I have a setup with two VPNCs in a cluster. The branch 9004 is forming an Internet and LTE tunnel to VPNC2 and the MPLS tunnel to VPNC1. This is done by the Orchestrator. The issue is that only VPNC2 is advertising routes from the data center over the Internet and LTE tunnels. VPNC1 is not advertising any routes except local IP addresses to the VPNC. In Dynamic Path Selection, I am trying to prefer the MPLS tunnel for traffic to the data center, but since VPNC1 is not advertising the routes, all traffic is flowing over the Internet tunnel. How do I get VPNC1 to advertise routes via the MPLS tunnel so the preferred traffic pathing works?
Topology:
VPNC1:
OAP Status
Admin State: UP
Oper State: UP
Master: 127.0.0.1:24400
Channel: CONNECTED
Serial: CNP4KLB023
MAC: 28:de:65:a5:d4:b3
Site ID: 28:de:65:a5:d4:b3
Tunnel If: tsgw
Graceful-restart-timer : 86400 seconds
Channel UP since: Wed 2024-10-02 23:02:01 IST
Channel Down count: 11
Learnt Routes: 5
Advertised Routes: 2
Tunnels: 2
Keepalive sent: 59818
Keepalive received: 66010
Keepalive pending: 0
PCM Gen ID IPv4: 1726627298787033
Peak Routes IPv4: 5 at Wed 2024-09-18 09:59:50 IST
Peak Tunnels: 2 at Wed 2024-10-02 11:08:28 IST
VPNC2:
OAP Status
Admin State: UP
Oper State: UP
Master: 127.0.0.1:24400
Channel: CONNECTED
Serial: CNP4KLB04N
MAC: 28:de:65:a5:db:1b
Site ID: 28:de:65:a5:db:1b
Tunnel If: tsgw
Graceful-restart-timer : 86400 seconds
Channel UP since: Wed 2024-10-02 23:02:04 IST
Channel Down count: 13
Learnt Routes: 5
Advertised Routes: 16
Tunnels: 9
Keepalive sent: 59856
Keepalive received: 66657
Keepalive pending: 0
PCM Gen ID IPv4: 1726627298772384
Peak Routes IPv4: 5 at Wed 2024-09-18 09:59:50 IST
Peak Tunnels: 10 at Wed 2024-10-02 11:08:28 IST
The route tables on the VPNCs are exactly the same, with both supposed to redistribute overlay, connected and static.
Route table on the branch gateway:
COMMAND=show ip route
Codes: C - Connected, O - OSPF, IA - OSPF Inter Area, E1 - OSPF External Type 1, R - RIP
E2 - OSPF External Type 2, N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
B I - BGP Interior, B E - BGP Exterior, S - Static
U - BGW Peer Uplink, M - Management, Ru - Route Usable, * - Candidate Default
V - RAPNG VPN/Branch, I - Crypto-Cfgset, N - Not Redistributed, Bc - Cloud Overlay Protocol
S* 0.0.0.0/0 [50/10] via 10.68.152.181
[50/10] via 192.168.1.1
Bc 172.31.0.0/23 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 192.168.0.0/16 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
I 10.10.0.2/32 [70/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-mpls_mpls
Bc 10.254.76.19/32 [90/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-mpls_mpls
Bc 10.254.76.3/32 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.29.5.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 10.133.0.0/16 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
C 10.10.1.3/32 is directly connected, VLAN4000
Bc 172.31.33.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
C 192.168.1.0/24 is directly connected, VLAN4094
Bc 192.168.5.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.33.250.0/24 [90/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-mpls_mpls
Bc 10.0.0.0/8 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
I 10.254.76.1/32 [70/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-mpls_mpls
Bc 172.16.250.0/24 [90/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-mpls_mpls
I 10.10.0.1/32 [70/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[70/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 10.254.76.8/29 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
S 192.168.214.38/32 [50/10] via 10.68.152.181
C 172.33.85.1/32 is directly connected, VLAN1
S 192.168.208.38/32 [50/10] via 10.68.152.181
C 10.133.85.0/29 is directly connected, VLAN4093
C 172.33.85.0/24 is directly connected, VLAN1
Bc 10.254.76.11/32 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.16.0.0/12 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
C 172.16.85.0/24 is directly connected, VLAN2
I 185.50.100.11/32 [70/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[70/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 10.254.76.16/29 [90/10] ipsec map data-vpnc-28:de:65:a5:d4:b3-mpls_mpls
Bc 10.254.76.0/29 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.33.5.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.33.1.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.33.2.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
Bc 172.33.3.0/24 [90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-lte_lte
[90/20] ipsec map data-vpnc-28:de:65:a5:d4:b3-boyle_inet_inet
C 10.68.152.180/30 is directly connected, Loopback
=== Troubleshooting session completed ===