Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1067
Views
0
Helpful
9
Replies

SD-WAN 20.14 vEDGE Routers, Service VPN Interfaces not Pingable

riazgul72112
Level 1
Level 1

‎06-22-2024 11:19 PM - edited ‎06-23-2024 12:41 AM

Hi Experts,

I have a home LAB environment for Cisco SD-WAN, running version 20.14.1 for Controllers and 20.13.1 and 20.9.5 for vEdge Cloud Routers. I have single transport with 4 sites. Established overlay successfully. All sites have TLOCs reachability. LAN segments are using dynamic routing OSPF, redistributed into OMP. Also OMP Routes are redistributed to OSPF leading to, end-to-end reachability. 

I have loopback in each vEdge router's service VPN, the issue is:

1) I'm not able to ping any loopback and any LAN side interface of vEDGE Routers from other vEDGE

2)From SITE 10-LAN-SW to SITE-20-LAN-SW, able to ping and communication is fine

So loopback interfaces and LAN side interfaces of vEdge routers are not pingable, any suggestions to solve this issue. 

Regards,

Riaz

Labels:
0 Helpful
9 Replies 9

rakeshchhikara
Cisco Employee
Cisco Employee

‎06-23-2024 06:04 AM

- Ensure Loopback Interfaces are advertised and learned via OMP on remote Edges.

- Check if you have applied any DATA/AAR/ZBFW policy which is blocking this.

- Try traceroute and/or packet captures to tshoot

0 Helpful

riazgul72112
Level 1
Level 1
In response to rakeshchhikara

‎06-23-2024 09:58 PM

Loopback Interfaces are part of service VPN and advertised into OMP, verified on remote vEdge Routers and LAN Switches, behind Edges. 

I want to test default scenario, first without any data, control policy, which should have end-to-end reachability. 
(Same was successful on version 20.6.2)

Traceroute : does not even pass from first hop. (I will re-check). For packet capture can you suggest the command?

 

Thanks 

0 Helpful

rakeshchhikara
Cisco Employee
Cisco Employee
In response to riazgul72112

‎06-23-2024 10:32 PM

- Can you share "show software" output from both vEdges.

- packet capture you can do from vManage GUI. Monitor > Device (select vedge device) > Troubleshooting > Packet Capture. Note, you will need Data Stream enabled for this feature, if not already enable from Administration settings page.

- You can also use packet tracer on vEdge starting from 20.5.1 for tshoot. This is not as much detailed as IOS-XE but can give you egress packet detail with interface. Refer # Cisco vManage How-Tos for Cisco vEdge Routers - Troubleshooting [Cisco SD-WAN] - Cisco

0 Helpful

riazgul72112
Level 1
Level 1
In response to rakeshchhikara

‎06-24-2024 02:35 AM

Sure, I will collect the information as you specified. 

However, I was using 20.13.1 for vEDGE Nodes for all sites, when I faced this issues moved one site to version 20.9.5 but,  it also shows same behavior. Since I don't have multiple images for vEDGEs, so one site is on 20.9.5 others on 20.13.1.

0 Helpful

riazgul72112
Level 1
Level 1
In response to rakeshchhikara

‎06-24-2024 10:40 PM

I have attached the snapshots for topology and capture information between sites. 

TOPOLOGY

TOPOLOGY 20.14TOPOLOGY 20.14

 

vEDGE Routers Versions:

SITE-10 : 20.9.5
SITE-30, 50 : 20.13.1

CONTROLLERS: 20.14.1

Software Version.png

 

Service VPN 10 Config on Each Edge Router

Using single VPN 10 for all sites, at each vEDGE Router, a LAN Interface along with Loopback1 are part of VPN10.

Service VPN Info.png

 

Routing on Service Segment on all vEDGE Routers. Dynamic Routing OSPF  b/w vEDGE Router and CORE-SW.

 

VPN 10 LAN Segments.png

 

 

OMP Routes on Controller (Since we have redistributed OSPF routes into OMP and vice versa) Under OMP Template selection is for "connected and OSPF External"

CONTROLLER OMP Routes.png

 

 

Testing 1 : SITE 50 vEDGE to SITE 30 vEDGE & CORE SW Failed

SITE 50-vEDGE to SITE 30 vEDGE & Core SW Failed.png

 

 

Testing 2: SITE 50 CORE-SW to SITE 30 Segment (vEDGE & CORE SW)

SITE 50 to SITE 30 VPN 10 SEGMENT.png

 

TESTING 3: SITE 10 vEDGE LB to SITE 30 CORE-SW LB

SITE 10 vEDGE LB to SITE 30 CORE-SW LB.png

 

TESTING 4 : SITE 10 vEDGE LB to SITE 30 CORE-SW 

SITE 10 vEDGE LB to SITE 30 CORE-SW.png

 

TESTING 5 : SITE 10 vEDGE LB to SITE 30 vEDGE LB

 

SITE 10 vEDGE LB to SITE 30 vEDGE-LB.png

 

TESTING 6 : SITE 10 Service VPN interface to SITE 30 Service VPN Interface

 

SITE 10 vEDGE-VPN 10 IF to SITE 30 VPN 10 IF.png

 

TESTING 7: SITE 30 to SITE 10 Trace

site 30 to site 10 trace.png

 

 

TESTING 8 : Packet Capture on SITE 30 vEDGE LB, Initiated from SITE 10 vEDGE (, shows only packets for which we received the response) 

 

Packet Capture on SITE 30 VEDGE LB Traffc Initiated from SITE 10 vEDGE .png

 

 

Packet Capture SNAP SITE 30 VEDGE LB Traffc Initiated from SITE 10 vEDGE .png

 

 

 

0 Helpful

Kanan Huseynli
VIP
VIP

‎06-23-2024 03:55 PM

Do you indicate VPN (VRF) number while you ping?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

riazgul72112
Level 1
Level 1
In response to Kanan Huseynli

‎06-23-2024 09:59 PM

Yes, off course, otherwise its putting it into default VPN 0.

0 Helpful

irizan-c
Level 1
Level 1
In response to riazgul72112

‎08-17-2024 02:09 AM

Hi,

Did you manage to sort it? I have got the same issue.

0 Helpful

MHM Cisco World
VIP
VIP
In response to irizan-c

‎08-17-2024 02:23 AM

make new post it better 

MHM

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card