Why does audio session of clients that are sent via underlay gets disconnected during BGW failover?


Why does the audio session of clients that are sent via underlay gets disconnected during BGW or ISP failover?


With SD-WAN BGW and VPNC setup, it is quite common practice to use split-tunnel mode. 

All the corporate traffic will be routed inside the IPsec tunnel. (Overlay)
While the Internet traffic is Sourc-NATed from the BGW directly from its ISP uplinks. (Underlay). 

When there is a failover in BGW - (Either the BGW reboots or ISP goes down), all the traffic will immediately switch over to the next available BGW or ISP link. 

All the client traffic will follow the path of the available uplinks. 

However, for voice traffic which are source NATed using the BGW's uplink would get disconnected and reconnected in case of such scenarios as they are not NAT failover tolerant. This is because, during the failover of BGW or ISP, the traffic will be Src-NATed and sent over a different ISP uplink in which the source IP of the traffic will be changed. This causes the audio session to get disconnected and reconnect with the new ISP uplink. 

Rest of the traffic are not affected as they can tolerate the change the uplink and new sessions will be created without affecting the service. 

Only way to avoid the disconnect of audio sessions with BGW failover is to use the full tunnel mode where all the traffic is routed inside the IPsec tunnel to the VPNC. 
Irrespective of which uplink is used or in case of BGW or ISP failover, the voice traffic are unaffected as they are routed inside the IPsec tunnel with the same source-IP address of the client.

Version history
Revision #:
2 of 2
Last update:
‎09-25-2019 11:42 PM
Updated by:
Labels (1)