Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
15
Helpful
12
Replies

omp peer cannot be seen

Go to solution
interfacedy
Spotlight
Spotlight

‎06-18-2022 08:28 PM

Hi Three vedges are fully connected and can ping each other. Device template are attached to each vedges successfully. But peer can not be seen. Please see the below. Anyone can share some experience or some suggestion? Thank you!

 

1.PNG

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee

‎06-18-2022 10:28 PM

Hi,

Edge (v/c) devices form OMP Peer with vSmart(s) ONLY.
They don't form between them.

Based on the output you shared, vEdge3 has OMP Peer State UP with 10.0.0.3
It all looks good.

Hope it clarifies.

View solution in original post

Go to solution
Adrian Jimenez
Cisco Employee
Cisco Employee
In response to interfacedy

‎06-20-2022 04:31 PM

There you go! The site-ids are the same for both routers so they won't build BFD tunnels. You don't see OMP information either because the OMP routes that were advertised from the Edges to vSmart are all for site-id 200 so they won't "pull" information from its own site, makes sense?

 

vEdge3# show running-config
system
host-name vEdge3
system-ip 10.0.1.3
site-id 300 <<<<< Proposed change

 

I think that was the last piece of your puzzle, let me know how that change goes!

AJ

View solution in original post

0 Helpful
12 Replies 12

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee

‎06-18-2022 10:28 PM

Hi,

Edge (v/c) devices form OMP Peer with vSmart(s) ONLY.
They don't form between them.

Based on the output you shared, vEdge3 has OMP Peer State UP with 10.0.0.3
It all looks good.

Hope it clarifies.

Go to solution
interfacedy
Spotlight
Spotlight

‎06-19-2022 09:20 AM

svemulap@cisco.com Hi svemulap, Thank you for your reply. The reason that I asked the question is because the user behind vEdge1 cannot ping the user behind vEdge2. so that I am trying to confirm their relation is setup correctly. I think you are right that the omp peer should not be seen at this situation. but when show ipsec outbound-connections, it has nothing there. and show ip route, it does not show omp route. 

0 Helpful

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to interfacedy

‎06-19-2022 10:23 AM

hi interfacedy,

This is then a different problem.

Couple of things to note:
OMP Peering is between (v/c) Edge devices and vSmart(s)
Think of OMP == BGP

Now coming back to your problem:
- Check if each edge device is advertising the local prefixes to vSmart
- By default - vSmart reflects the info (routes etc) to other edge devices
- Based on this: Data plane will be formed directly between edge devices .. aka BFD sessions
- You can verify it via 'show bfd sessions'
- Once the above is all confirmed, it guarantees, a direct connection between edge devices
- Some other useful commands:
------ show omp routes
------ show ip route

Hope the above steps help you to narrow down the issue / resolve.

Go to solution
interfacedy
Spotlight
Spotlight

‎06-19-2022 01:14 PM

svemulap@cisco.com Thanks for your nice explanation.

vSmart can see omp peers, and omp route can be seen at vsmart. but "show bfd sessions", "show ipsec outbound-connections" at vedge  show nothing. Looks like the tunnel between them has not been setup, Can I say it like that? 

 

vSmart1# show omp peers
R -> routes received
I -> routes installed
S -> routes sent

                         DOMAIN    OVERLAY   SITE
PEER             TYPE    ID        ID        ID        STATE    UPTIME           R/I/S
------------------------------------------------------------------------------------------
10.0.1.1         vedge   1         1         200       up       0:03:37:31       2/0/4
10.0.1.2         vedge   1         1         200       up       0:17:45:28       2/0/4
10.0.1.3         vedge   1         1         200       up       0:18:34:15       2/0/4

 

0 Helpful

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to interfacedy

‎06-19-2022 01:25 PM

hi interfacedy,

Check the same on the Edge devices too. (show omp / show ip route)
Also, verify, that you have BFD sessions between the sites.

You may want to check the SD-WAN design guide for in-depth / overall on how the solution works.
More specifically, data-pane and SD-WAN Routing sections.
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html

Go to solution
Adrian Jimenez
Cisco Employee
Cisco Employee
In response to svemulap@cisco.com

‎06-19-2022 08:33 PM

There may be a couple reasons why control is up but no data plane. You want to make sure your Edges are in “valid” state (Configuration > Certificates). Having different color TLOCs and the “restrict” option prevents tunnels from coming up too so that can be another possibility. Mind sharing a show run vpn 0 from both Edges that are not building BFD tunnels? 
AJ

0 Helpful

Go to solution
interfacedy
Spotlight
Spotlight

‎06-19-2022 08:53 PM - edited ‎06-19-2022 09:00 PM

Thanks for your reply

Please see the below:

vedge2# show run vpn 0
vpn 0
interface ge0/0
ip address 10.0.20.2/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.2/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vedge2#

 


vEdge-1# show running-config vpn 0
vpn 0
interface ge0/0
ip address 10.0.20.1/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.1/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vEdge-1#

 

The below is someone's show ip route, which is normal and work well. But mine does not have the last route. Do not know why it does not have it.

 

1.PNG

 

Below is what I can see in my vedge. It does not have route which is from other vedge:

2.PNG

 

 

 

0 Helpful

Go to solution
Adrian Jimenez
Cisco Employee
Cisco Employee
In response to interfacedy

‎06-20-2022 11:01 AM

Hmm ok, we'll have to take a deeper look. Any chance you can attach a full show run on both edges? The other thing that comes to mind is both edges running with the same site-id. You can check this with a "show run system".

AJ

0 Helpful

Go to solution
interfacedy
Spotlight
Spotlight

‎06-20-2022 04:20 PM - edited ‎06-20-2022 04:24 PM

@Adrian Jimenez Thank you for your suggestion! Please see the below. Thanks

 

vedge2# show running-config
system
host-name vedge2
system-ip 10.0.1.2
site-id 200
admin-tech-on-failure
no route-consistency-check
no vrrp-advt-with-phymac
sp-organization-name sxxxx
organization-name sxxxx
vbond 10.0.100.62
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C
!
ciscotacro-user true
ciscotacrw-user true
!
logging
disk
enable
!
!
ntp
parent
no enable
stratum 5
exit
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
!
vpn 0
interface ge0/0
ip address 10.0.20.2/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.2/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vpn 10
interface ge0/2
ip address 10.2.0.254/24
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
omp
advertise connected
!
!
vpn 512
interface eth0
shutdown
!

-----------------------------------------

vEdge3# show running-config
system
host-name vEdge3
system-ip 10.0.1.3
site-id 200
admin-tech-on-failure
no route-consistency-check
no vrrp-advt-with-phymac
sp-organization-name sxxxx
organization-name sxxxx
vbond 10.0.100.62
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRa
!
ciscotacro-user true
ciscotacrw-user true
!
logging
disk
enable
!
!
ntp
parent
no enable
stratum 5
exit
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
!
vpn 0
interface ge0/0
ip address 10.0.20.3/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.3/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vpn 10
interface ge0/2
ip address 10.3.0.254/24
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
omp
advertise connected
!
!
vpn 512
interface eth0
shutdown
!
!

0 Helpful

Go to solution
Adrian Jimenez
Cisco Employee
Cisco Employee
In response to interfacedy

‎06-20-2022 04:31 PM

There you go! The site-ids are the same for both routers so they won't build BFD tunnels. You don't see OMP information either because the OMP routes that were advertised from the Edges to vSmart are all for site-id 200 so they won't "pull" information from its own site, makes sense?

 

vEdge3# show running-config
system
host-name vEdge3
system-ip 10.0.1.3
site-id 300 <<<<< Proposed change

 

I think that was the last piece of your puzzle, let me know how that change goes!

AJ

0 Helpful

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to interfacedy

‎06-20-2022 06:14 PM

You have the same site-ID on all the devices. Adrian has mentioned the same in the other posting.
Typically, same site-ID is used if the Edge devices are in a same location / branch site.
Think of like a dual Edge site. Also, you have a similar dual Edge devices at the data center.

More Information from the design Guide:
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html?dtid=osscdc000283#SiteID

HTH, to close the loop on your issue.
0 Helpful

Go to solution
interfacedy
Spotlight
Spotlight

‎06-20-2022 06:05 PM

Great! It can work after changing site-id. Thank you very much!

0 Helpful
Customers Also Viewed These Support Documents