In order for DPS to work, the following needs to be working.
- Verify the paths are in the
“Estab” or “Estab IPSec” state using “show path-selection paths” command. If
the path is not in established state.
- ARP Pending - Make sure the next-hop to the path destination IP is available.
- Route Pending - Make sure a route to the path destination IP is available through the local interface for the path.
- IPSec Pending - Check IPSec connection with “show ip security connection” or other IPSec related commands between the path’s local interface and the path’s destination.
- If the paths are in Estab
state, verify the paths are active and available using “show monitor telemetry
- If a path is inactive, make sure IP connectivity is working between the path’s source IP/interface and destination IP. Ping the path destination with the path source IP could be one of the ways to verify this. And also, to check the configuration and make sure that the paths are configured symmetrically on both sites.
- Check and make sure there are DPS communications between the source and destination IPs using TCP dump on et100.
- Paths are active but ping
between loopbacks of the two sites is not working. Loopbacks should be
reachable through overlay.
- Check your interface VXLAN1 configuration.
- Check and make sure you have applied a policy with default match to your “vrf default” configuration in DPS.
- Site-to-Site loopback IPs
are reachable but data traffic is not going through.
- Check your EVPN configuration. Make sure the remote routes are in your VRF route table of your sites.
- Make sure your DPS configuration has proper policy, application profile, default match and load-balance profile