Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1739
Views
5
Helpful
19
Replies

DUAL WAN vEdge doesn't form full mesh without default route

shlomim
Level 1
Level 1

‎07-31-2025 02:26 AM

Hi,

I'm running on LAB Cisco SD-WAN, version 20.11.1.

there are two vEdge that have DUAL WAN, and connected to two ISPs with BGP.

I have enabled 2 Maximum-Paths for BGP and multipath relax.

the DUAL WAN vEdges receive from both ISPs the specific prefixes of the other vEdges/cEdges.

it does not form full mesh bfd/ipsec tunnels:

vEdge3# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.17.1.5 102 up private1 mpls 10.33.0.1 10.102.0.1 12386 ipsec 7 1000 0:00:06:57 0
172.17.1.5 102 down biz-internet mpls 150.33.0.1 10.102.0.1 12386 ipsec 7 1000 NA 0
172.17.1.6 102 down private1 biz-internet 10.33.0.1 150.102.0.1 12406 ipsec 7 1000 NA 0
172.17.1.6 102 up biz-internet biz-internet 150.33.0.1 150.102.0.1 12406 ipsec 7 1000 0:00:06:48 0
172.17.1.101 101 up private1 mpls 10.33.0.1 10.101.1.1 12386 ipsec 7 1000 0:00:06:56 0
172.17.1.101 101 down biz-internet mpls 150.33.0.1 10.101.1.1 12386 ipsec 7 1000 NA 0
172.17.1.111 1 up private1 custom1 10.33.0.1 150.11.1.0 12366 ipsec 7 1000 0:00:06:57 0
172.17.1.111 1 up private1 custom2 10.33.0.1 150.22.1.0 12386 ipsec 7 1000 0:00:06:57 0
172.17.1.111 1 up biz-internet custom1 150.33.0.1 150.11.1.0 12366 ipsec 7 1000 0:00:06:48 0
172.17.1.111 1 up biz-internet custom2 150.33.0.1 150.22.1.0 12386 ipsec 7 1000 0:00:06:48 0
172.17.1.201 101 down private1 biz-internet 10.33.0.1 150.101.2.1 12406 ipsec 7 1000 NA 0
172.17.1.201 101 up biz-internet biz-internet 150.33.0.1 150.101.2.1 12406 ipsec 7 1000 0:00:06:48 0
172.17.1.222 1 up private1 custom1 10.33.0.1 150.11.2.0 12386 ipsec 7 1000 0:00:06:57 0
172.17.1.222 1 up private1 custom2 10.33.0.1 150.22.2.0 12366 ipsec 7 1000 0:00:06:57 0
172.17.1.222 1 up biz-internet custom1 150.33.0.1 150.11.2.0 12386 ipsec 7 1000 0:00:06:48 0
172.17.1.222 1 up biz-internet custom2 150.33.0.1 150.22.2.0 12366 ipsec 7 1000 0:00:06:48 0
172.17.2.4 44 up private1 mpls 10.33.0.1 10.44.0.1 12426 ipsec 7 1000 0:00:06:57 0
172.17.2.4 44 down private1 biz-internet 10.33.0.1 150.44.0.1 12406 ipsec 7 1000 NA 0
172.17.2.4 44 down biz-internet mpls 150.33.0.1 10.44.0.1 12426 ipsec 7 1000 NA 0
172.17.2.4 44 up biz-internet biz-internet 150.33.0.1 150.44.0.1 12406 ipsec 7 1000 0:00:06:48 0

the routing table:

vEdge3# show route bgp
-------------^
syntax error: missing display group
vEdge3# show ip route bgp
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 1.1.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 8.8.8.8/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 10.11.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.22.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.33.0.0/30 bgp - - 10.33.0.2 - - - - I
0 10.44.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.101.1.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.102.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 100.100.100.100/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.33.0.0/30 bgp - - 150.33.0.2 - - - - I
0 150.44.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.101.2.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.102.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S

 

BUT - when both ISPs send in addition to the specific routes - a default route - the issue is resolved

here is the output after receiving an additional default route:

vEdge3# show ip route bgp
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 0.0.0.0/0 bgp e ge0/1 10.33.0.2 - - - - F,S
0 0.0.0.0/0 bgp e ge0/0 150.33.0.2 - - - - F,S
0 1.1.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 8.8.8.8/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 10.11.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.22.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.33.0.0/30 bgp - - 10.33.0.2 - - - - I
0 10.44.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.101.1.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.102.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 100.100.100.100/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.33.0.0/30 bgp - - 150.33.0.2 - - - - I
0 150.44.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.101.2.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.102.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/0 150.33.0.2 - - - - F,S

 

vEdge3# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.17.1.5 102 up private1 mpls 10.33.0.1 10.102.0.1 12386 ipsec 7 1000 0:00:09:43 0
172.17.1.5 102 up biz-internet mpls 150.33.0.1 10.102.0.1 12386 ipsec 7 1000 0:00:00:09 0
172.17.1.6 102 up private1 biz-internet 10.33.0.1 150.102.0.1 12406 ipsec 7 1000 0:00:00:27 0
172.17.1.6 102 up biz-internet biz-internet 150.33.0.1 150.102.0.1 12406 ipsec 7 1000 0:00:09:34 0
172.17.1.101 101 up private1 mpls 10.33.0.1 10.101.1.1 12386 ipsec 7 1000 0:00:09:42 0
172.17.1.101 101 up biz-internet mpls 150.33.0.1 10.101.1.1 12386 ipsec 7 1000 0:00:00:09 0
172.17.1.111 1 up private1 custom1 10.33.0.1 150.11.1.0 12366 ipsec 7 1000 0:00:09:43 0
172.17.1.111 1 up private1 custom2 10.33.0.1 150.22.1.0 12386 ipsec 7 1000 0:00:09:43 0
172.17.1.111 1 up biz-internet custom1 150.33.0.1 150.11.1.0 12366 ipsec 7 1000 0:00:09:34 0
172.17.1.111 1 up biz-internet custom2 150.33.0.1 150.22.1.0 12386 ipsec 7 1000 0:00:09:34 0
172.17.1.201 101 up private1 biz-internet 10.33.0.1 150.101.2.1 12406 ipsec 7 1000 0:00:00:27 0
172.17.1.201 101 up biz-internet biz-internet 150.33.0.1 150.101.2.1 12406 ipsec 7 1000 0:00:09:34 0
172.17.1.222 1 up private1 custom1 10.33.0.1 150.11.2.0 12386 ipsec 7 1000 0:00:09:43 0
172.17.1.222 1 up private1 custom2 10.33.0.1 150.22.2.0 12366 ipsec 7 1000 0:00:09:43 0
172.17.1.222 1 up biz-internet custom1 150.33.0.1 150.11.2.0 12386 ipsec 7 1000 0:00:09:34 0
172.17.1.222 1 up biz-internet custom2 150.33.0.1 150.22.2.0 12366 ipsec 7 1000 0:00:09:34 0
172.17.2.4 44 up private1 mpls 10.33.0.1 10.44.0.1 12426 ipsec 7 1000 0:00:09:43 0
172.17.2.4 44 up private1 biz-internet 10.33.0.1 150.44.0.1 12406 ipsec 7 1000 0:00:00:27 0
172.17.2.4 44 up biz-internet mpls 150.33.0.1 10.44.0.1 12426 ipsec 7 1000 0:00:00:09 0
172.17.2.4 44 up biz-internet biz-internet 150.33.0.1 150.44.0.1 12406 ipsec 7 1000 0:00:09:34 0

 

 

any idea why ? how do I fix it ?

 

0 Helpful
19 Replies 19

MHM Cisco World
VIP
VIP

‎07-31-2025 02:41 AM

172.17.1.5 102 up private1 mpls 10.33.0.1 10.102.0.1 12386 ipsec 7 1000 0:00:09:43 0
172.17.1.5 102 up biz-internet mpls 150.33.0.1 10.102.0.1 12386 ipsec 7 1000 0:00:00:09 0

172.17.1.5 <<- this remote Peer 

10.33.0.1 AND 150.33.0.1 <<- this your vedge3 WAN private IP 

10.102.0.1 <<- this public IP , i.e. this vedge3 is behind NAT 

confirm above ?

MHM

0 Helpful

shlomim
Level 1
Level 1
In response to MHM Cisco World

‎07-31-2025 02:45 AM

everything you wrote is right - except the NAT.

as part of POC - this is in a LAB environment - so there is no NAT, since it's lab - these are made up IP addresses, and I control both of the routers that represents the ISPs.

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎07-31-2025 02:46 AM

show omp route vpn <> | be PATH <<<- share this also 

MHM

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-05-2025 06:40 AM

This issue solved?

MHM

0 Helpful

shlomim
Level 1
Level 1
In response to MHM Cisco World

‎08-05-2025 06:52 AM

Hi,

thank you for your prompt response, unfortunately I couldn't response earlier.

the issue was not resolved.

here are the outputs:

NO DEFAULT ROUTE OUTPUTS:

 

vEdge3# show ip route bgp
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 1.1.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 8.8.8.8/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 10.11.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.22.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.33.0.0/30 bgp - - 10.33.0.2 - - - - I
0 10.44.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.101.1.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.102.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 100.100.100.100/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.33.0.0/30 bgp - - 150.33.0.2 - - - - I
0 150.44.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.101.2.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.102.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 169.255.101.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 169.255.101.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 169.255.201.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 169.255.201.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.11.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.11.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.22.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.22.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.100.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.100.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 200.200.200.200/32 bgp e ge0/0 150.33.0.2 - - - - F,S

vEdge3# show bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec) UPTIME TRANSITIONS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.17.1.111 1 up mpls custom1 10.33.0.1 150.11.1.0 12346 ipsec 7 1000 0:00:06:08 0
172.17.1.111 1 up mpls custom2 10.33.0.1 150.22.1.0 12406 ipsec 7 1000 0:00:03:12 1
172.17.1.111 1 up biz-internet custom1 150.33.0.1 150.11.1.0 12346 ipsec 7 1000 0:00:06:08 0
172.17.1.111 1 up biz-internet custom2 150.33.0.1 150.22.1.0 12406 ipsec 7 1000 0:00:03:12 3
172.17.1.222 1 up mpls custom1 10.33.0.1 150.11.2.0 12406 ipsec 7 1000 0:00:03:03 0
172.17.1.222 1 up mpls custom2 10.33.0.1 150.22.2.0 12426 ipsec 7 1000 0:00:03:00 0
172.17.1.222 1 up biz-internet custom1 150.33.0.1 150.11.2.0 12406 ipsec 7 1000 0:00:03:03 0
172.17.1.222 1 up biz-internet custom2 150.33.0.1 150.22.2.0 12426 ipsec 7 1000 0:00:03:00 0
172.17.2.4 44 up mpls mpls 10.33.0.1 10.44.0.1 12386 ipsec 7 1000 0:00:42:44 0
172.17.2.4 44 down mpls biz-internet 10.33.0.1 150.44.0.1 12406 ipsec 7 1000 NA 1
172.17.2.4 44 down biz-internet mpls 150.33.0.1 10.44.0.1 12386 ipsec 7 1000 NA 3
172.17.2.4 44 up biz-internet biz-internet 150.33.0.1 150.44.0.1 12406 ipsec 7 1000 0:00:42:44 0
172.17.2.6 102 down mpls biz-internet 10.33.0.1 150.102.0.1 12406 ipsec 7 1000 NA 1
172.17.2.6 102 up biz-internet biz-internet 150.33.0.1 150.102.0.1 12406 ipsec 7 1000 0:00:42:46 0
172.17.2.101 101 up mpls mpls 10.33.0.1 10.101.1.1 12346 ipsec 7 1000 0:00:42:49 0
172.17.2.101 101 down biz-internet mpls 150.33.0.1 10.101.1.1 12346 ipsec 7 1000 NA 2
172.17.2.102 101 down mpls biz-internet 10.33.0.1 150.101.2.1 12366 ipsec 7 1000 NA 1
172.17.2.102 101 up biz-internet biz-internet 150.33.0.1 150.101.2.1 12366 ipsec 7 1000 0:00:42:49 0

vEdge3# show omp tlocs | tab
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Stg -> staged
IA -> On-demand inactive
Inv -> invalid

PUBLIC PRIVATE
ADDRESS PSEUDO PUBLIC PRIVATE PUBLIC IPV6 PRIVATE IPV6 BFD
FAMILY TLOC IP COLOR ENCAP FROM PEER STATUS KEY PUBLIC IP PORT PRIVATE IP PORT IPV6 PORT IPV6 PORT STATUS REGION ID TO PEER
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ipv4 172.17.1.111 custom1 ipsec 172.17.1.2 C,I,R 1 150.11.1.0 12346 150.11.1.0 12346 :: 0 :: 0 up None
172.17.1.111 custom2 ipsec 172.17.1.2 C,I,R 1 150.22.1.0 12406 150.22.1.0 12406 :: 0 :: 0 up None
172.17.1.222 custom1 ipsec 172.17.1.2 C,I,R 1 150.11.2.0 12406 150.11.2.0 12406 :: 0 :: 0 up None
172.17.1.222 custom2 ipsec 172.17.1.2 C,I,R 1 150.22.2.0 12426 150.22.2.0 12426 :: 0 :: 0 up None
172.17.2.3 mpls ipsec 0.0.0.0 C,Red,R 1 10.33.0.1 12346 10.33.0.1 12346 :: 0 :: 0 up None 172.17.1.2
172.17.2.3 biz-internet ipsec 0.0.0.0 C,Red,R 1 150.33.0.1 12426 150.33.0.1 12426 :: 0 :: 0 up None 172.17.1.2
172.17.2.4 mpls ipsec 172.17.1.2 C,I,R 1 10.44.0.1 12386 10.44.0.1 12386 :: 0 :: 0 up None
172.17.2.4 biz-internet ipsec 172.17.1.2 C,I,R 1 150.44.0.1 12406 150.44.0.1 12406 :: 0 :: 0 up None
172.17.2.6 biz-internet ipsec 172.17.1.2 C,I,R 1 150.102.0.1 12406 150.102.0.1 12406 :: 0 :: 0 up None
172.17.2.101 mpls ipsec 172.17.1.2 C,I,R 1 10.101.1.1 12346 10.101.1.1 12346 :: 0 :: 0 up None
172.17.2.102 biz-internet ipsec 172.17.1.2 C,I,R 1 150.101.2.1 12366 150.101.2.1 12366 :: 0 :: 0 up None

about the output you've requested I wasn't sure what exactly to provide because of the following -

vEdge3# show omp route vpn <> | be PATH
-----------------------^

I've tried with VPN 0:

vEdge3# show omp routes vpn 0
show omp routes-table family ipv4 received-entries vpn 0 *
-----------------------------------------------------------^
syntax error: unknown argument
Error executing command: CLI command error -

 

I've tried with vpn1 -

vEdge3# show omp routes vpn 1 | be PATH | nom
vEdge3#

 

I can provide for example show omp routes vpn 1 | tab

would that help ?

0 Helpful

MHM Cisco World
VIP
VIP
In response to shlomim

‎08-05-2025 06:57 AM

Vpn 0 not necessary since vpn0 is for transparent not for service 

Vpn 1 <<- shwo omp routes vpn 1 

0 Helpful

shlomim
Level 1
Level 1
In response to MHM Cisco World

‎08-05-2025 07:33 AM

vEdge3# show omp routes vpn 1

---------------------------------------------------
omp route entries for vpn 1 route 0.0.0.0/0
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 99
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 103
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 110
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 111
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 1.1.1.1/32
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 99
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 103
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 110
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 111
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 4.4.4.4/32
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 99
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto OSPF-external-2
origin-metric 20
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 103
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto OSPF-external-2
origin-metric 20
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 112
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto OSPF-external-2
origin-metric 20
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 113
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto OSPF-external-2
origin-metric 20
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 9.9.9.9/32
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 99
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 103
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 112
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 113
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto eBGP
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 10.9.9.0/24
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 103
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 107
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 116
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 117
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 10.10.10.0/24
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 103
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 107
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.111
type installed
tloc 172.17.1.111, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 116
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom1, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 117
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.1.222
type installed
tloc 172.17.1.222, custom2, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 1
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 192.168.33.0/24
---------------------------------------------------
RECEIVED FROM:
peer 0.0.0.0
path-id 66
label 1005
status C,Red,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.3
type installed
tloc 172.17.2.3, mpls, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 33
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 0.0.0.0
path-id 68
label 1005
status C,Red,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.3
type installed
tloc 172.17.2.3, biz-internet, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 33
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 192.168.44.0/24
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 25
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.4
type installed
tloc 172.17.2.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 44
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 26
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.4
type installed
tloc 172.17.2.4, biz-internet, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 44
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 192.168.101.0/24
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 55
label 1003
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.101
type installed
tloc 172.17.2.101, mpls, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 101
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
RECEIVED FROM:
peer 172.17.1.2
path-id 56
label 1003
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.102
type installed
tloc 172.17.2.102, biz-internet, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 101
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set

---------------------------------------------------
omp route entries for vpn 1 route 192.168.102.0/24
---------------------------------------------------
RECEIVED FROM:
peer 172.17.1.2
path-id 32
label 1005
status C,I,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 172.17.2.6
type installed
tloc 172.17.2.6, biz-internet, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 102
region-id None
region-path not set
affinity-group None
route-reoriginator not set
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
community not set
unknown-attr-len not set
vEdge3#

0 Helpful

MHM Cisco World
VIP
VIP

‎08-05-2025 07:44 AM 

show ip route vpn 0 <<- last one this also
0 Helpful

shlomim
Level 1
Level 1
In response to MHM Cisco World

‎08-05-2025 07:47 AM

vEdge3# show ip route vpn 0
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 1.1.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 8.8.8.8/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 10.11.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.22.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.33.0.0/30 bgp - - 10.33.0.2 - - - - I
0 10.33.0.0/30 connected - ge0/1 - - - - - F,S
0 10.44.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.101.1.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.102.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 100.100.100.100/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.33.0.0/30 bgp - - 150.33.0.2 - - - - I
0 150.33.0.0/30 connected - ge0/0 - - - - - F,S
0 150.44.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.101.2.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.102.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 169.255.101.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 169.255.101.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 169.255.201.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 169.255.201.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 172.17.2.3/32 connected - system - - - - - F,S
0 192.168.11.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.11.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.22.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.22.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.100.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.100.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 200.200.200.200/32 bgp e ge0/0 150.33.0.2 - - - - F,S

vEdge3#

0 Helpful

MHM Cisco World
VIP
VIP
In response to shlomim

‎08-05-2025 07:59 AM

show ip route vpn 1 
show ip route vpn 0 
share both 
also how you config BGP under VPN 0 ?

MHM

0 Helpful

shlomim
Level 1
Level 1
In response to MHM Cisco World

‎08-05-2025 08:02 AM

vEdge3# show ip route vpn 1
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
1 0.0.0.0/0 omp - - - - 172.17.1.111 custom1 ipsec F,S
1 0.0.0.0/0 omp - - - - 172.17.1.111 custom2 ipsec F,S
1 0.0.0.0/0 omp - - - - 172.17.1.222 custom1 ipsec F,S
1 0.0.0.0/0 omp - - - - 172.17.1.222 custom2 ipsec F,S
1 1.1.1.1/32 omp - - - - 172.17.1.111 custom1 ipsec F,S
1 1.1.1.1/32 omp - - - - 172.17.1.111 custom2 ipsec F,S
1 1.1.1.1/32 omp - - - - 172.17.1.222 custom1 ipsec F,S
1 1.1.1.1/32 omp - - - - 172.17.1.222 custom2 ipsec F,S
1 4.4.4.4/32 omp - - - - 172.17.1.111 custom1 ipsec F,S
1 4.4.4.4/32 omp - - - - 172.17.1.111 custom2 ipsec F,S
1 4.4.4.4/32 omp - - - - 172.17.1.222 custom1 ipsec F,S
1 4.4.4.4/32 omp - - - - 172.17.1.222 custom2 ipsec F,S
1 9.9.9.9/32 omp - - - - 172.17.1.111 custom1 ipsec F,S
1 9.9.9.9/32 omp - - - - 172.17.1.111 custom2 ipsec F,S
1 9.9.9.9/32 omp - - - - 172.17.1.222 custom1 ipsec F,S
1 9.9.9.9/32 omp - - - - 172.17.1.222 custom2 ipsec F,S
1 10.9.9.0/24 omp - - - - 172.17.1.111 custom1 ipsec F,S
1 10.9.9.0/24 omp - - - - 172.17.1.111 custom2 ipsec F,S
1 10.9.9.0/24 omp - - - - 172.17.1.222 custom1 ipsec F,S
1 10.9.9.0/24 omp - - - - 172.17.1.222 custom2 ipsec F,S
1 10.10.10.0/24 omp - - - - 172.17.1.111 custom1 ipsec F,S
1 10.10.10.0/24 omp - - - - 172.17.1.111 custom2 ipsec F,S
1 10.10.10.0/24 omp - - - - 172.17.1.222 custom1 ipsec F,S
1 10.10.10.0/24 omp - - - - 172.17.1.222 custom2 ipsec F,S
1 192.168.33.0/24 connected - ge0/2 - - - - - F,S
1 192.168.44.0/24 omp - - - - 172.17.2.4 mpls ipsec F,S
1 192.168.44.0/24 omp - - - - 172.17.2.4 biz-internet ipsec F,S
1 192.168.101.0/24 omp - - - - 172.17.2.101 mpls ipsec F,S
1 192.168.101.0/24 omp - - - - 172.17.2.102 biz-internet ipsec F,S
1 192.168.102.0/24 omp - - - - 172.17.2.6 biz-internet ipsec F,S

vEdge3# show ip route vpn 0
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive, L -> import

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 1.1.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 8.8.8.8/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 10.11.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.22.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.33.0.0/30 bgp - - 10.33.0.2 - - - - I
0 10.33.0.0/30 connected - ge0/1 - - - - - F,S
0 10.44.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.101.1.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 10.102.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 100.100.100.100/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.1.1.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.2.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.33.0.0/30 bgp - - 150.33.0.2 - - - - I
0 150.33.0.0/30 connected - ge0/0 - - - - - F,S
0 150.44.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.101.2.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.102.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.1/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.2/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.255.1.254/32 bgp e ge0/0 150.33.0.2 - - - - F,S
0 169.255.101.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 169.255.101.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 169.255.201.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 169.255.201.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 172.17.2.3/32 connected - system - - - - - F,S
0 192.168.11.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.11.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.22.0/24 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.22.0/24 bgp e ge0/0 150.33.0.2 - - - - F,S
0 192.168.100.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S
0 192.168.100.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 200.200.200.200/32 bgp e ge0/0 150.33.0.2 - - - - F,S

vEdge3# show run vpn 0
vpn 0
router
bgp 12345
best-path
as-path multipath-relax
!
address-family ipv4-unicast
maximum-paths paths 4
!
neighbor 10.33.0.2
no shutdown
remote-as 100
!
neighbor 150.33.0.2
no shutdown
remote-as 200
!
!
!
interface ge0/0
ip address 150.33.0.1/30
nat
!
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.33.0.1/30
nat
!
tunnel-interface
encapsulation ipsec
color mpls
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
!
vEdge3#

0 Helpful

MHM Cisco World
VIP
VIP

‎08-06-2025 10:12 AM

172.17.1.111 1 up mpls custom1 10.33.0.1 150.11.1.0 12346 ipsec 7 1000 0:00:06:08 0
172.17.1.111 1 up mpls custom2 10.33.0.1 150.22.1.0 12406 ipsec 7 1000 0:00:03:12 1
172.17.1.111 1 up biz-internet custom1 150.33.0.1 150.11.1.0 12346 ipsec 7 1000 0:00:06:08 0
172.17.1.111 1 up biz-internet custom2 150.33.0.1 150.22.1.0 12406 ipsec 7 1000 0:00:03:12 3

172.17.2.4 44 up mpls mpls 10.33.0.1 10.44.0.1 12386 ipsec 7 1000 0:00:42:44 0
172.17.2.4 44 down mpls biz-internet 10.33.0.1 150.44.0.1 12406 ipsec 7 1000 NA 1
172.17.2.4 44 down biz-internet mpls 150.33.0.1 10.44.0.1 12386 ipsec 7 1000 NA 3
172.17.2.4 44 up biz-internet biz-internet 150.33.0.1 150.44.0.1 12406 ipsec 7 1000 0:00:42:44 0


0 150.11.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.11.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S

0 150.22.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/1 10.33.0.2 - - - - F,S
0 150.22.1.0/31 bgp e ge0/0 150.33.0.2 - - - - F,S

0 150.44.0.0/30 bgp e ge0/0 150.33.0.2 - - - - F,S
0 10.44.0.0/30 bgp e ge0/1 10.33.0.2 - - - - F,S

 

 172.17.1.111 <<- this vedge is OK we get full mesh four path between two vedge

172.17.2.4 44 <<- this not OK

what different 
in .111 vedge the route is learn from both VPN0 interface 
in .44 vedge the route is learn from only single VPN0 interface 

one rule you need to remember to build data tunnel the vedge use egress interface for one color, i.e. ge0/0 is for mpls it can not use also for interface color even if the remote vedge is reach via g0/0

so let check why this vedge not advertise the prefix to both interface?

MHM

0 Helpful

shlomim
Level 1
Level 1
In response to MHM Cisco World

‎08-07-2025 02:43 AM

yes - that's the main issue - .44 and .33 (the one we have the outputs from) are both vEdge Cloud 20.9.3.1

both are connected with DUAL WAN - to router simulated 1 ISP and to another router simulated 2nd ISP.

when I advertise to .33 and .44 default route via both ISPs the tunnels go up - when I advertise the specific routes - they do not.

which outputs would you require ?

MHM Cisco World
VIP
VIP
In response to shlomim

‎08-07-2025 03:11 AM

can I see topology 
MHM

0 Helpful
Customers Also Viewed These Support Documents