Solved: Re: How to troubleshoot TLOC/ Tunnel connection

Ha Dao · ‎10-20-2021

HI guys

I have a SD-WAN Lab as bellow:

Now the tunel MPLS is down between 2 sites. Although It was up before. Can someone help me to troubleshoot:

At DC I don't have vEdge, so I consider DC as a LAN of SITE2

SITE 2 don't have directly MPLS line, but It can connect to MPLS hubs via DC

That 's why I have 2 connections between R9 and vEdge2:

10.100.12.0/24 for LANs connections

10.200.12.0/24 for vEdge2 MPLS connection

MPLS network doesn't have connection to orchestrator network. At the beginning I use command "no control-connections" on both edges:

vEdge1:

interface ge0/1
ip address 10.113.0.11/24
tunnel-interface
encapsulation ipsec
color mpls
no control-connections

vEdge2:

interface ge0/1
ip address 10.200.12.12/24
tunnel-interface
encapsulation ipsec
color mpls
no control-connections

vEdge2# ping vpn 0 10.113.0.11 source 10.200.12.12

Ping in VPN 0 PING 10.113.0.11 (10.113.0.11) from 10.200.12.12 : 56(84) bytes of data. 64 bytes

from 10.113.0.11: icmp_seq=1 ttl=62 time=49.8 ms 64 bytes

from 10.113.0.11: icmp_seq=2 ttl=62 time=48.6 ms 64 bytes

from 10.113.0.11: icmp_seq=3 ttl=62 time=41.3 ms

I can ping via MPLS connections but it is down now:

vEdge1# show ip routes
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 0.0.0.0/0 static - ge0/0 20.20.21.10 - - - - F,S
0 10.100.1.0/24 static - ge0/1 10.113.0.1 - - - - F,S
0 10.113.0.0/24 connected - ge0/1 - - - - - F,S
0 10.200.12.0/24 static - ge0/1 10.113.0.1 - - - - F,S
0 11.11.11.11/32 connected - system - - - - - F,S
0 20.20.21.0/24 connected - ge0/0 - - - - - F,S
11 10.100.5.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
11 10.100.12.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
11 10.115.0.0/24 omp - - - - 12.12.12.12 biz-internet ipsec F,S
11 10.226.0.0/24 connected - ge0/2 - - - - - F,S

Kanan Huseynli · ‎10-21-2021

Understood....Based on outputs, MPLS interfaces are not considered valid TLOC even in local router itself.

So, vSmart doesnt see them and of course doesnt advertise to other routers.

"no control connections" is deprecated command, try to use " max-control-connections 0" so without vsmart-controller connectivity interface will be valid TLOC.

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

Kanan Huseynli · ‎10-21-2021

HI,

give outputs from both routers:

show bfd session

sh omp tlocs

sh omp tloc-paths

and from vsmart:

sh omp tlocs

sh omp tloc-paths

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Ha Dao · ‎10-21-2021

Hi Kanan Huseynli , I send you all output:

vEdge1# show omp tloc-paths
tloc-paths entries 11.11.11.11 biz-internet ipsec
tloc-paths entries 12.12.12.12 biz-internet ipsec

vEdge2# show omp tloc-paths
tloc-paths entries 11.11.11.11 biz-internet ipsec
tloc-paths entries 12.12.12.12 biz-internet ipsec

vSmart# show omp tloc-paths
tloc-paths entries 11.11.11.11 biz-internet ipsec
tloc-paths entries 12.12.12.12 biz-internet ipsec

Kanan Huseynli · ‎10-21-2021

Understood....Based on outputs, MPLS interfaces are not considered valid TLOC even in local router itself.

So, vSmart doesnt see them and of course doesnt advertise to other routers.

"no control connections" is deprecated command, try to use " max-control-connections 0" so without vsmart-controller connectivity interface will be valid TLOC.

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Ha Dao · ‎10-21-2021

Oh my god, It really work now, tks you so much. It s a magic......

vEdge2# show ip routes
Codes Proto-sub-type:
IA -> ospf-intra-area, IE -> ospf-inter-area,
E1 -> ospf-external1, E2 -> ospf-external2,
N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
e -> bgp-external, i -> bgp-internal
Codes Status flags:
F -> fib, S -> selected, I -> inactive,
B -> blackhole, R -> recursive

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 0.0.0.0/0 static - ge0/0 20.20.22.10 - - - - F,S
0 10.113.0.0/24 static - ge0/1 10.200.12.1 - - - - F,S
0 10.200.12.0/24 connected - ge0/1 - - - - - F,S
0 12.12.12.12/32 connected - system - - - - - F,S
0 20.20.22.0/24 connected - ge0/0 - - - - - F,S
11 10.100.5.0/24 static - ge0/3 10.100.12.1 - - - - F,S
11 10.100.12.0/24 connected - ge0/3 - - - - - F,S
11 10.115.0.0/24 connected - ge0/2 - - - - - F,S
11 10.226.0.0/24 omp - - - - 11.11.11.11 mpls ipsec F,S
11 10.226.0.0/24 omp - - - - 11.11.11.11 biz-internet ipsec F,S