Troubleshooting guide for Cisco SDWAN control connections
Today I am going to talk about the basic troubleshooting
guide for Cisco Viptela SDWAN. As you guys already knew now how Cisco SDWAN
works and the components used in the SDWAN solution.
It is important to
understand the basic troubleshooting guidelines and make you aware with it for
troubleshooting.
 |
| Fig 1.1- Cisco Viptela SDWAN |
As we know that we have multiple WAN links connected to
vEdge device and to check this you need to check control connections by using
command “show control connections”
The purpose of the command “show control connections” is to
display information about active control plane connections which can be with
vBond, vSmart and vManage.
There might be possible that you face
issue on control connections and the possible reason for that issue are:
Connectivity
issues: DTLS Connection failure,
TLOC disable and Transient conditions
Certificate
issues: Device not added, certificate revoked, Certification verification
failure
DTLS Connection
Failure:
Possible causes:
NH not reachable, Def-GW not installed in RIB, DTLS port not open in the Controllers
Debugging steps: PING
Def-GW, Ping vBond if ICMP is allowed on the vBond, Traceroute to vBond DNS
Address
TLOC Disabled:
Possible causes: Clearing
of Control Connections, Changing the color on TLOC, Change in System IP, Change
in any of the configs mentioned in the system block or in the tunnel properties.
Transient
Conditions
Following are some Transient conditions where the control
connections flap
System-IP change on the vEdge
Tear-down msg. to vBond [control connection to vBond is transient]
Tear-down msg. to vBond [control connection to vBond is transient]
The certificate will be revoked in case of controllers or
vEdge serial number is invalidated
