vpn 0 interface tunnel-interface hello-tolerance—Configure how long to wait for a Hello packet on a DTLS or TLS WAN transport connection before declaring that transport tunnel to be down (on vEdge routers and vSmart controllers only).
vManage Feature Template
For vEdge routers and vSmart controllers only:
Configuration ► Templates ► VPN Interface Cellular (for vEdge cellular wireless routers only)
Configuration ► Templates ► VPN Interface Ethernet
Configuration ► Templates ► VPN Interface PPP
- Hello Tolerance Interval
How long to wait since the last Hello packet was sent on a DTLS or TLS WAN tunnel connection before declaring the tunnel to be down.
The hello tolerance interval must be at least twice the hello interval, to ensure that at least one keepalive packet reaches and then returns from the remote side before timing out the peer. The default hello interval is 1000 milliseconds (1 second). (Note that the hello interval is configured in milliseconds, and the hello tolerance is configured in seconds.)
- The combination of the hello interval and hello tolerance determines how long to wait before declaring a DTLS or TLS tunnel to be down. With the default hello interval of 1 second and the default tolerance of 12 seconds, if no Hello packet is received within 11 seconds, the tunnel is declared down at 12 seconds. If the hello interval or the hello tolerance, or both, are different at the two ends of a DTLS or TLS tunnel, the tunnel chooses the interval and tolerance as follows:
• For a tunnel connection between two controller devices, the tunnel uses the lower hello interval and the higher tolerance interval for the connection between the two devices. (Controller devices are vBond controllers, vManage NMSs, and vSmart controllers.) This choice is made in case one of the controllers has a slower WAN connection. The hello interval and tolerance times are chosen separately for each pair of controller devices.
• For a tunnel connection between a vEdge router and any controller device, the tunnel uses the hello interval and tolerance times configured on the router. This choice is made to minimize the amount traffic sent over the tunnel, to allow for situations where the cost of a link is a function of the amount of traffic traversing the link. The hello interval and tolerance times are chosen separately for each tunnel between a vEdge router and a controller device.
Range: 12 through 6000 seconds (10 minutes)
Default: 12 seconds
Decrease the amount of keepalive traffic sent between a vEdge router and Viptela controller devices:
vEdge(config)# vpn 0 interface ge0/0 tunnel-interface color lte vEdge(config-tunnel-interface)# encapsulation ipsec vEdge(config-tunnel-interface)# hello-interval 600000 vEdge(config-tunnel-interface)# hello-tolerance 600
Command introduced in Viptela Software Release 15.2.
In Release 16.2, maximum tolerance increased from 1 minute to 10 minutes.
In Release 16.2.1, add requirement that hello tolerance must be at least 2 times the hello interval.