Re: IP static routing issue

R Manjunatha · ‎07-28-2023

HI,

I can ping the IP address192.168.29.105 of the vManage controller from the internet router but I am unable to ping from vEdge2 router. I confirmed the default route towards the internet router ip route 0.0.0.0/0 70.1.1.13.

Internet router

Verizon-Internet#ping 192.168.29.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.29.105, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/43/138 ms

configuration

interface Ethernet0/0
ip address 70.1.1.1 255.255.255.252
duplex auto

!
interface Ethernet2/0
ip address 80.1.1.2 255.255.255.252
duplex auto
!
interface Ethernet2/1
ip address 70.1.1.13 255.255.255.252
duplex auto
!
interface Ethernet2/2
ip address 70.1.1.9 255.255.255.252
duplex auto
!
interface Ethernet2/3
ip address 70.1.1.5 255.255.255.252
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 80.1.1.1 name towards-Core-Router

vEdge2- configuration

vEdge2# ping 192.168.29.105
Ping in VPN 0
PING 192.168.29.105 (192.168.29.105) 56(84) bytes of data.
^C
--- 192.168.29.105 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7205ms

interface ge0/0
description "CONNECT TO MPLS"
ip address 60.1.1.14/30
tunnel-interface
encapsulation ipsec
color mpls
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
description "CONNECTED TO INTERNET"
ip address 70.1.1.14/30
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 70.1.1.13
!
vpn 100
name service-VPN
router
ospf
timers spf 200 1000 10000
redistribute omp
area 0
interface ge0/2
exit
exit
!
!
interface ge0/2
description vpn100-internal-LAN
ip address 20.1.1.1/30
no shutdown
!
!
vpn 512
name Mgnt-VPN512
interface eth0
description Magnt-VPN512-Interface
ip dhcp-client
no shutdown

MHM Cisco World · ‎07-28-2023

Just check cable and interface between vedge and internet router are it correct or not

Config is OK

Richard Burts · ‎07-28-2023

I do not see that either device has any interface in 192.168.anything or any route for 192.168.anything so I do not understand how any ping works.

HTH

Rick

R Manjunatha · ‎07-28-2023

all SD-WAN controllers are installed in hypervisor Esxi and there is a communication with pnetlab

R Manjunatha · ‎07-28-2023

connections are correct and it's ping internet gateway.

vEdge2# ping 70.1.1.13
Ping in VPN 0
PING 70.1.1.13 (70.1.1.13) 56(84) bytes of data.
64 bytes from 70.1.1.13: icmp_seq=1 ttl=255 time=20.9 ms
64 bytes from 70.1.1.13: icmp_seq=2 ttl=255 time=13.1 ms
64 bytes from 70.1.1.13: icmp_seq=3 ttl=255 time=9.32 ms
64 bytes from 70.1.1.13: icmp_seq=4 ttl=255 time=21.1 ms
64 bytes from 70.1.1.13: icmp_seq=5 ttl=255 time=16.9 ms

MHM Cisco World · ‎07-29-2023

ping 192.168.29.105 source 70.1.1.14

Flavio Miranda · ‎07-28-2023

Hi @R Manjunatha

As per the logs, the ping is trying to reach using vlan0

Edge2# ping 192.168.29.105
Ping in VPN 0

But, this should be management traffic, right? Probably you are trying to join the cEdge to the vManage. It should go to Vlan 512

VPN 0—Transport VPN, which carries control traffic via the configured WAN transport interfaces. Initially, VPN 0 contains all of a device's interfaces except for the management interface, and all interfaces are disabled.

VPN 512—Management VPN, which carries out-of-band network management traffic among the Viptela devices in the overlay network. The interface used for management traffic resides in VPN 512. By default, VPN 512 is configured and enabled on all vEdge routers except for vEdge 100. For controller devices, by default, VPN 512 is not configured.