Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2084
Views
10
Helpful
7
Replies

TLOC cannot connect to vSmart

Go to solution
PatrickCavell85782
Level 1
Level 1

‎04-08-2021 07:19 PM

Folks, If a TLOC cannot connect to any vSmart with a TLS/DTLS connection I assume that TLOC is not eligible to create an IPSEC tunnel to another vEdge. I'm assuming here that if the vSmart does not learn about the TLOC it cannot then exchange that info with other vEdge's for purposes of creating tunnels. Am I correct?

I am running into an issue where I think this is happening. One TLOC goes straight to the Internet and is NAT'ed and can connect to both vSmarts. The other TLOC is an mpls connection that must traverse the customer's enterprise firewall to go out to the internet. My suspicion is that the customer's FW is blocking this traffic to/from the vSmarts. Sound reasonable?


Thanks.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ekhabaro
Cisco Employee
Cisco Employee

‎04-09-2021 02:55 AM

Your understanding is correct. This is typical problem and to advertise TLOC information to vSmart controller even if no control connections are established over this TLOC, you need to specify `max-control-connections 0` for mpls interface tunnel-interface to instruct Edge router that it's expected and to instruct it to advertise information about MPLS TLOC anyway to vSmart controller.

View solution in original post

7 Replies 7

Go to solution
ekhabaro
Cisco Employee
Cisco Employee

‎04-09-2021 02:55 AM

Your understanding is correct. This is typical problem and to advertise TLOC information to vSmart controller even if no control connections are established over this TLOC, you need to specify `max-control-connections 0` for mpls interface tunnel-interface to instruct Edge router that it's expected and to instruct it to advertise information about MPLS TLOC anyway to vSmart controller.

Go to solution
PatrickCavell85782
Level 1
Level 1
In response to ekhabaro

‎04-09-2021 06:34 AM

I just adjusted the max-control-connections to 0 on the MPLS interface and it seems to have no affect. No MPLS tunnels are coming up.

0 Helpful

Go to solution
inderdeeps
Level 4
Level 4

‎04-09-2021 06:09 AM

I agress with @ekhaboro use "max-control-connections 0"

Go to solution
PatrickCavell85782
Level 1
Level 1
In response to inderdeeps

‎04-09-2021 08:15 AM

Looks like the tunnels have now come up. I guess there's a a few minute delay to take effect. Thanks folks.

0 Helpful

Go to solution
svemulap@cisco.com
Cisco Employee
Cisco Employee
In response to PatrickCavell85782

‎04-09-2021 08:59 AM

Good to hear, Patrick.

Check the below Design-Guide document:
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html?dtid=osscdc000283#CiscoCloudHostedDeploymentrecommended
which talks about the use case of "max-control-connections 0"

Hope it helps.
0 Helpful

Go to solution
PatrickCavell85782
Level 1
Level 1
In response to svemulap@cisco.com

‎04-09-2021 09:06 AM

Thanks. Great info.
0 Helpful

Go to solution
inderdeeps
Level 4
Level 4
In response to PatrickCavell85782

‎04-09-2021 02:25 PM

Good to hear buddy, best of luck !

 

Regards

Inderdeep Singh

****RATE MY RESPONSE IF YOUR LIKE MY REPLY***

0 Helpful
Customers Also Viewed These Support Documents