Troubleshooting MVE When Down or Unavailable
If your MVE is down or unavailable, step through these troubleshooting actions.
You can verify MVE status from the Megaport Portal. On the Services page in the Portal, find the MVE and mouse over its icon. A message displays the status of the service. (The color of the icon also indicates the service status.)
|PingA ping test transmits data packets to a specific IP address and either confirms or denies connectivity between IP-networked devices. test to MVE
|Run ping tests from MVE to the following destinations:
|Verify MVE remote access configurations
|Verify a Cisco configuration
|Check if Megaport API call communication is allowed
The Cisco vManage console uses Megaport API calls to synchronize and authenticate the MVE. If you use a vManage console that does not allow this API call, for example, an on-premises vManage, you might need to open ports on the customer firewall protecting the on-premises vManage. For details, see Firewall Ports for Cisco SD-WAN Deployments.
Ensure internet access is granted (vManage)
For an edge device to come online, it needs internet access through the Transport & Management VPN.
To check the configuration details in vManage:
|Verify a Fortinet configuration
|Ensure SSH access is granted
Try to connect using SSH to the Fortinet MVE instance using the private key generated when ordering and the public IP address assigned by Megaport. The default username is
ssh -i ~/.ssh/mp1-mve-sa-sandbox email@example.com
Note the key pasted in the Megaport Portal is the public key and the key used for SSH is the private one.
If you cannot connect with SSH to the MVE while the VM is up, you might need to delete and re-generate the MVE.
Ensure HTTPS access is allowed
Self-hosted web access to the FortiGate is delivered through a secure HTTPS session. The MVE blocks all access to the public IP addresses assigned to the device until you SSH into it and grant HTTPS access.
You can verify if access is allowed with the following command:
show system interface
|Verify a Versa configuration
|Verify the remote access configuration in Versa Director:
|Verify a VMware configuration
|Verify the device configuration is correct in Orchestrator:
|Verify ACL/FW rules on customer devices
|During some troubleshooting sessions where the circuit is up but you cannot ping between Layer 3The network layer of the OSI model. L3 translates a logical network address into a physical machine address (IP addressing). endpoints, there might be a firewall or ACL in between.
It is essential to know the source of the ping and its destination and the path, and any intermediate devices it traverses. Megaport will require a network diagram and the traceroute result before investigation and troubleshooting. Inaccurate information may lead to wrong troubleshooting results and inappropriate solutions.
Perform these checks before raising a support request:
If the troubleshooting actions do not resolve your issue, contact support. Before contacting support for assistance, collect the following information.
- Provide details of all troubleshooting steps.
For instance, if loops were placed, note where they were located and their direction.
When a field service technician is needed onsite at the data center, see Customer Field Services for details.