Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2021
Views
0
Helpful
3
Replies

SDWAN MPLS - MPLS Tunnel is Down

gabriel.linares@ccnetsa.com
Level 1
Level 1

‎05-28-2020 07:53 AM

Hi All,

I'm having some issues with my SD-WAN Lab and I hope you can help me :-).

Right now I have two vEdges routers vEdgeBR1(RID 4.4.4.4) and vEdgeDC1(RID 5.5.5.5) with two connections each (internet and MPLS). The internet connection works fine, I received the network prefix of both routers through OMP. But the tunnel between the two vEdge through the MPLS connection is down.

 

This is the topology:

Topologia1.PNG

 

When I run the command show bfd sessions the MPLS-MPLS session is down in both vEdges routers and they are not receiving packets:

control connection BR1.PNGcontrol connection DC01.png

 

I've been checking the logs and only can see this:

 

local7.info: May 28 13:57:16 vEdgeDC1 VDAEMON[1264]: %Viptela-vEdgeDC1-vdaemon-6-INFO-1400002: Notification: 5/28/2020 13:57:16 control-connection-state-change severity-level:major host-name:"vEdgeDC1" system-ip:5.5.5.5 personality:vedge peer-type:vbond peer-system-ip::: peer-vmanage-system-ip:0.0.0.0 public-ip:192.168.110.31 public-port:12346 src-color:mpls remote-color:mpls uptime:"0:00:06:39" new-state:down

 

local7.info: May 28 13:57:35 vEdgeDC1 FTMD[1254]: %Viptela-vEdgeDC1-ftmd-6-INFO-1400002: Notification: 5/28/2020 13:57:35 bfd-state-change severity-level:major host-name:"vEdgeDC1" system-ip:5.5.5.5 src-ip:172.16.1.2 dst-ip:172.16.0.2 proto:ipsec src-port:12366 dst-port:12366 local-system-ip:5.5.5.5 local-color:"mpls" remote-system-ip:4.4.4.4 remote-color:"mpls" new-state:down deleted:true flap-reason:bfd-deleted

 

local7.info: May 28 13:57:35 vEdgeDC1 FTMD[1254]: %Viptela-vEdgeDC1-ftmd-6-INFO-1400002: Notification: 5/28/2020 13:57:35 bfd-state-change severity-level:major host-name:"vEdgeDC1" system-ip:5.5.5.5 src-ip:172.16.1.2 dst-ip:172.16.0.2 proto:ipsec src-port:12366 dst-port:12366 local-system-ip:5.5.5.5 local-color:"mpls" remote-system-ip:4.4.4.4 remote-color:"mpls" new-state:down deleted:false flap-reason:na

 

Does anyone have the same problem? 

Regards,

Preview file
4 KB
Preview file
4 KB
0 Helpful
3 Replies 3

Dan Frey
Cisco Employee
Cisco Employee

‎05-28-2020 09:43 AM

Could be a NAT issue.    Color MPLS uses "private peer address" and I see your NATing at the MPLS router.   Is there IP reachability between the two sites using  172.16.1.2 <---> 172.16.0.2 addresses without NAT?   Can the MPLS addresses reach the controllers without NAT?   If there is NAT involved on the MPLS network change the color to a public one like "biz-internet"   If you want to keep the color MPLS then remove NAT from all the MPLS connections.

0 Helpful

gabriel.linares@ccnetsa.com
Level 1
Level 1
In response to Dan Frey

‎05-28-2020 10:40 AM

Hi @Dan Frey 

 

Each vEdge router can reach the other without nat but reach the controllers through the NATing of the MPLSRouter.

 

I've changed the color from "mpls" to "biz-internet" but the tunnel is still down.

 

I've changed my topology to make the vEdge reach the controllers without NAT, and I've assigned the color "biz-internet" and now the tunnel is UP.

 

v3.png

Is there configuration when each vEdge communicates without NAT between them but need NAT to reach the controllers?

 

Regards,

0 Helpful

Dan Frey
Cisco Employee
Cisco Employee
In response to gabriel.linares@ccnetsa.com

‎05-28-2020 06:45 PM

The output of show bfd sessions looks like NAT is still taking place since the DST port (15832) is not one of the standard ports documented here:  https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/cisco-sd-wan-overlay-network-bringup.html#c_Firewall_Ports_for_Viptela_Deployments_8690.xml

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card