cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2288
Views
5
Helpful
4
Replies

How to troubleshoot TLOC/ Tunnel connection

Ha Dao
Level 1
Level 1

HI guys

I have a SD-WAN Lab as bellow:

Now the tunel MPLS is down between 2 sites. Although It was up before. Can someone help me to troubleshoot:

sd-wan-1.JPG

At DC I don't have vEdge, so I consider DC as a LAN of SITE2

SITE 2 don't have directly MPLS line, but It can connect to MPLS hubs via DC

That 's why I have 2 connections between R9 and vEdge2:

  10.100.12.0/24 for LANs connections

  10.200.12.0/24 for vEdge2 MPLS connection

 

MPLS network doesn't have connection to orchestrator network. At the beginning I use command "no control-connections" on both edges:

vEdge1:

interface ge0/1
ip address 10.113.0.11/24
tunnel-interface
encapsulation ipsec
color mpls
no control-connections

 

vEdge2:

interface ge0/1
ip address 10.200.12.12/24
tunnel-interface
encapsulation ipsec
color mpls
no control-connections

 

vEdge2# ping vpn 0 10.113.0.11 source 10.200.12.12

Ping in VPN 0 PING 10.113.0.11 (10.113.0.11) from 10.200.12.12 : 56(84) bytes of data. 64 bytes

from 10.113.0.11: icmp_seq=1 ttl=62 time=49.8 ms 64 bytes

from 10.113.0.11: icmp_seq=2 ttl=62 time=48.6 ms 64 bytes

from 10.113.0.11: icmp_seq=3 ttl=62 time=41.3 ms

 

I can ping via MPLS connections but it is down now:

 

vEdge1# show ip routes
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 0.0.0.0/0 static - ge0/0 20.20.21.10 - - - - F,S
0 10.100.1.0/24 static - ge0/1 10.113.0.1 - - - - F,S
0 10.113.0.0/24 connected - ge0/1 - - - - - F,S
0 10.200.12.0/24 static - ge0/1 10.113.0.1 - - - - F,S
0 11.11.11.11/32 connected - system - - - - - F,S
0 20.20.21.0/24 connected - ge0/0 - - - - - F,S
11 10.100.5.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
11 10.100.12.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
11 10.115.0.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
11 10.226.0.0/24 connected - ge0/2 - - - - - F,S

sd-wan-2.JPG

1 Accepted Solution

Accepted Solutions

Understood....Based on outputs, MPLS interfaces are not considered valid TLOC even in local router itself.

So, vSmart doesnt see them and of course doesnt advertise to other routers.

 

"no control connections" is deprecated command, try to use " max-control-connections 0" so without vsmart-controller connectivity interface will be valid TLOC.

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

4 Replies 4

HI,

 

give outputs from both routers:

 

show bfd session

sh omp tlocs

sh omp tloc-paths

 

and from vsmart:

sh omp tlocs

sh omp tloc-paths

 

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Hi   Kanan Huseynli , I send you all output:

 

vEdge1# show omp tloc-paths
tloc-paths entries 11.11.11.11 biz-internet ipsec
tloc-paths entries 12.12.12.12 biz-internet ipsec

 

vEdge2# show omp tloc-paths
tloc-paths entries 11.11.11.11 biz-internet ipsec
tloc-paths entries 12.12.12.12 biz-internet ipsec

 

vSmart# show omp tloc-paths
tloc-paths entries 11.11.11.11 biz-internet ipsec
tloc-paths entries 12.12.12.12 biz-internet ipsec

 

 

show-bfd.JPG

 

Understood....Based on outputs, MPLS interfaces are not considered valid TLOC even in local router itself.

So, vSmart doesnt see them and of course doesnt advertise to other routers.

 

"no control connections" is deprecated command, try to use " max-control-connections 0" so without vsmart-controller connectivity interface will be valid TLOC.

 

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Oh my god, It really work now, tks you so much. It s a magic......

 

vEdge2# show ip routes
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 0.0.0.0/0 static - ge0/0 20.20.22.10 - - - - F,S
0 10.113.0.0/24 static - ge0/1 10.200.12.1 - - - - F,S
0 10.200.12.0/24 connected - ge0/1 - - - - - F,S
0 12.12.12.12/32 connected - system - - - - - F,S
0 20.20.22.0/24 connected - ge0/0 - - - - - F,S
11 10.100.5.0/24 static - ge0/3 10.100.12.1 - - - - F,S
11 10.100.12.0/24 connected - ge0/3 - - - - - F,S
11 10.115.0.0/24 connected - ge0/2 - - - - - F,S
11 10.226.0.0/24 omp - - - - 11.11.11.11 mpls ipsec F,S
11 10.226.0.0/24 omp - - - - 11.11.11.11 biz-internet ipsec F,S

Review Cisco Networking for a $25 gift card