Re: IOS-XE SD-WAN TLOC Extension

msizi.mthembu · ‎01-22-2023

Hello,

I am having difficulties completing my TLOC-extension setup on my two IOS-XE devices in a lab. My control connections are up, but my bfd sessions are not coming up. My two routers are connecting to the ISP over the internet links, one on each router with colors biz-internet and custom1 with eBGP as the protocol of choice with both routers receiving default routes over the eBGP sessions. Please see the attached network diagram for some details.

Control connections on R01

Control connections on R02

BFD sessions not coming UP on both cEdge routers.

I suspect the issue to be the static default routes over the tloc p2p links. As soon as I remove the static default routes my tloc-ext transport obviously goes down but bfd sessions come up for the router-native transports. I need some assistance to get this working.

Thanks,

Msizi

jogurdia · ‎01-26-2023

Hi Msizi,

Can you please share the configurations for interfaces Gig3 and Gig4 on both routers as well as tloc-ext configs.

Regards,

Johan Gurdian

msizi.mthembu · ‎01-28-2023

Hi Johan,

Thanks for the response. Please find the interface and tloc-ext configs attached.

Regards,

Msizi

jogurdia · ‎01-29-2023

Hi Msizi,

You are learning default routes from ISPs over eBGP for the native WAN interfaces and then you configure static default routes for tloc-ext which overwrites the default routes from eBGP as it has a lower Administrative Distance. You may want to add another static route for the IPSs so you have both tlox-ext and ISP default routes via Static.

Regards,

Johan Gurdian

Rps-Cheers · ‎01-29-2023

Are you sure you are reachable to the opposite end, right?

Can you provide output like below

#show sdwan run

#sho sdwan control local-properties

#sho sdwan bfd tloc-summary-list

#show sdwan bfd history

#sho sdwan tunnel statistics bfd

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

msizi.mthembu · ‎01-29-2023

Hi Rps-Cheers,

I've attached the outputs. And yes the two routers can reach each other over the tloc-ext p2p interfaces.

LAB-IDA-RTR-02#ping 10.10.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/4 ms
LAB-IDA-RTR-02#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
LAB-IDA-RTR-02#

Rps-Cheers · ‎01-29-2023

hostname LAB-IDA-RTR-01

ip route 0.0.0.0 0.0.0.0 10.10.20.2 <<<<<<<<<<<<< default route only for Gi3
!
interface GigabitEthernet1
 description IPT
 no shutdown
 ip address 192.1.231.1 255.255.255.252
 no mop enabled
 no mop sysid
 negotiation auto
exit
!
interface GigabitEthernet3
 description TLOC through RTR-02
 no shutdown
 ip address 10.10.20.1 255.255.255.252
 no mop enabled
 no mop sysid
 negotiation auto
exit

hostname LAB-IDA-RTR-02

ip route 0.0.0.0 0.0.0.0 10.10.10.1 <<<<<<<<<default route for Gi4
!
interface GigabitEthernet2
 description IPT
 no shutdown
 ip address 192.2.231.1 255.255.255.252
 no mop enabled
 no mop sysid
 negotiation auto
exit
!
interface GigabitEthernet4
 description TLOC through RTR-01
 no shutdown
 ip address 10.10.10.2 255.255.255.252
 no mop enabled
 no mop sysid
 negotiation auto
exit
!
sdwan
 interface GigabitEthernet1 <<<<<<<<<According to the topology, should this be Gi4? 
  tloc-extension GigabitEthernet2
 exit

I feel that there seems to be a problem with your configuration. The topology interface is not clearly marked, and there are two Gi4 interfaces. In addition, if it is a static route, each device lacks a static route. The next hop is the peer tloc extension interface ip.

As shown below, this interface does not see any outgoing default route, so there is no BFD statistics information exchanged on it.

tunnel stats ipsec 192.2.231.1 192.1.233.2 12406 12386
 bfd-echo-tx-pkts   0
 bfd-echo-rx-pkts   0
 bfd-echo-tx-octets 0
 bfd-echo-rx-octets 0
 bfd-pmtu-tx-pkts   0
 bfd-pmtu-rx-pkts   0
 bfd-pmtu-tx-octets 0
 bfd-pmtu-rx-octets 0
tunnel stats ipsec 192.2.231.1 192.1.237.1 12406 12426
 bfd-echo-tx-pkts   0
 bfd-echo-rx-pkts   0
 bfd-echo-tx-octets 0
 bfd-echo-rx-octets 0
 bfd-pmtu-tx-pkts   0
 bfd-pmtu-rx-pkts   0
 bfd-pmtu-tx-octets 0
 bfd-pmtu-rx-octets 0

hope this works！

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

husseino · ‎01-29-2023

This is basic routing issue. There are few things you need to do here:

You need to configure the static route with higher admin distance than the one received from eBGP, i.e admin distance above 20. This way, the default routing will prefer the eBGP route as long as it is available in the routing table and fall-back to TLOC-ext for internet when the local connection fails.
Under bgp configuration you have "two" redistribute connected statement, remove the one without route-map as this is advertising both subnets (see photo attached)