: dump servicelink summary
Focus
Focus

dump servicelink summary

Table of Contents

dump servicelink summary

Use the dump servicelink summary command to display information on standard VPNs. Information includes the name of the standard VPN, status, parent interface, extended state of the VPN, IP addresses of the local and standard VPN endpoints, Type (GRE or IPsec), and the IPsec profile.

Command

dump servicelink summary ( all | sltype=)

Options

allEnter all to display summary of all the standard VPNs.
sltypeEnter type to view the summary of all the standard VPNs matching the type.

Command Notes

RoleSuper, Read Only, Monitor
Related Commands
dump servicelink stats
dump servicelink status
Introduced in Release 4.7.1

Example

dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 2 TotalUP : 1 TotalDown : 1 --------------------------------------------------------------- SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- sl2 Gre down gre_keepalive_configured eth3 10.9.18.209 10.9.18.36 GRE N/A sl1 ubuntu up tunnel_up eth3 10.9.18.209 10.9.18.35 IPsec Ubuntu
dump servicelink summary all -------------- SERVICE LINKS ---------------------------------- Total : 2 TotalUP : 0 TotalDown : 2 --------------------------------------------------------------- Vrf SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- blue sl2 service_link-1709200539046021828 down peer_address_unresolved eth2 70.0.0.1 IPsec ZSCALER_IKEV2 green sl1 service_link-1704789489196015028 down proposal_mismatch_ike eth2 70.0.0.1 70.0.0.2 IPsec ZSCALER_IKEV2 dump servicelink summary sltype=ipsec -------------- SERVICE LINKS ---------------------------------- Total : 2 TotalUP : 0 TotalDown : 2 --------------------------------------------------------------- Vrf SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile --------------------------------------------------------------- green sl1 service_link-1704789489196015028 down retransmit_send eth2 70.0.0.1 255.255.255.0 IPsec ZSCALER_IKEV2 blue sl2 service_link-1709200539046021828 down peer_address_unresolved eth2 70.0.0.1 IPsec ZSCALER_IKEV2 dump servicelink summary sltype=gre -------------- SERVICE LINKS ---------------------------------- Total : 0 TotalUP : 0 TotalDown : 0 --------------------------------------------------------------- Vrf SlDev SlName Status ExtState ParentDev LocalIP Peer Type IpsecProfile ---------------------------------------------------------------
The ExtState in the command output displays the status of the standard VPN. The following table describes the various reasons for the VPN tunnel down status:
Extended State Description
liveliness_failedIf the liveliness is configured and if probe does not get the response through the tunnel, the tunnel manager marks the tunnel down with the extended status as liveliness failed.
parent_no_ipThe underlay parent interface on which the standard VPN tunnel is configured does not have the IP address.
peer_address_unresolvedIf there is no peer IP address to use.
invalid_service_endpointService endpoint configured is not present.
peer_auth_failedPeer authentication failed.
parse_errorIf the control message parsing failed during tunnel bring up.
cert_expiredIf the certificates are expired.
cert_revokedIf the certificates are revoked.
no_issuer_certNo Issuer certificate found.
retransmit_send_timeoutIf no response is seen from the remote.
proposal_mismatch_ikeProposal mismatch in phase-1.
proposal_mismatch_childProposal mismatch in phase-2.
admin_downService link is admin down.
StandbySpokeSpoke is Stand up.
bringup_waitScenarios to move to this state:
  • After unloading the VPN connection.
  • If the load connection request fails.
  • If the terminate SA request fails.
bring upWhen the config is complete and trying to bring up the connection.
hold_downWhen the tunnel flaps 3 times with in 120 sec (2 min), we mark the tunnel to be in hold downstate.
internal_resource_unavailableParsing psk failed in tunnelmgr.
duplicate_endpointsAlready a tunnel is UP with the same Source and Remote IP.
local_auth_failedReceived authentication failed.
peer_auth_failedDetected authentication failed.
parse_errorParsing control message failed.
retransmit_send_timeoutNo reply from peer retry in progress.
half_open_timeoutTimeout for negotiating child sa in phase2.
proposal_mismatch_ikePhase1 proposal mismatch (ike).
proposal_mismatch_childPhase2 proposal mismatch (ipsec).
transform_selector_mismatch Phase2 selectors mismatch (ipsec).
install_child_sa_failedInstalling child sa failed.
install_child_policy_failedInstalling child policy failed.
authorization_failedWhen explicit authorization rules are defiled (remote identity).
cert_expiredWhen the certificate is expired.
cert_revokedCertificate is revoked.
no_issuer_certNo issuer certificate found.
unique_replaceSession is uniquely identified uniquely.
unique_keepKeep the session with unique ids.
vip_failureVirtual interface creation failed.
retransmit_sendNo reply from peer, hence retry in progress.
standby_spokeStandby spoke.
lowerlayerdown Lower layer is down.
liveliness_configuredWhen the tunnel comes up and if liveliness is configured.
tunnel_bringup_up_waitWhen the tunnel is in bringup wait state.
tunnel_bringupWhen the tunnel is in bringup state (loading the config to charon).
multiple_ike_session When tunnel is reset because of multi ike.
invalid_auth_param When the secret is invalid.
config_changedConfiguration was updated.
load_failedLoading the configuration failed.
gre_keepalive_configuredGRE keepalive is configured.