Solved: Re: Tloc-action & vpn-list - Page 2

MHM Cisco World · ‎12-10-2023

Hi All

I read about SD-WAN

I check this cisco doc

https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/214232-why-set-tloc-action-in-a-centralized-con.html

And I dont get two points

1- for what there is vpn-list in config of centralize policy ?

2- if we set tloc then what the need of action restricted' i.e. what difference between tloc action restricts and set tloc' in end both do same make next hop is Hub IP.

Thanks in advance

MHM

M02@rt37 · ‎12-11-2023

Thanks for that clear explanation @Kanan Huseynli !!!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Kanan Huseynli · ‎12-11-2023

Result:

indeed, end-to-end tracking with tloc-action works. When BFD is down between 102 and 103, 101 knows about this and invalidated routes. Without tloc-action (just only set tloc), 101 is not aware and still believes that 102 is routable via 103.

vSmart informs 101 about path failure (as in the case, when service TE is not enabled in intermediate node).

Unfortunately, I could not debug on version 20.11. I dont know why, but when I did debug omp [etc.] I cant see logs in /var/log/tmplog/vdebug. I remember in older versions it worked, maybe something is changed

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MHM Cisco World · ‎12-11-2023

Thanks a Lot for your prefect answer
Now it so clear for me.
thanks
MHM

Kanan Huseynli · ‎12-11-2023

For you (and of course for community), some btrace logs on C8000V (17.11.1):

2023/12/11 19:11:52.290515204 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): Rib-Entry: 1: 192.168.2.0/24 with RIB-IN [1.1.100.3, 25], Flags : prior to Install cb reorig attempt
2023/12/11 19:11:52.290429929 {ompd_R0-0}{255}: [ompd-event] [19984]: (debug): vpn-id 1, type 0, hdr-len 6, msg-len 39, control-msg-vpn-id 1
2023/12/11 19:11:52.290178378 {ompd_R0-0}{255}: [ompd-policy] [19984]: (verbose): WITHDRAW Peer: 1.1.100.3 NLRI: 1: 192.168.2.0/24 from 1.1.100.4 Path: 16 allowed to be advertised, rib_out:0x0
2023/12/11 19:11:52.290176892 {ompd_R0-0}{255}: [ompd-policy] [19984]: (debug): Peer: 1.1.100.3 NLRI: 1: 192.168.2.0/24 from 1.1.100.4 Path: 16 suppressed due to - Info invalid
2023/12/11 19:11:52.290175616 {ompd_R0-0}{255}: [ompd-policy] [19984]: (verbose): WITHDRAW Peer: 1.1.100.3 NLRI: 1: 192.168.2.0/24 from 1.1.100.3 Path: 25 allowed to be advertised, rib_out:0x0
2023/12/11 19:11:52.290174339 {ompd_R0-0}{255}: [ompd-policy] [19984]: (debug): Peer: 1.1.100.3 NLRI: 1: 192.168.2.0/24 from 1.1.100.3 Path: 25 suppressed due to - Info invalid
2023/12/11 19:11:52.290161444 {ompd_R0-0}{255}: [ompd-policy] [19984]: (verbose): WITHDRAW Peer: 1.1.100.4 NLRI: 1: 192.168.2.0/24 from 1.1.100.4 Path: 16 allowed to be advertised, rib_out:0x0
2023/12/11 19:11:52.290159917 {ompd_R0-0}{255}: [ompd-policy] [19984]: (debug): Peer: 1.1.100.4 NLRI: 1: 192.168.2.0/24 from 1.1.100.4 Path: 16 suppressed due to - Info invalid
2023/12/11 19:11:52.290157396 {ompd_R0-0}{255}: [ompd-policy] [19984]: (verbose): WITHDRAW Peer: 1.1.100.4 NLRI: 1: 192.168.2.0/24 from 1.1.100.3 Path: 25 allowed to be advertised, rib_out:0x0
2023/12/11 19:11:52.290153031 {ompd_R0-0}{255}: [ompd-policy] [19984]: (debug): Peer: 1.1.100.4 NLRI: 1: 192.168.2.0/24 from 1.1.100.3 Path: 25 suppressed due to - Info invalid
2023/12/11 19:11:51.652814494 {ompd_R0-0}{255}: [ompd-bestpath] [19984]: (debug): Best-Path for 1: 192.168.2.0/24 [1.1.100.4, 16] equal against [1.1.100.3, 25] reason: none, insert-result: worse
2023/12/11 19:11:51.652812796 {ompd_R0-0}{255}: [ompd-bestpath] [19984]: (debug): Best-Path for 1: 192.168.2.0/24 [1.1.100.4, 16] equal against [1.1.100.3, 25] reason: none, insert-result: worse
2023/12/11 19:11:51.652804436 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): RIB in update for 1: 192.168.2.0/24, [1.1.100.4, 16], Flags : CHOSEN , Aggr-Peer: No
2023/12/11 19:11:51.652802099 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): Processing event for TLOC [100.100.100.103 : biz-internet : ipsec] => [100.100.100.102 : biz-internet : ipsec], state UP LINK-DOWN TTM-ADV 
2023/12/11 19:11:51.652752387 {ompd_R0-0}{255}: [ompd-bestpath] [19984]: (debug): Best-Path for 1: 192.168.2.0/24 [1.1.100.3, 25] lost against [1.1.100.4, 16] reason: Invalid, insert-result: worse
2023/12/11 19:11:51.652732331 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): RIB in update for 1: 192.168.2.0/24, [1.1.100.3, 25], Flags : CHOSEN INSTALLED , Aggr-Peer: No
2023/12/11 19:11:51.652701373 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): Processing event for TLOC [100.100.100.103 : biz-internet : ipsec] => [100.100.100.102 : biz-internet : ipsec], state UP LINK-DOWN TTM-ADV 
2023/12/11 19:11:51.650109411 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): RIB in delete AF:LINK for Local: Local: .100.103 : biz-internet : ipsec Remote: 100.100.100.102 : biz-internet : ipsec, [1.1.100.3, 0], Flags : CHOSEN INSTALLED RESOLVED , Ago
2023/12/11 19:11:51.650092450 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): 
2023/12/11 19:11:51.650091057 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): LINK: Local 100.100.100.103 : biz-internet : ipsec Remote 100.100.100.102 : biz-internet : ipsec Label 0 MTU 1445
2023/12/11 19:11:51.650081602 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): Unreachables (15) Length: 22 AFI: ipv4(1) SAFI Link(6) Value:
2023/12/11 19:11:51.650079387 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): Attribute Length 26
2023/12/11 19:11:51.650076250 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): Received UPDATE message 47 bytes: peer: 1.1.100.3
2023/12/11 19:11:51.290339836 {ompd_R0-0}{255}: [ompd-policy] [19984]: (verbose): WITHDRAW Peer: 1.1.100.3 NLRI: Local: 100.100.100.103 : biz-internet : ipsec Remote: 100.100.100.102 : biz-internet : ipsec from 1.1.100.3 Path: 0 allowed to be advertised, 0
2023/12/11 19:11:51.290337537 {ompd_R0-0}{255}: [ompd-policy] [19984]: (debug): Peer: 1.1.100.3 NLRI: Local: 100.100.100.103 : biz-internet : ipsec Remote: 100.100.100.102 : biz-internet : ipsec from 1.1.100.3 Path: 0 suppressed due to - Split Horizon
2023/12/11 19:11:51.290315555 {ompd_R0-0}{255}: [ompd-policy] [19984]: (verbose): WITHDRAW Peer: 1.1.100.4 NLRI: Local: 100.100.100.103 : biz-internet : ipsec Remote: 100.100.100.102 : biz-internet : ipsec from 1.1.100.3 Path: 0 allowed to be advertised, 0
2023/12/11 19:11:51.290307461 {ompd_R0-0}{255}: [ompd-policy] [19984]: (debug): Peer: 1.1.100.4 NLRI: Local: 100.100.100.103 : biz-internet : ipsec Remote: 100.100.100.102 : biz-internet : ipsec from 1.1.100.3 Path: 0 suppressed due to - Info Redistributed
2023/12/11 19:11:50.902020022 {ompd_R0-0}{255}: [ompd-event] [19984]: (verbose): RIB in delete AF:LINK for Local: Local: .100.103 : biz-internet : ipsec Remote: 100.100.100.102 : biz-internet : ipsec, [1.1.100.4, 0], Flags : CHOSEN RESOLVED , Aggr-Peer: No
2023/12/11 19:11:50.901817665 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): 
2023/12/11 19:11:50.901813539 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): LINK: Local 100.100.100.103 : biz-internet : ipsec Remote 100.100.100.102 : biz-internet : ipsec Label 0 MTU 1445
2023/12/11 19:11:50.901789870 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): Unreachables (15) Length: 22 AFI: ipv4(1) SAFI Link(6) Value:
2023/12/11 19:11:50.901764834 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): Attribute Length 26
2023/12/11 19:11:50.901750106 {ompd_R0-0}{255}: [ompd-pkt] [19984]: (verbose): Received UPDATE message 47 bytes: peer: 1.1.100.4

A bit hard to explain each line, but at least on highlighted (bold) section, we clearly see that site router received UPDATE from vSmarts about link unreachability (between site 103 and 102) and by processing this information, router updates RIB.

Similar, reachibility/ unreachibility updates are sent by vSmart when TE is disabled on intermediate node (it basically sends, all links from that intermediate node). We can say that, vSmart notifies about indirect link failure and receiving router updates RIB.

To have this kind of detailed logs you first set trace level for specific process to be higher (noise it to highest level):

set platform software trace ompd R0 ompd-event noise
set platform software trace ompd R0 ompd-pkt noise
set platform software trace ompd R0 ompd-bestpath noise
set platform software trace ompd R0 ompd-policy noise

show logging process ompd internal (optionally, you may use "reverse" at the end to see latest logs first).

After analyzing, set trace level back to normal:

set platform software trace ompd R0 all-modules notice

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MHM Cisco World · ‎12-11-2023

Thanks a lot Mr.Kanan
last Q

vedge2(config)# vpn 40
vedge2(config-vpn-40)# service ?

the service TE must use with TLOC-action and it config in Hub,
my Q we need this service under VPN x (from which the traffic come and forward) or under VPN 0 ?
I see example it config under VPN 0 and I dont see any meaning of that.
the Hub use label to detect VPNx and hairpin traffic in VPN 0 transport interface.

thanks again
MHM

Kanan Huseynli · ‎12-12-2023

For this it is required under service VPN (VPN X):

https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/214232-why-set-tloc-action-in-a-centralized-con.html#anc5

For on-demand tunnel, you need enable it under VPN0:

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/ios-xe-17/systems-interfaces-book-xe-sdwan/m-dynamic-on-demand-tunnels.pdf

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.