Introduction
This document describes the configuration that can allow a user to implement connectivity between different Transport Location (TLOC) colors.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Basic understanding of Viptela Software Defined Wide Area Network (SDWAN) solution
- vSmart route policies
- Overlay Management Protocol (OMP)
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
This configuration can be helpful when a user has sites with different connections that cannot build tunnels between them (e.g. Multiprotocol Label Switching (MPLS) color (MPLS L3 Virtual Private Network (VPN) connection) and internet/Long-Term Evolution (LTE) (generic internet connection from Internet Service Provider (ISP) or 3G/LTE connection). The two remote offices won't be able to form tunnel between them if in one office you have MPLS only connection and in the another - internet only, but if there is some site with connection to both colors, then it is easily achievable with the help of default or summary route advertised from this dual-connected site.
Configure
All sites use single VPN 40. This is the table that summarizes system settings on all 3 vEdges:
hostname |
site-id |
system-ip |
vedge1 |
40 |
192.168.30.4
|
vedge2 |
50 |
192.168.30.5
|
vedge3 |
60 |
192.168.30.6
|
Network Diagram

Configuration
Here is the configuration applied on vSmart in order to allow connectivity between sites:
policy
lists
site-list sites_ve1_40_ve3_60
site-id 40
site-id 60
!
control-policy ROUTE_LEAK
sequence 10
match route
site-list sites_ve1_40_ve3_60
!
action accept
set
service vpn 40
!
!
!
default-action accept
!
apply-policy
site-list sites_ve1_40_ve3_60
control-policy ROUTE_LEAK out
!
!
Verify
Use this section in order to confirm that your configuration works properly.
Before control-policy is applied:
vedge1# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 connected - ge0/1 - - - - - F,S
40 192.168.50.0/24 omp - - - - 192.168.30.5 mpls ipsec F,S
vedge2# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 omp - - - - 192.168.30.4 mpls ipsec F,S
40 192.168.50.0/24 connected - ge0/2 - - - - - F,S
40 192.168.60.0/24 omp - - - - 192.168.30.6 lte ipsec F,S
vedge3# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.50.0/24 omp - - - - 192.168.30.5 lte ipsec F,S
40 192.168.60.0/24 connected - ge0/1 - - - - - F,S
After the policy is applied in the apply-policy section on vSmart:
vedge1# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 connected - ge0/1 - - - - - F,S
40 192.168.50.0/24 omp - - - - 192.168.30.5 mpls ipsec F,S
40 192.168.60.0/24 omp - - - - 192.168.30.5 mpls ipsec F,S
vedge2# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 omp - - - - 192.168.30.4 mpls ipsec F,S
40 192.168.50.0/24 connected - ge0/2 - - - - - F,S
40 192.168.60.0/24 omp - - - - 192.168.30.6 lte ipsec F,S
vedge3# show ip routes vpn 40
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 omp - - - - 192.168.30.5 lte ipsec F,S
40 192.168.50.0/24 omp - - - - 192.168.30.5 lte ipsec F,S
40 192.168.60.0/24 connected - ge0/1 - - - - - F,S
Troubleshoot
This section provides information you can use in order to troubleshoot your configuration.
Check that OMP routes are presented in an OMP table with C, I, R status:
vedge3# show omp routes
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
40 192.168.40.0/24 192.168.30.3 262 1002 Inv,U installed 192.168.30.4 mpls ipsec -
192.168.30.3 263 1002 Inv,U installed 192.168.30.5 mpls ipsec -
192.168.30.3 264 1002 C,I,R installed 192.168.30.5 lte ipsec -
192.168.30.3 265 1002 L,R,Inv installed 192.168.30.6 lte ipsec -
40 192.168.50.0/24 192.168.30.3 260 1002 Inv,U installed 192.168.30.5 mpls ipsec -
192.168.30.3 261 1002 C,I,R installed 192.168.30.5 lte ipsec -
40 192.168.60.0/24 0.0.0.0 38 1002 C,Red,R installed 192.168.30.6 lte ipsec -
Recap that vEdge3 has only LTE color connectivity.
If routes are not presented, check that vSmart advertises routes:
vsmart1# show omp peers 192.168.30.6
R -> routes received
I -> routes installed
S -> routes sent
DOMAIN OVERLAY SITE
PEER TYPE ID ID ID STATE UPTIME R/I/S
------------------------------------------------------------------------------------------
192.168.30.6 vedge 1 1 60 up 12:15:27:59 1/0/3
Check OMP route attributes on vSmart:
vsmart1# show omp routes 192.168.40.0/24 detail | nomore
---------------------------------------------------
omp route entries for vpn 40 route 192.168.40.0/24
---------------------------------------------------
RECEIVED FROM:
peer 192.168.30.4
path-id 34
label 1002
status C,R
loss-reason not set
lost-to-peer not set
lost-to-path-id not set
Attributes:
originator 192.168.30.4
type installed
tloc 192.168.30.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
overlay-id 1
site-id 40
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
ADVERTISED TO:
peer 192.168.30.5
Attributes:
originator 192.168.30.4
label 1002
path-id 526
tloc 192.168.30.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
ADVERTISED TO:
peer 192.168.30.6
Attributes:
originator 192.168.30.4
label 1002
path-id 269
tloc 192.168.30.6, lte, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Attributes:
originator 192.168.30.4
label 1002
path-id 268
tloc 192.168.30.5, lte, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Attributes:
originator 192.168.30.4
label 1002
path-id 267
tloc 192.168.30.5, mpls, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Attributes:
originator 192.168.30.4
label 1002
path-id 266
tloc 192.168.30.4, mpls, ipsec
ultimate-tloc not set
domain-id not set
site-id 40
overlay-id 1
preference not set
tag not set
origin-proto connected
origin-metric 0
as-path not set
unknown-attr-len not set
Summary
The configuration for this kind of route-leaking like behavior is quite simple and can be used when it is not possible to advertise an aggregated route for some reason (although in our example you could do this to solve the task without control-policy):
vedge2# show running-config vpn 40
vpn 40
ip route 192.168.0.0/16 null0
omp
advertise static
!
!
Also, this is helpful when you can not use the default route to advertise it from central/hub site (vEdge2 in our case) when this configuration is used:
vpn 40
!
ip route 0.0.0.0/0 vpn 0
Because default route with next-hop in VPN 0 won't be advertised, this is the expected behavior:
PROTOCOL NEXTHOP NEXTHOP NEXTHOP
VPN PREFIX PROTOCOL SUB TYPE IF NAME ADDR VPN TLOC IP COLOR ENCAP STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
40 0.0.0.0/0 nat - ge0/0 - 0 - - - F,S
Here you can use either summary route or use control-policy in order to advertise specific routes as you did in this document.
Related Information