vpn 0 interface tunnel-interface hello-interval—Configure the keepalive interval between Hello packets sent on a DTLS or TLS WAN transport connection.
vManage Feature Template
For all Viptela devices:
Configuration ► Templates ► VPN Interface Cellular (for vEdge cellular wireless routers only)
Configuration ► Templates ► VPN Interface Ethernet
Configuration ► Templates ► VPN Interface PPP
- Hello Interval
Interval between Hello packets sent on a DTLS or TLS WAN tunnel connection. The combination of the hello interval and hello tolerance determines how long to wait before declaring a DTLS or TLS tunnel to be down.
The hello tolerance interval must be at least two times the tunnel hello interval. The default hello interval is 1000 milliseconds (1 second). (Note that the hello interval is configured in milliseconds, and the hello tolerance is configured in seconds.)
With the default hello interval of 1 second and the default tolerance of 12 seconds, if no Hello packet is received within 11 seconds, the tunnel is declared down at 12 seconds. If the hello interval or the hello tolerance, or both, are different at the two ends of a DTLS or TLS tunnel, the tunnel chooses the interval and tolerance as follows:
• For a tunnel connection between two controller devices, the tunnel uses the lower hello interval and the higher tolerance interval for the connection between the two devices. (Controller devices are vBond controllers, vManage NMSs, and vSmart controllers.) This choice is made in case one of the controllers has a slower WAN connection. The hello interval and tolerance times are chosen separately for each pair of controller devices.
• For a tunnel connection between a vEdge router and any controller device, the tunnel uses the hello interval and tolerance times configured on the router. This choice is made to minimize the amount traffic sent over the tunnel, to allow for situations where the cost of a link is a function of the amount of traffic traversing the link. The hello interval and tolerance times are chosen separately for each tunnel between a vEdge router and a controller device.
Range: 100 through 600000 milliseconds (10 minutes)
Default: 1000 milliseconds (1 second)
Decrease the amount of keepalive traffic sent between a vEdge router and Viptela controller devices:
vEdge(config)# vpn 0 interface ge0/0 tunnel-interface color lte vEdge(config-tunnel-interface)# encapsulation ipsec vEdge(config-tunnel-interface)# hello-interval 600000 vEdge(config-tunnel-interface)# hello-tolerance 600
Command introduced in Viptela Software Release 15.2.
In Release 16.2, maximum interval changed from 60 seconds to 10 minutes.
In Release 16.2.1, add requirement that hello tolerance must be at least 2 times the hello interval.