries
Name Probe Mode Frequency(in sec) Retries Burst size
---- ---------- ----------------- ------- ----------
default Ping 10 3 5
health-check Ping 10 3 5
data-vpnc Udp 10 3 5
show ip health-check <mobility master IP> or <google dns> doesn't return anything
show ip health-check returns
IP Health-check Entries
Probe IP Src Interface Vpnc IP State Probe-Profile Avg RTT(in ms)
-------- ------------- ------- ----- ------------- --------------
22.214.171.124 vlan 9 Up health-check 5.531
192.168.23.1 Up default 0.000
For the probe ip 192.168.23.1 the " default " health-check profile is used.
It is by default configured for ping probes.
I see that you have created "data-vpnc" for UDP probes.
Could you try mapping data-vpnc profile to the probe ip 192.168.23.1
Also, check to see if the uplink health-feature is enabled/ disabled. Issue the command "Show uplink" to verify this.
Check to see if the " Uplink Health-check ip " (from the previous command) is showing the expected uplink IP to which the probes are to be sent.
Issue the command " uplink health-check enable " to enable the health check in case it is disabled.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.