06-18-2022 08:28 PM
Hi Three vedges are fully connected and can ping each other. Device template are attached to each vedges successfully. But peer can not be seen. Please see the below. Anyone can share some experience or some suggestion? Thank you!
Solved! Go to Solution.
06-18-2022 10:28 PM
06-20-2022 04:31 PM
There you go! The site-ids are the same for both routers so they won't build BFD tunnels. You don't see OMP information either because the OMP routes that were advertised from the Edges to vSmart are all for site-id 200 so they won't "pull" information from its own site, makes sense?
vEdge3# show running-config
system
host-name vEdge3
system-ip 10.0.1.3
site-id 300 <<<<< Proposed change
I think that was the last piece of your puzzle, let me know how that change goes!
AJ
06-18-2022 10:28 PM
06-19-2022 09:20 AM
svemulap@cisco.com Hi svemulap, Thank you for your reply. The reason that I asked the question is because the user behind vEdge1 cannot ping the user behind vEdge2. so that I am trying to confirm their relation is setup correctly. I think you are right that the omp peer should not be seen at this situation. but when show ipsec outbound-connections, it has nothing there. and show ip route, it does not show omp route.
06-19-2022 10:23 AM
06-19-2022 01:14 PM
svemulap@cisco.com Thanks for your nice explanation.
vSmart can see omp peers, and omp route can be seen at vsmart. but "show bfd sessions", "show ipsec outbound-connections" at vedge show nothing. Looks like the tunnel between them has not been setup, Can I say it like that?
vSmart1# show omp peers R -> routes received I -> routes installed S -> routes sent DOMAIN OVERLAY SITE PEER TYPE ID ID ID STATE UPTIME R/I/S ------------------------------------------------------------------------------------------ 10.0.1.1 vedge 1 1 200 up 0:03:37:31 2/0/4 10.0.1.2 vedge 1 1 200 up 0:17:45:28 2/0/4 10.0.1.3 vedge 1 1 200 up 0:18:34:15 2/0/4
06-19-2022 01:25 PM
06-19-2022 08:33 PM
There may be a couple reasons why control is up but no data plane. You want to make sure your Edges are in “valid” state (Configuration > Certificates). Having different color TLOCs and the “restrict” option prevents tunnels from coming up too so that can be another possibility. Mind sharing a show run vpn 0 from both Edges that are not building BFD tunnels?
AJ
06-19-2022 08:53 PM - edited 06-19-2022 09:00 PM
Thanks for your reply
Please see the below:
vedge2# show run vpn 0
vpn 0
interface ge0/0
ip address 10.0.20.2/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.2/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vedge2#
vEdge-1# show running-config vpn 0
vpn 0
interface ge0/0
ip address 10.0.20.1/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.1/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vEdge-1#
The below is someone's show ip route, which is normal and work well. But mine does not have the last route. Do not know why it does not have it.
Below is what I can see in my vedge. It does not have route which is from other vedge:
06-20-2022 11:01 AM
Hmm ok, we'll have to take a deeper look. Any chance you can attach a full show run on both edges? The other thing that comes to mind is both edges running with the same site-id. You can check this with a "show run system".
AJ
06-20-2022 04:20 PM - edited 06-20-2022 04:24 PM
@Adrian Jimenez Thank you for your suggestion! Please see the below. Thanks
vedge2# show running-config
system
host-name vedge2
system-ip 10.0.1.2
site-id 200
admin-tech-on-failure
no route-consistency-check
no vrrp-advt-with-phymac
sp-organization-name sxxxx
organization-name sxxxx
vbond 10.0.100.62
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C
!
ciscotacro-user true
ciscotacrw-user true
!
logging
disk
enable
!
!
ntp
parent
no enable
stratum 5
exit
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
!
vpn 0
interface ge0/0
ip address 10.0.20.2/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.2/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vpn 10
interface ge0/2
ip address 10.2.0.254/24
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
omp
advertise connected
!
!
vpn 512
interface eth0
shutdown
!
-----------------------------------------
vEdge3# show running-config
system
host-name vEdge3
system-ip 10.0.1.3
site-id 200
admin-tech-on-failure
no route-consistency-check
no vrrp-advt-with-phymac
sp-organization-name sxxxx
organization-name sxxxx
vbond 10.0.100.62
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRa
!
ciscotacro-user true
ciscotacrw-user true
!
logging
disk
enable
!
!
ntp
parent
no enable
stratum 5
exit
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
!
vpn 0
interface ge0/0
ip address 10.0.20.3/24
tunnel-interface
encapsulation ipsec
color biz-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
interface ge0/1
ip address 10.0.30.3/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
ip route 0.0.0.0/0 10.0.30.100
!
vpn 10
interface ge0/2
ip address 10.3.0.254/24
no shutdown
!
ip route 0.0.0.0/0 10.0.20.100
omp
advertise connected
!
!
vpn 512
interface eth0
shutdown
!
!
06-20-2022 04:31 PM
There you go! The site-ids are the same for both routers so they won't build BFD tunnels. You don't see OMP information either because the OMP routes that were advertised from the Edges to vSmart are all for site-id 200 so they won't "pull" information from its own site, makes sense?
vEdge3# show running-config
system
host-name vEdge3
system-ip 10.0.1.3
site-id 300 <<<<< Proposed change
I think that was the last piece of your puzzle, let me know how that change goes!
AJ
06-20-2022 06:14 PM
06-20-2022 06:05 PM
Great! It can work after changing site-id. Thank you very much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide