Purpose:

  • This article helps to debug the SLA traffic between both branches to branches and the branches to controllers.

 

 Use cases:

  • To identify the flow of SLA traffic between the SD-WAN devices
  • Isolate the issue when the SLA path is down between the devices.

                

Points to be remembered

  • The SLAM debug needs to be executed on both sides.
  •  As SLA generates more traffic, debug needs to be disabled to avoid the utilization of disk space.

 

Topology:

  • Here, we will use two branches, Branch-01 and Branch-03, as references.

 

Pre-requisites:

Shell

vsh connect vsmd

show vsf tenant all brief >>> to get the tenant-ID

show vsf tunnel branch-table detail | grep -i <remote-branch-name>   >>>>>>>>>> To get the secure tunnel ptvi id

show vsf tunnel access-circuits ptvi <ptvi-id> <tenant-id> detail | grep -i V4UDP     >>>>>To get access circuit which is having issue



Procedure:

On Branch-01


 1) Get the Tenant-ID



2) Get the secure tunnel ptvi-id number

 

 

3)Get the access circuit details using the ptvi and tenant information.



Perform the same on the remote-site (Branch-03).


After getting the information of the tenant-ID, Ackt-ID, remote-site follow the below procedure to enable the debug

Step-1 Enable the packet-trace




Step-2 Set the packet-trace specific to the intended remote-site, which we are debugging.


Note: value for fc_ef=4 and fc_nc=0



Perform the same on the remote site (Branch-03)


Output:

 Branch-01 (Local-site)


 



 

Branch-03(Remote-site)



 Disable the debug (Must)


  • After collecting the logs, please follow the instructions below on both sides to disable the debug.

 

test vsf packet-trace vxlan-transit disable

set sd-wan slam pkt-trace 1 2 105 17 4 0 >>>last value should be ( 0 Disable;1Enable)