cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

181
Views
10
Helpful
4
Replies
Highlighted
Beginner

Viptela vEdge Cloud not building control connections

Hi

 

I am building a small lab on my laptop running ESXi and viptela controllers version 18.4.1.

 

I successfully installed vManage, vSmart, vBond as well as vEdgeCloud (one of each). I used tinyCA to sign certificates for the controllers and uploaded root certs on all components including vEdge. Every device has some initial config on with system ip, clock, org name, timezone, interfaces, (check the screenshot attached).

 

Next I went to PnP portal and did the following:

  1. Created controller profile (with vpn0 ip add of vBond 10.0.0.3 should I be using vpn512 address?)
  2. Added a device (Devices>Add Software Devices, PID:vedge-cloud-dna)
  3. Associated the device with the controller profile
  4. Downloaded "Provisioning File" (serialFile.viptela)

I uploaded the viptela file onto vManage and the list was pushed successfully to all controllers.

image.png

 

At this point I would expect for vEdge to finally be permited to join the overlay network. Considering it can ping all the controllers via vpn0 or vpn512 from and it has the root cert as well (even tho I believe this can be pushed from controllers). I also issued this command on vEdge to activate it with no luck: 

 

request vedge-cloud activate chassis-number 71591a3b-7d52-24d4-234b-58e5f4ad0646 token e0b6f073220d85ad32445e30de88a739

image.png

Is there a command to debug this?

 

Any tips would be greatly appreciated 

Rudi

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: Viptela vEdge Cloud not building control connections

So the issue was vBond wasn't accepting vEdge's chassis number. You can see this in the screenshot below (show control connection-history). This is from vEdge perspective.

image.png

The REMOTE ERROR "SERNTPRES" means vEdge's serial number or chassis-number is not present on the vBond's whitelist.

 

To check vBond's whitelist (see command and its output)

vbond.png

 

Next we need to check vEdge's chassis number
vedge.png

 

 

 

 

 

 

 

 

 

 

 

 

 

If you compare they are almost same, except the case. The vBond has the same chassis number only in capital letters. Si I did this same command I used before but this time I put the chassis number in caps (copy from vbonds list):

 

request vedge-cloud activate chassis-number 71591A3B-7D52-24D4-234B-58E5F4AD0646 token 7505cfac967c7ca0dd407caffb453462

and walaa control connections comes up.

 

If you wonder where did I get the lower case chassis from ...

 

image.png

 

vManage of course! 

 

I am running 18.4.1. version on all controllers and vedge.

 

4 REPLIES 4
Beginner

Re: Viptela vEdge Cloud not building control connections

I noticed the time is way off on the vEdge compared to controllers. I statically set time on all devices. However, vEdge is still not joining.

 

[Edit 22.7.]

I issued all sorts of debug commands and none helped me debug the connection between vEdge and vBond. Is there a debug that can show me what is failing?

 

Secondly I did the Wireshark capture and I can see DTLS is failing. The good thing is the connectivity works but I am yet to find out what is causing the DTLS issue. I have re-imported vEdge list into vManage deleted and re-import CA cert into vEdge and tired to register again with the request control vedge-cloud command. ... No luck.

 

10.0.0.11 is vpn0 vEdge

10.0.0.3 is vpn0 vBond

image.png

 

[Edit 22.7.]

Looking at the output of the command below, it seems that vBond doesn't have a valid list of vSmart and vManage. image.png

 

 

 

 

 

The vManage shows vBond as reachable however I noticed the "Control" is empty for vBond furthermore show control connection on vBond shows no connections. I am not sure if this is expected or not. 

Beginner

Re: Viptela vEdge Cloud not building control connections

So the issue was vBond wasn't accepting vEdge's chassis number. You can see this in the screenshot below (show control connection-history). This is from vEdge perspective.

image.png

The REMOTE ERROR "SERNTPRES" means vEdge's serial number or chassis-number is not present on the vBond's whitelist.

 

To check vBond's whitelist (see command and its output)

vbond.png

 

Next we need to check vEdge's chassis number
vedge.png

 

 

 

 

 

 

 

 

 

 

 

 

 

If you compare they are almost same, except the case. The vBond has the same chassis number only in capital letters. Si I did this same command I used before but this time I put the chassis number in caps (copy from vbonds list):

 

request vedge-cloud activate chassis-number 71591A3B-7D52-24D4-234B-58E5F4AD0646 token 7505cfac967c7ca0dd407caffb453462

and walaa control connections comes up.

 

If you wonder where did I get the lower case chassis from ...

 

image.png

 

vManage of course! 

 

I am running 18.4.1. version on all controllers and vedge.

 

Beginner

Re: Viptela vEdge Cloud not building control connections

Hi mocnikr,
I'm having similar trouble. Where did you find these troubleshooting commands? Were you able to find debugs for the vEdge-vBond connectivity?
Regards,

Alfonso
Beginner

Re: Viptela vEdge Cloud not building control connections

Here are some of the resources I used. Also make sure the clock is synced between all your devices as well as CA if ur using your own. It best to use vManage as CA for testing. Check the tutorials below.

 

https://community.cisco.com/t5/networking-documents/sd-wan-routers-troubleshoot-control-connections/ta-p/3813237 (Troubleshoot)

https://sdwan-docs.cisco.com/Product_Documentation

https://codingpackets.com/blog/cisco-sdwan-self-hosted-lab-part-1

https://codingpackets.com/blog/cisco-sdwan-self-hosted-lab-part-2

 

 

 

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards


This widget could not be displayed.