Troubleshooting Cisco SD-WAN Reachability Issues
Color |
Green |
Red |
Comment |
---|---|---|---|
Deployment Status |
Provisioned |
Provisioned-Failed: See Troubleshooting notes Troubleshooting SD-WAN Deployment Errors). |
Checks that VNF(s) is fully deployed and in active state. |
Reachability Status |
Reachable |
Not Reachable: See Troubleshooting notes Troubleshooting SD-WAN Reachability Errors). |
Checks the connectivity between the deployed vEdge and Cisco SD-WAN Control Plane. |
Troubleshooting Cisco SD-WAN vEdge-Cloud Deployment Deployment Errors
After the service packs are deployed on MSX, the customer configuration templates are imported into the Cisco Network Services Orchestrator (NSO) platform for automating network orchestration. These configurations are then pushed from MSX to customer devices as part of the orchestration of device configuration. If the SD-WAN provisioning is not successful, most times, it is due to wrong parameters in the deployment data on NSO. There are multiple NSO instances if you are deploying more than one service pack. Therefore, these steps must be performed on the service pack-specific NSO node. SD-WAN uses SD-Branch's NSO, so in this case, the nso node will be nso-vbranch.
Procedure
Step 1 |
Log in to one of the kubernetes master nodes.
|
Step 2 |
Access the NSO node using this command:
|
Step 3 |
Change to vms user.
|
Step 4 |
Run NSO CLI
|
Step 5 |
Get the branch-cpe name, using the following command:
Example:
|
Step 6 |
Check the deployment summary, using the following command. Replace the branch-cpe name with the name that was identified in step 2.
For example: Example:
The summary displays the problem, if any. In the above example, SYSTEM_IP variable is wrong, because of which ENCS was unable to configure the VNF and was unable to attach the deployed Control plane on MSX. |
Troubleshooting Cisco SD-WAN vEdge Reachability Errors
If there is no connectivity between the deployed vEdge and Cisco SD-WAN Control Plane:
Procedure
Step 1 |
Login to the deployed vEdge and check the status of deployed vEdges.
|
Step 2 |
Check the status of control connection, using the following command:
If nothing shows up in the output, it shows that the vEdge is unable to establish dtls connection to vBond. |
Step 3 |
To check why the connection has not been established, use the following command.
As seen above, the LOCAL ERROR is mostly "DCONFAIL" which means DTLS connection failure. This happens when the vEdge is unable to reach the vBond either due to network connectivity issues or firewall is blocking the DTLS connection. For an understanding of other reachability errors, see the Cisco SD-WAN knowledge base. |