The drops in the non-critical queues are less common or less likely to impact customers.

The following are the non-critical queues that can be monitored.

vc_queue_vcmp_init – This queue provides VCMP tunnel initiation messages regarding new tunnel setup. The Gateway throttles incoming tunnel requests to the maximum rate they can be handled without disrupting the existing traffic, based on available cores. As a result, the drops are expected in the queue on a Gateway with many tunnels.

These drops should come in large bursts following a specific event, like Gateway restart or transit interruption, and there should not be drops during normal operation.

vc_queue_vcmp_ctrl_0 and vc_queue_vcmp_ctrl_1 – This queue provides VCMP tunnel management control messages received on the existing tunnels. This includes messages such as route updates, path state updates, heartbeats, statistics, QoS Sync, and tunnel information.

Almost all control messages have built-in retry mechanisms to account for these drops, like route updates.

The following is a python sample script to find VCMP ctrl drops.

#!/usr/bin/env python
"""
Check VCG vcmp drop count
"""
import os
import sys
import subprocess
import commands
import re
from optparse import OptionParser
# Parse commandline options:
parser = OptionParser(usage="%prog -w <warning threshold> -c <critical threshold> -o <vcmp> [ -h ]")
parser.add_option("-w", "--warning", action="store", type="string", dest="warn_threshold", help="Count Warning threshold should be in <value>")
parser.add_option("-c", "--critical",action="store", type="string", dest="crit_threshold", help="Count Critical threshold should be in <value>")
parser.add_option("-o", "--vcmp-name",action="store", type="string", dest="vcmp_name", help="VCMP Name in ctrl or tx drop <value>")
(options, args) = parser.parse_args()

def get_vcg_vcmp_drop_count(VCMPNAME):
 if os.path.isfile('/opt/vc/bin/debug.py'):
        L=[]
        f=subprocess.check_output(["/opt/vc/bin/debug.py","--handoff"])
        x=[r.split() for r in f.split('\n')]
        reg = re.compile(VCMPNAME)
        for i in x:
         if filter(reg.match, i):
           L.append((int(i[7])))
        return list(L)
 else:
    print "Critical: unable to get vcmp drop count()"
    sys.exit(2)

if __name__ == '__main__':
  if not options.vcmp_name:
      print "Critical: Missing vcmp drop name. (vc_queue_vcmp_ctrl or vc_queue_vcmp_tx)"
      sys.exit(2)
  if not options.crit_threshold:
      print "CRITICAL: Missing critical threshold value."
      sys.exit(2)
  if not options.warn_threshold:
      print "CRITICAL: Missing warning threshold value."
      sys.exit(2)

  vcmp_name = options.vcmp_name
  crit_threshold = options.crit_threshold
  warn_threshold = options.warn_threshold

  result = get_vcg_vcmp_drop_count(vcmp_name)
  result_data = sum(result)
  if os.path.exists("/tmp/ vc_queue_vcmp_data_output"):
     cmd="cat /tmp/ vc_queue_vcmp_data_output"
     status,output = commands.getstatusoutput(cmd)
     change= int(result_data) -  int(output)

  cmd="echo %d > /tmp/ vc_queue_vcmp_data_output" %result_data
  status,output = commands.getstatusoutput(cmd)
  if not list(result):
      print "Critical: Unable to get vcmp drop count."
      sys.exit(2)
  else:
      if int(change) > int(crit_threshold) :
        print "Critical. Drop count > crit_threshold: vc_queue_vcmp_ctrl_0: %s and vc_queue_vcmp_ctrl_1: %s" % (result[0],result[1])
        sys.exit(1)
      elif int(change) > int(warn_threshold) :
        print "Warning. Drop count > warn_threshold: vc_queue_vcmp_ctrl_0: %s and vc_queue_vcmp_ctrl_1: %s" % (result[0],result[1])
        sys.exit(1)
      else:
        print "OK. Drop count: %s" % result
        sys.exit(0)

vc_queue_vcmp_bottom – This queue is second stage of processing of VCMP data packets received over VCMP tunnels. The queue handles routing traffic to the appropriate destination, like NAT, VLAN/VRF, Non VMware SD-WAN Site, and Edge.

It is unlikely that drops happen in this queue as the drops are more likely seen in the vc_queue_vcmp_data_X queues.

vc_queue_ike - The queue processes IKE protocol messages to manage keys and other state of encryption sessions.

This is generally a low volume traffic and it is unlikely that drops are encountered here. If drops occur, IKE messages are retried.