About Gateway States

Gateway state is dictated by the following factors.

  • State of the gateway as reported by the cloud provider.

  • Connectivity between Controller and gateway over HTTPS (TCP port 443).

  • Status of critical services running on the gateway.

An Aviatrix Gateway could be in any of the following states over its lifetime.

WAITING: This is the initial state of a gateway immediately after the launch. The gateway will transition to UP state when the controller starts receiving keepalive messages from the newly launched gateway.

UP: The gateway is fully functional. All critical services running on the gateway are up and the gateway and the controller are able to exchange messages with each other.

DOWN: A gateway can be down under the following circumstances.

  • The gateway and the Controller could not communicate with each other over HTTPS (443).

  • The Gateway instance (VM) is not in running state.

  • Critical services are down on the gateway.

KEEPALIVE_FAIL: The Controller did not receive the expected number of keepalive messages from the gateway during a health check, which indicates that connectivity between Controller and gateway has been lost. However, at least one other Gateway peered to this Gateway is reporting an active tunnel. Therefore, no data plane change (for example, updating routes) has occurred.

Since the Controller has lost connectivity to the Gateway, you cannot make any configuration changes to the Gateway until connection has been re-established. We recommend that you file a support ticket with Aviatrix to resolve this problem.

CONFIG-FAIL: The gateway could not process a configuration command from the Controller successfully. Please open a support ticket at Aviatrix Support Portal for assistance.

If a gateway is not in UP state, please perform the following steps.

  • Examine the security policy of the Aviatrix Controller instance and make sure TCP port 443 is opened to traffic originating from gateway public IP address.

  • Examine the security policy of the gateway and make sure that TCP port 443 is opened to traffic originating from controller public IP address. This rule is inserted by the Aviatrix Controller during gateway creation. Please restore it if was removed for some reason.

  • Make sure network ACLs or other firewall rules are not configured to block traffic between controller and gateway over TCP port 443.