diff --git a/README.md b/README.md
index 830a851..5ad50f7 100644
--- a/README.md
+++ b/README.md
@@ -20,23 +20,24 @@ docker build .
 
 ## Environment config
 
-* `NSM_NAME`                     - Name of vL3 Server (default: "docker-vl3-server")
-* `NSM_REQUEST_TIMEOUT`          - timeout to request NSE (default: "15s")
-* `NSM_CONNECT_TO`               - url to connect to (default: "tcp://k8s.nsm")
-* `NSM_MAX_TOKEN_LIFETIME`       - maximum lifetime of tokens (default: "10m")
-* `NSM_REGISTRY_CLIENT_POLICIES` - paths to files and directories that contain registry client policies (default: "etc/nsm/opa/common/.*.rego,etc/nsm/opa/registry/.*.rego,etc/nsm/opa/client/.*.rego")
-* `NSM_SERVICE_NAMES`            - Name of providing service (default: "docker-vl3")
-* `NSM_REGISTER_SERVICE`         - if true then registers network service on startup (default: "true")
-* `NSM_REGISTER_AS_URL`          - Endpoint URL
-* `NSM_LABELS`                   - Endpoint labels
-* `NSM_TUNNEL_IP`                - IP to use for tunnels
-* `NSM_VL3_PREFIX`               - vl3 prefix (default: "169.254.0.0/16")
-* `NSM_INTERFACE_NAME`           - Name of the nsm network interface (default: "nsm")
-* `NSM_FEDERATES_WITH`           - Name of the federated domain (default: "k8s.nsm")
-* `NSM_TRUST_DOMAIN`             - Name of the trust domain (default: "docker.nsm")
-* `NSM_LOG_LEVEL`                - Log level (default: "INFO")
-* `NSM_PPROF_ENABLED`            - is pprof enabled (default: "false")
-* `NSM_PPROF_LISTEN_ON`          - pprof URL to ListenAndServe (default: "localhost:6060")
+* `NSM_NAME`                        - Name of vL3 Server (default: "docker-vl3-server")
+* `NSM_REQUEST_TIMEOUT`             - timeout to request NSE (default: "15s")
+* `NSM_CONNECT_TO`                  - url to connect to (default: "tcp://k8s.nsm")
+* `NSM_MAX_TOKEN_LIFETIME`          - maximum lifetime of tokens (default: "10m")
+* `NSM_REGISTRY_CLIENT_POLICIES`    - paths to files and directories that contain registry client policies (default: "etc/nsm/opa/common/.*.rego,etc/nsm/opa/registry/.*.rego,etc/nsm/opa/client/.*.rego") 
+* `NSM_SERVICE_NAMES`               - Name of providing service (default: "docker-vl3")
+* `NSM_REGISTER_SERVICE`            - if true then registers network service on startup (default: "true")
+* `NSM_REGISTER_AS_URL`             - Endpoint URL
+* `NSM_LABELS`                      - Endpoint labels
+* `NSM_TUNNEL_IP`                   - IP to use for tunnels
+* `NSM_VL3_PREFIX`                  - vl3 prefix (default: "169.254.0.0/16")
+* `NSM_INTERFACE_NAME`              - Name of the nsm network interface (default: "nsm")
+* `NSM_FEDERATES_WITH`              - Name of the federated domain (default: "k8s.nsm")
+* `NSM_TRUST_DOMAIN`                - Name of the trust domain (default: "docker.nsm")
+* `NSM_LOG_LEVEL`                   - Log level (default: "INFO")
+* `NSM_PPROF_ENABLED`               - is pprof enabled (default: "false")
+* `NSM_PPROF_LISTEN_ON`             - pprof URL to ListenAndServe (default: "localhost:6060")
+* `NSM_VPP_MIN_OPERATION_TIMEOUT`   - minimum timeout for every vpp operation
 
 # Testing
 
diff --git a/go.mod b/go.mod
index 941839a..8c0e799 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/networkservicemesh/sdk v0.5.1-0.20241227223757-422abe9bfbdd
 	github.com/networkservicemesh/sdk-kernel v0.0.0-20241227224026-3bba51753247
 	github.com/networkservicemesh/sdk-vpp v0.0.0-20241227224413-166396795a3c
-	github.com/networkservicemesh/vpphelper v0.0.0-20240115135903-e2b961f768b6
+	github.com/networkservicemesh/vpphelper v0.0.0-20241209033247-bcb5c25a9f29
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spiffe/go-spiffe/v2 v2.1.7
diff --git a/go.sum b/go.sum
index 099fcdf..d86d73d 100644
--- a/go.sum
+++ b/go.sum
@@ -145,8 +145,8 @@ github.com/networkservicemesh/sdk-kernel v0.0.0-20241227224026-3bba51753247 h1:Z
 github.com/networkservicemesh/sdk-kernel v0.0.0-20241227224026-3bba51753247/go.mod h1:BEcSP25b0qmilHCYv5QtGtADOI4sU8eX/lJskK5O5fc=
 github.com/networkservicemesh/sdk-vpp v0.0.0-20241227224413-166396795a3c h1:sLos0zvQuAqbTjvIM0ZIJ+w0XE/RCDgrWfEz5N8zmPA=
 github.com/networkservicemesh/sdk-vpp v0.0.0-20241227224413-166396795a3c/go.mod h1:UeWHbi3ozPYRxoA2nlZNWsSDnsMCr4PM5abgtJO93iM=
-github.com/networkservicemesh/vpphelper v0.0.0-20240115135903-e2b961f768b6 h1:o+enN5yCikNXZN+hO+JjE+aLxBWq9+GMVF9GSQtpwMI=
-github.com/networkservicemesh/vpphelper v0.0.0-20240115135903-e2b961f768b6/go.mod h1:n6+8PnoDvWj6WMryfU3J8HOCusgysFjQ0kGLfrcsDEM=
+github.com/networkservicemesh/vpphelper v0.0.0-20241209033247-bcb5c25a9f29 h1:hqYoTeQ9mFOIoKUMBXg779SU2yJWrrapucKgoPNZ1co=
+github.com/networkservicemesh/vpphelper v0.0.0-20241209033247-bcb5c25a9f29/go.mod h1:Qc5x5poZk5cVzcHk4ZIL6+NMC95uoitsmmnl7X9V/Yw=
 github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
 github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/open-policy-agent/opa v0.44.0 h1:sEZthsrWBqIN+ShTMJ0Hcz6a3GkYsY4FaB2S/ou2hZk=
diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go
index 72ede7c..a243388 100644
--- a/internal/imports/imports_linux.go
+++ b/internal/imports/imports_linux.go
@@ -61,6 +61,7 @@ import (
 	_ "github.com/networkservicemesh/sdk/pkg/tools/token"
 	_ "github.com/networkservicemesh/sdk/pkg/tools/tracing"
 	_ "github.com/networkservicemesh/vpphelper"
+	_ "github.com/networkservicemesh/vpphelper/extendtimeout"
 	_ "github.com/pkg/errors"
 	_ "github.com/sirupsen/logrus"
 	_ "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig"
diff --git a/main.go b/main.go
index 585f84b..605e4ff 100644
--- a/main.go
+++ b/main.go
@@ -35,6 +35,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/kelseyhightower/envconfig"
 	"github.com/pkg/errors"
+	"go.fd.io/govpp/api"
 
 	nested "github.com/antonfisher/nested-logrus-formatter"
 	"github.com/edwarnicke/grpcfd"
@@ -45,6 +46,7 @@ import (
 	"google.golang.org/grpc/credentials"
 
 	"github.com/networkservicemesh/vpphelper"
+	"github.com/networkservicemesh/vpphelper/extendtimeout"
 
 	"github.com/networkservicemesh/api/pkg/api/networkservice"
 	"github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/cls"
@@ -111,6 +113,7 @@ type Config struct {
 	LogLevel               string            `default:"INFO" desc:"Log level" split_words:"true"`
 	PprofEnabled           bool              `default:"false" desc:"is pprof enabled" split_words:"true"`
 	PprofListenOn          string            `default:"localhost:6060" desc:"pprof URL to ListenAndServe" split_words:"true"`
+	VPPMinOperationTimeout time.Duration     `default:"2s" desc:"minimum timeout for every vpp operation" split_words:"true"`
 }
 
 // Process prints and processes env to config
@@ -197,6 +200,7 @@ func main() {
 		<-vppErrCh
 	}()
 	config.TunnelIP = vppinit.Must(vppinit.LinkToAfPacket(ctx, vppConn, config.TunnelIP))
+	vppConn = extendtimeout.NewConnection(vppConn, config.VPPMinOperationTimeout)
 
 	// ********************************************************************************
 	log.FromContext(ctx).Info("executing phase 3: start spire-server and spire-agent")
@@ -343,7 +347,7 @@ func main() {
 	<-vppErrCh
 }
 
-func createVl3Endpoint(ctx context.Context, config *Config, vppConn vpphelper.Connection, source *workloadapi.X509Source, tlsServerConfig *tls.Config) *grpc.Server {
+func createVl3Endpoint(ctx context.Context, config *Config, vppConn api.Connection, source *workloadapi.X509Source, tlsServerConfig *tls.Config) *grpc.Server {
 	vl3Endpoint := endpoint.NewServer(ctx,
 		spiffejwt.TokenGeneratorFunc(source, config.MaxTokenLifetime),
 		endpoint.WithName(config.Name),