cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
935
Views
0
Helpful
0
Replies

Tracker for viptela DIA dual router and dual internet connection?

Lost & Found
Level 2
Level 2

Hi All, 

I'm setting up a LAB wherein I have 2 vEdge with direct internet connection. 

vEdge-A is acting as the primary router; it has also a TLOC-Extension to vEdge-B. I also enabled NAT and applied a tracker on vEdge Tloc-extension interface. 

I'm able to validate that this is working with both lines active/enabled. However, when the tracker goes down. I can see that the packet is still being sent to TLOC-Extension causing the packet to silently drop since internet connection via TLOC-Extension is down.

The objective is to reroute the traffic to the active internet connection if the tracker applien on tlo-extension interface at vEdge-A goes down. 

Here's what I configured. 

a. Applied a tracker and created a data policy with nat fall-back. 

from-vsmart data-policy VPN1_DIANAT
 direction all
 vpn-list VPN1
  sequence 10
   match
    source-ip      10.0.0.0/16
    destination-ip 10.0.0.0/16
   action accept
  sequence 11
   match
    source-data-prefix-list VPN1-Sites102060-Services
   action accept
    nat use-vpn 0
    nat fallback
    set
     local-tloc-list
      color biz-internet public-internet
  default-action accept
from-vsmart lists vpn-list VPN1
 vpn 1
from-vsmart lists data-prefix-list VPN1-Sites102060-Services
 ip-prefix 10.0.50.0/24

b. vEdge-A(Primary):

vEdge-A interface:                 

Tloc-Extension: 0    ge0/2      ipv4  192.168.20.2/30  Up      Up      Up       null   transport  1500  50:00:00:11:00:03  1000   full    1416    0:00:30:31  39078    46931    
Direct=-Internet: 0    ge0/4      ipv4  192.88.88.1/24   Up      Up      NA       null   transport  1500  50:00:00:11:00:05  1000   full    1416    0:00:00:03  417      2277     

- Tracker is up

0    ge0/2   0    udp       192.168.20.2  200.1.10.1  12386    12346    192.168.20.2  200.1.10.1  12386   12346   established  0:00:00:59  704       115104    704      125527   -          
0    ge0/4   0    icmp      192.88.88.1   200.1.1.3   716      716      192.88.88.1   200.1.1.3   716     716     established  0:00:00:05  1         98        0        0        

- From NAT statistics able to see that both interfaces are used.

The issue is when both interface are enable, Somehow client can't reach the 8.8.8.8 but if I disable one of the link I can see that client can reach 8.8.8.8.

REFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS

---------------------------------------------------------------------------------------------------------------------------------------------

0 0.0.0.0/0static - ge0/4 192.88.88.254- - - - F,S (direct)

0 0.0.0.0/0static - ge0/2 192.168.20.1- - - - F,S (Tlocex)

 

vpn 0
 interface ge0/4
  ip address 192.88.88.1/24
  nat
  !
  tunnel-interface
   encapsulation ipsec
   color public-internet
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   allow-service https
  !
  no shutdown
 !
!
vEdge-A# show running-config vpn 0 interface ge0/2
vpn 0
 interface ge0/2
  description "TLOC"
  ip address 192.168.20.2/30
  nat
  !
  tracker  track_public_internet
  tunnel-interface
   encapsulation ipsec
   color biz-internet restrict
   no allow-service bgp
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service netconf
   no allow-service ntp
   no allow-service ospf
   no allow-service stun
   allow-service https
  !
  no shutdown

When a Did a TCP dump on both interfaces it seem like no data passing through.

Switch#ping 8.8.8.8 repeat 1000 source 10.0.50.10
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.0.50.10 
......................................................................
...............................
 
vEdge-A# tcpdump vpn 0 interface ge0/4 options "host 8.8.8.8 -n"
tcpdump -p -i ge0_4 -s 128 host 8.8.8.8 -n in VPN 0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ge0_4, link-type EN10MB (Ethernet), capture size 128 bytes

# tcpdump vpn 0 interface ge0/2 options "host 8.8.8.8 -n"
tcpdump -p -i ge0_2 -s 128 host 8.8.8.8 -n in VPN 0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ge0_2, link-type EN10MB (Ethernet), capture size 128 bytes

Disabled one of the interface

SITE-C_ID500_MPLS(config-vpn-0)# interface ge0/4
SITE-C_ID500_MPLS(config-interface-ge0/4)# shutdown 
SITE-C_ID500_MPLS(config-interface-ge0/4)# commit 
Commit complete.

 - Ping works after disabling
................!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<>
!!!!!!!!!!!!!!!!!!!!
Success rate is 87 percent (878/1000), round-trip min/avg/max = 1/1/7 ms

Question:

a. Is it possible to use both biz-internet public-internet transport connections, however if the tloc extension tracker goes down the traffic should flow to the active internet connection? How can I achieve that?

b. Am I missing something in my configuration?

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: