SDWAN BGP configuration on transport side(ISR base)

DaeHeon Kang · ‎09-08-2019

I am looking for the CLI or template configuration example about BGP configuration on transport side.

I've tried to configure with the relevant Cisco document,

however it returns error message when I tried to push template to Edge devices(ISR router).

The below is the configuration that I've done and error message.

>>> Configuration example

viptela-system:system

device-model vedge-ISR-4331

host-name Test-Router

system-ip 200.200.200.2

overlay-id 1

site-id 100

port-offset 0

control-session-pps 300

admin-tech-on-failure

sp-organization-name "SD-WAN-1 - xxxxx"

organization-name "SD-WAN-1 - xxxxx"

port-hop

track-transport

track-default-gateway

console-baud-rate 9600

vbond 203.42.41.250 port 12346

logging

disk

enable

!

bfd app-route multiplier 6

bfd app-route poll-interval 600000

omp

no shutdown

graceful-restart

!

security

ipsec

rekey 86400

replay-window 512

authentication-type sha1-hmac ah-sha1-hmac

!

no service pad

no service tcp-small-servers

no service udp-small-servers

hostname Test-Router

username admin privilege 15 secret 9 $9$3VEF3VAI3lMM3E$awMmxogwHvRdxoHA5u1utUOAmKPBUvUbkD4PnwNWmWk

vrf definition Mgmt-intf

description Transport VPN

rd 1:512

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

no ip finger

no ip rcmd rcp-enable

no ip rcmd rsh-enable

no ip dhcp use class

ip prefix-list Test-Loopback permit 10.10.10.10/32

no ip igmp ssm-map query dns

interface GigabitEthernet0

no shutdown

arp timeout 1200

vrf forwarding Mgmt-intf

no ip address

ip redirects

ip mtu 1500

mtu 1500

negotiation auto

exit

interface GigabitEthernet0/0/0

no shutdown

arp timeout 1200

ip address 100.200.200.2 255.255.255.252

ip redirects

ip mtu 1500

mtu 1500

negotiation auto

exit

interface Loopback0

no shutdown

arp timeout 1200

ip address 10.10.10.10 255.255.255.255

ip mtu 1500

exit

interface Tunnel0

no shutdown

ip unnumbered Loopback0

no ip redirects

ipv6 unnumbered Loopback0

no ipv6 redirects

tunnel source Loopback0

tunnel mode sdwan

exit

route-map Route-Polocy permit 1

match ip address prefix-list Test-Loopback

!

clock timezone UTC 0 0

logging persistent size 104857600 filesize 10485760

logging buffered 512000

no logging rate-limit

logging persistent

aaa authentication login default local

aaa authorization exec default local

aaa session-id common

no crypto ikev2 diagnose error

router bgp 65332

bgp router-id 10.10.10.10

bgp log-neighbor-changes

distance bgp 20 200 20

neighbor 100.200.200.1 remote-as 65330

neighbor 100.200.200.1 ebgp-multihop 1

address-family ipv4 unicast

redistribute connected route-map Route-Polocy

exit-address-family

!

timers bgp 60 180

!

line con 0

login authentication default

speed 9600

stopbits 1

!

sdwan

interface GigabitEthernet0/0/0

exit

interface Loopback0

tunnel-interface

encapsulation ipsec weight 1

no border

color gold

no last-resort-circuit

no low-bandwidth-link

control-connections

no vbond-as-stun-server

vmanage-connection-preference 5

port-hop

carrier default

nat-refresh-interval 5

hello-interval 1000

hello-tolerance 12

no allow-service all

no allow-service bgp

allow-service dhcp

allow-service dns

allow-service icmp

no allow-service sshd

no allow-service netconf

no allow-service ntp

no allow-service ospf

no allow-service stun

no allow-service snmp

exit

omp

no shutdown

send-path-limit 4

ecmp-limit 4

graceful-restart

timers

holdtime 60

advertisement-interval 1

graceful-restart-timer 43200

eor-timer 300

exit

address-family ipv4

advertise connected

advertise static

!

address-family ipv6

advertise connected

advertise static

!

policy

no app-visibility

no flow-visibility

no implicit-acl-logging

log-frequency 1000

>>>>>>> Error message

8-Sep-2019 9:20:55 UTC] Configuring device with feature template: Test-Router-template

[8-Sep-2019 9:20:55 UTC] Generating configuration from template

[8-Sep-2019 9:21:00 UTC] Checking and creating device in vManage

[8-Sep-2019 9:21:01 UTC] Device is online

[8-Sep-2019 9:21:01 UTC] Updating device configuration in vManage

[8-Sep-2019 9:21:07 UTC] Pushing configuration to device

[8-Sep-2019 9:21:20 UTC] Failed to process device request. Error response : rpc-reply error: <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="13">

<rpc-error>

<error-type>application</error-type>

<error-tag>operation-failed</error-tag>

<error-severity>error</error-severity>

<error-app-tag>too-few-elements</error-app-tag>

<error-path xmlns:viptela-vpn="http://viptela.com/vpn">

/viptela-vpn:vpn/viptela-vpn:vpn-instance[viptela-vpn:vpn-id='0']/viptela-vpn:interface[viptela-vpn:if-name='GigabitEthernet0/0/0']/viptela-vpn:tunnel-interface/viptela-vpn:encapsulation

</error-path>

<error-message unknown:lang="en">too few /vpn/vpn-instance[vpn-id='0']/interface[if-name='GigabitEthernet0/0/0']/tunnel-interface/encapsulation, 0 configured, at least 1 must be configured</error-message>

<error-info xmlns:tailf="http://tail-f.com/ns/netconf/params/1.1" xmlns:viptela-vpn="http://viptela.com/vpn">

<tailf:bad-instance-count>

<tailf:bad-element>/viptela-vpn:vpn/viptela-vpn:vpn-instance[viptela-vpn:vpn-id='0']/viptela-vpn:interface[viptela-vpn:if-name='GigabitEthernet0/0/0']/viptela-vpn:tunnel-interface/viptela-vpn:encapsulation</tailf:bad-element>

<tailf:instances>0</tailf:instances>

<tailf:min-instances>1</tailf:min-instances>

</tailf:bad-instance-count>

</error-info>

</rpc-error>

</rpc-reply>