What is End-to-End Path Tracking?

As we have seen in the previous lessons, Centralized Control Policies allow us to design and configure traffic engineering. To understand what end-to-end path tracking is, let's first look at a simple TE use-case shown in figure 1 below. Suppose that we have a security stack hosted at site-3, and we want to redirect the traffic from Site-1 destined to Site-2 to go through the security stack. To engineer this traffic flow, we need to change the default routing behavior of the SD-WAN fabric, which would be to directly forward the traffic through the tunnel between site-1 and site-2 (T1-T2).

To redirect the traffic from Site-1 destined to Site-2 through Site-3, we need to provision two control policies, one for Site-1, where vEdge-1 is located, and a second one for Site-2, where vEdge-2 is located. The control policy for Site-1 would change the next-hop TLOC for the traffic destined to the vEdge-2 to tloc T3, and the control policy for Site-2 would change the next-hop TLOC for the traffic destined for Site-1 to tloc T3. 

This traffic engineering policy would redirect the traffic from Site-1 destined to Site-2 to go through Site-3, regardless of whether the path between Site-3 and Site-2 is actually available. So when tunnel T3-T2 becomes unavailable, vEdge-1 won't know and will still send the traffic to vEdge-3, which will then drop the traffic because there is no path available toward vEdge-2. Figure 2 below illustrates this problem:

Enabling the End-to-End Path Tracking feature would allow vSmart to monitor the path to the ultimate destination (vEdge-2), and to inform the source router (vEdge-1) when that path between vEdge-3 and vEdge-2 (tunnel T3-T2) is not available. The source vEdge-1 can then remove the path from its route table and route the traffic through the second-best path (tunnel T1-T2).

So in summary - End-to-end path tracking is a feature that specifies how to forward traffic from a source (vEdge-1) to the ultimate destination (vEdge-2) via an intermediate router (vEdge-3). 

---------------------------------------------------
omp route entries for vpn 1 route 172.18.2.0/24
---------------------------------------------------
            RECEIVED FROM:                   
peer            1.1.1.30
path-id         17
label           1004
status          C,I,R
loss-reason     not set
lost-to-peer    not set
lost-to-path-id not set
    Attributes:
     originator       2.2.2.2
     type             installed
     tloc             3.3.3.3, mpls, ipsec
     ultimate-tloc    2.2.2.2, mpls, ipsec -- primary
     domain-id        not set
     overlay-id        1
     site-id          2
     preference       not set
     tag              not set
     origin-proto     connected
     origin-metric    0
     as-path          not set
     community        not set
     unknown-attr-len not set

TLOC Action

End-to-end Path Tracking can be achieved by using four different TLOC action options as you can see in the CLI output below:

vSmart(config-sequence-1)# action accept set tloc-action ?
Description: Action to be taken with ultimate specified TLOC or service
Possible completions:
  backup  ecmp  primary  strict

Strict Option (Default option)

In normal circumstances, the communication between vEdge-1 and vEdge-2 goes through vEdge-3 which is an Intermediate Router. If the overlay tunnel between T3 and T2 goes down, vEdge-1 drops the traffic.

This option is useful in use cases where security (or another network service) is more important than availability. If the traffic could not go through the intermediate router and subsequently through the security stack, it'd better get dropped.

Primary Option

In normal circumstances, the communication between vEdge-1 and vEdge-2 goes through vEdge-3 which is an Intermediate Router. If the overlay tunnel between T3 and T2 goes down, vEdge-1 would forward the traffic directly to Site-2 via tunnel T1-T2.

This option is useful in use cases where availability is more important than security (or another network service). If the traffic could not go through the intermediate router and subsequently through the security stack, it will be forwarded directly through the T1-T2 tunnel without going through the network service.

Backup Option

In normal circumstances, the communication between vEdge-1 and vEdge-2 would not go through the Intermediate Router. If the overlay tunnel between T1 and T2 goes down, vEdge-1 will forward the traffic through the intermediate router.

ECMP Option

In normal circumstances, the communication between vEdge-1 and vEdge-2 would be load-balanced through the Intermediate Router and through the direct tunnel T1-T2 as well. If the overlay tunnel between T1 and T2 goes down, vEdge-1 will continue forwardingtraffic through the intermediate router.

Configuring End-to-End Path Tracking

To demonstrate the End-to-End path tracking feature, we are going to set up a simple topology as shown in figure 8 below:

For a starting point, let's say that all vEdges are configured as shown on the diagram and there is no policy applied on vSmart at all. Router vEdge-1 will advertise the prefix 172.18.1.0/24 with next-hop T1 and vEdge-2 will advertise the subnet 172.18.2.0/24 with next-hop T2. Therefore, the traffic between 172.18.1.0/24 and 172.18.2.0/24 will go through the direct overlay tunnel T1-T2.