Provides information about monitoring service chaining paths and configured services using Cisco SD-WAN Manager and CLI on hub and spoke devices.
View configured services on a hub device
From the Cisco SD-WAN Manager menu, go to and select OMP Services under Device Options to view the configured services.
In Cisco vManage Release 20.6.x and earlier, go to ,and select OMP Services under Device Options to view the configured services.
View service chain path on a spoke device
From Cisco SD-WAN Manager, go to , then enter the destination IP, VPN, and source interface to view the service chain path.
In Cisco vManage Release 20.6.x and earlier, go to , then enter the destination IP, VPN, and source interface to view the service chain path.
Using the CLI:
Use the traceroute command. For information, see the .
Configuring a service device to operate as part of the service chain is called service insertion.
Viewing the service chain path using the CLI
Use the traceroute command. For more information, refer to Cisco Catalyst SD-WAN Command Reference.
Example: view a service chain path between two spoke devices
This example shows how to view the path between two spokes before and after adding a service chain between them by using Cisco SD-WAN Manager or the CLI. It presents a scenario with two spoke devices, a hub device, and a service device that provides firewall service. It also shows how to configure the firewall service chain.
Here are the details for each device in the scenario:
| Device |
Address |
|---|---|
| Hub, through interface ge0/4 |
10.20.24.15 |
| Spoke 1 |
10.0.3.1 |
| Spoke 2 |
10.0.4.1 |
| Service device (firewall service) |
10.20.24.17 |
Configuration of the three devices:
Hub
====
vm5# show running-config vpn 1
vpn 1
name ospf_and_bgp_configs
service FW
address 10.20.24.17
exit
router
ospf
router-id 10.100.0.1
timers spf 200 1000 10000
redistribute static
redistribute omp
area 0
interface ge0/4
exit
exit
!
!
interface ge0/4
ip address 10.20.24.15/24
no shutdown
!
interface ge0/5
ip address 10.30.24.15/24
no shutdown
!
!
Spoke 1
=======
vpn 1
name ospf_and_bgp_configs
interface ge0/1
ip address 10.0.3.1/24
no shutdown
!
!
Spoke2
======
vpn 1
interface ge0/1
ip address 10.0.4.1/24
no shutdown
!
!At this point, no service insertion policy is configured. When you run a traceroute from Spoke 1 to Spoke 2 (10.0.4.1), the output shows a direct path to Spoke 2:
→ Spoke 2 (10.0.4.1)
vm4# traceroute vpn 1 10.0.4.1
Traceroute 10.0.4.1 in VPN 1
traceroute to 10.0.4.1 (10.0.4.1), 30 hops max, 60 byte packets
1 10.0.4.1 (10.0.4.1) 7.447 ms 8.097 ms 8.127 msSimilarly, the Traceroute page in Cisco SD-WAN Manager shows a direct path from Spoke 1 to Spoke 2.
With Service Insertion:The following Cisco SD-WAN Controller policy configures service insertion for a firewall service using the firewall service device described above:
vm9# show running-config policy
policy
lists
site-list firewall-sites
site-id 400
!
!
control-policy firewall-services
sequence 10
match route
site-id 600
!
action accept
set
service FW vpn 1
!
!
!
default-action accept
!
!
vm9# show running-config apply-policy
apply-policy
site-list firewall-sites
control-policy firewall-services out
!
!After you configure service insertion, running a traceroute from Spoke 1 (10.0.3.1) to Spoke 2 (10.0.4.1) shows the updated path:
→ Hub (10.20.24.15) → Firewall service device (10.20.24.17) → Hub (10.20.24.15) → Spoke 2 (10.0.4.1)
Traceroute -m 15 -w 1 -s 10.0.3.1 10.0.4.1 in VPN 1
traceroute to 10.0.4.1 (10.0.4.1), 15 hops max, 60 byte packets
1 10.20.24.15 (10.20.24.15) 2.187 ms 2.175 ms 2.240 ms
2 10.20.24.17 (10.20.24.17) 2.244 ms 2.868 ms 2.873 ms
3 10.20.24.15 (10.20.24.15) 2.959 ms 4.910 ms 4.996 ms
4 10.0.4.1 (10.0.4.1) 5.045 ms 5.213 ms 5.247 msSimilarly, the Traceroute page in Cisco SD-WAN Manager shows each step of the path from Spoke 1 to Spoke 2 through the hub and the firewall service device.