SDWAN VEDGE ROUTING

uni1389 · ‎05-23-2025

Hello All,

am trying to prepare lab for Cisco SDWAN on EVE/NG as attached topology. I need to onboard remaining Edge devices for which Vbond should be reachable from vEdges, but am not able to route between SD-WAN Components via DCvEdge and ISP router. The configuration is mentioned below.

vDCEdge124# show running-config system
system
host-name vDCEdge124
system-ip 30.255.255.124
site-id 10
admin-tech-on-failure
no route-consistency-check
no vrrp-advt-with-phymac
organization-name dingdong.com
vbond 10.10.10.122

vDCEdge124# show run vpn 0
vpn 0
router
ospf
router-id 10.10.10.124
timers spf 200 1000 10000
area 0
interface ge0/0
exit
interface ge0/2
exit
exit
!
!
interface ge0/0
ip address 100.100.100.124/24
tunnel-interface
encapsulation ipsec
color mpls
allow-service all
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
allow-service stun
allow-service https
!
no shutdown
!
interface ge0/2
ip address 10.10.10.254/24
tunnel-interface
encapsulation ipsec
allow-service all
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
allow-service ntp
allow-service ospf
allow-service stun
allow-service https
!

vDCEdge124# show run vpn 512
vpn 512
interface eth0
ip address 192.168.0.124/24
ipv6 dhcp-client
no shutdown
!
ip route 0.0.0.0/0 192.168.0.1
!
vDCEdge124#

vDCEdge124# show ip routes vpn 0

PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0 10.10.10.0/24 ospf IA ge0/2 - - - - - -
0 10.10.10.0/24 connected - ge0/2 - - - - - F,S
0 20.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 30.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 30.255.255.124/32 connected - system - - - - - F,S
0 40.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 50.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 60.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 70.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 80.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 90.100.100.0/24 ospf IA ge0/0 100.100.100.254 - - - - F,S
0 100.100.100.0/24 ospf IA ge0/0 - - - - - -
0 100.100.100.0/24 connected - ge0/0 - - - - - F,S

============================================

ISP#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 70.100.100.254 YES manual up up
GigabitEthernet0/1 100.100.100.254 YES manual up up
GigabitEthernet0/2 20.100.100.254 YES manual up up
GigabitEthernet0/3 60.100.100.254 YES manual up up
GigabitEthernet0/4 30.100.100.254 YES manual up up
GigabitEthernet0/5 40.100.100.254 YES manual up up
GigabitEthernet0/6 50.100.100.254 YES manual up up
GigabitEthernet0/7 90.100.100.254 YES manual up up
GigabitEthernet0/8 80.100.100.254 YES manual up up
GigabitEthernet0/9 unassigned YES unset down down
ISP#show ip route 10.0.0.0/24 is subnetted, 1 subnets

O 10.10.10.0 [110/11] via 100.100.100.124, 00:00:53, GigabitEthernet0/1
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.100.100.0/24 is directly connected, GigabitEthernet0/2
L 20.100.100.254/32 is directly connected, GigabitEthernet0/2
30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 30.100.100.0/24 is directly connected, GigabitEthernet0/4
L 30.100.100.254/32 is directly connected, GigabitEthernet0/4
40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 40.100.100.0/24 is directly connected, GigabitEthernet0/5
L 40.100.100.254/32 is directly connected, GigabitEthernet0/5
50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 50.100.100.0/24 is directly connected, GigabitEthernet0/6
L 50.100.100.254/32 is directly connected, GigabitEthernet0/6
60.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 60.100.100.0/24 is directly connected, GigabitEthernet0/3
L 60.100.100.254/32 is directly connected, GigabitEthernet0/3
70.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 70.100.100.0/24 is directly connected, GigabitEthernet0/0
L 70.100.100.254/32 is directly connected, GigabitEthernet0/0
80.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 80.100.100.0/24 is directly connected, GigabitEthernet0/8
L 80.100.100.254/32 is directly connected, GigabitEthernet0/8
90.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 90.100.100.0/24 is directly connected, GigabitEthernet0/7
L 90.100.100.254/32 is directly connected, GigabitEthernet0/7
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.100.100.0/24 is directly connected, GigabitEthernet0/1
L 100.100.100.254/32 is directly connected, GigabitEthernet0/1
ISP#

=================================================

uni1389 · ‎05-23-2025

furthermore am able to ping vEdge but am not able to ping vpn0(SD-Components) from ISP router or SitesvEdges.
Sending 5, 100-byte ICMP Echos to 100.100.100.124, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/28/50 ms
ISP#ping 10.10.10.124
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.124, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ISP#

Dan Frey · ‎05-28-2025

I would recommend making DCEdge124 a normal autonomous router that will route the underlay to the two ISP routers for connectivity. Once that is working you could add a SDWAN router to site10 if needed.

MHM Cisco World · ‎06-21-2025

Hi

If I understand correctly' you want to redistrubte VPN(x) prefix into ISP?

Normal ISP is underlaying which only use to interconnect vedge-vbond-vmange-vsmart it not use for routing traffic.

The only case you need to make ISP routing traffic when you need to access internet via DIA.

MHM