Re: SDWAN MPLS - MPLS Tunnel is Down

gabriel.linares@ccnetsa.com · ‎05-28-2020

Hi All,

I'm having some issues with my SD-WAN Lab and I hope you can help me :-).

Right now I have two vEdges routers vEdgeBR1(RID 4.4.4.4) and vEdgeDC1(RID 5.5.5.5) with two connections each (internet and MPLS). The internet connection works fine, I received the network prefix of both routers through OMP. But the tunnel between the two vEdge through the MPLS connection is down.

This is the topology:

When I run the command show bfd sessions the MPLS-MPLS session is down in both vEdges routers and they are not receiving packets:

I've been checking the logs and only can see this:

local7.info: May 28 13:57:16 vEdgeDC1 VDAEMON[1264]: %Viptela-vEdgeDC1-vdaemon-6-INFO-1400002: Notification: 5/28/2020 13:57:16 control-connection-state-change severity-level:major host-name:"vEdgeDC1" system-ip:5.5.5.5 personality:vedge peer-type:vbond peer-system-ip::: peer-vmanage-system-ip:0.0.0.0 public-ip:192.168.110.31 public-port:12346 src-color:mpls remote-color:mpls uptime:"0:00:06:39" new-state:down

local7.info: May 28 13:57:35 vEdgeDC1 FTMD[1254]: %Viptela-vEdgeDC1-ftmd-6-INFO-1400002: Notification: 5/28/2020 13:57:35 bfd-state-change severity-level:major host-name:"vEdgeDC1" system-ip:5.5.5.5 src-ip:172.16.1.2 dst-ip:172.16.0.2 proto:ipsec src-port:12366 dst-port:12366 local-system-ip:5.5.5.5 local-color:"mpls" remote-system-ip:4.4.4.4 remote-color:"mpls" new-state:down deleted:true flap-reason:bfd-deleted

local7.info: May 28 13:57:35 vEdgeDC1 FTMD[1254]: %Viptela-vEdgeDC1-ftmd-6-INFO-1400002: Notification: 5/28/2020 13:57:35 bfd-state-change severity-level:major host-name:"vEdgeDC1" system-ip:5.5.5.5 src-ip:172.16.1.2 dst-ip:172.16.0.2 proto:ipsec src-port:12366 dst-port:12366 local-system-ip:5.5.5.5 local-color:"mpls" remote-system-ip:4.4.4.4 remote-color:"mpls" new-state:down deleted:false flap-reason:na

Does anyone have the same problem?

Regards,

Dan Frey · ‎05-28-2020

Could be a NAT issue. Color MPLS uses "private peer address" and I see your NATing at the MPLS router. Is there IP reachability between the two sites using 172.16.1.2 <---> 172.16.0.2 addresses without NAT? Can the MPLS addresses reach the controllers without NAT? If there is NAT involved on the MPLS network change the color to a public one like "biz-internet" If you want to keep the color MPLS then remove NAT from all the MPLS connections.

gabriel.linares@ccnetsa.com · ‎05-28-2020

Hi @Dan Frey

Each vEdge router can reach the other without nat but reach the controllers through the NATing of the MPLSRouter.

I've changed the color from "mpls" to "biz-internet" but the tunnel is still down.

I've changed my topology to make the vEdge reach the controllers without NAT, and I've assigned the color "biz-internet" and now the tunnel is UP.

Is there configuration when each vEdge communicates without NAT between them but need NAT to reach the controllers?

Regards,

Dan Frey · ‎05-28-2020

The output of show bfd sessions looks like NAT is still taking place since the DST port (15832) is not one of the standard ports documented here: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/cisco-sd-wan-overlay-network-bringup.html#c_Firewall_Ports_for_Viptela_Deployments_8690.xml