SD-WAN OMP and TLOCs

Hello, everyone.

I am studying SD-WAN for ENCOR and I have a question regarding OMP and TLOCs.

I understand that TLOCs consists of 3-tuple of information, which are:

  1. Encapsulation type
  2. Color
  3. System IP

This is where it gets a little confusing. When OMP routing is performed, both OMP and TLOC routes are used, correct?

In other words, like with normal (say BGP) routing, if we received a route for 10.1.1.0/24, there will be some sort of next hop. This next hop is resolved in the routing table so the device knows which interface to use.

It’s somewhat same with OMP, or not? OMP route points to system IP as a next hop (i.e., this route 10.1.0.0/24 is reachable via WAN edge with system IP 12.12.12.12)

show omp

omp route entries for vpn 10 route 10.1.0.0/24

RECEIVED FROM:
peer 12.12.12.12

When the device sees this, it will check the corresponding TLOC route that has a system IP of 12.12.12.12

tloc entries for 10.1.0.0

RECEIVED FROM:

peer            12.12.12.12

status          C,I,R

loss-reason     not set

lost-to-peer    not set

lost-to-path-id not set

    Attributes:

     attribute-type    installed

     encap-key         not set

     encap-proto       0

     encap-spi         256

     encap-auth        sha1-hmac,ah-sha1-hmac

     encap-encrypt     aes256

     public-ip         172.16.10.2

     public-port       12366

     private-ip        172.16.10.2

     private-port      12366

     public-ip         ::

     public-port       0

     private-ip        ::

     private-port      0

     bfd-status        up

     domain-id         not set

     site-id           100

     overlay-id        not set

     preference        0

     tag               not set

     stale             not set

     weight            1

     version           3

This TLOC route also contains the public (or private) IP addresses that the local device can use when sending traffic towards this network.

It gets a little complex, so I have to verify a few things.

  1. A TLOC route and a TLOC is not exactly the same, is it? The route contains more information such as what IP to use while a normal TLOC contains just the 3-tuple
  2. The system IP isn’t an actual routable IP address, right? It’s more of an identifier for the relevant TLOC route
  3. Is the TLOC route used to also build the overlay tunnel? If so, when exactly is it advertised? Considering that OMP has OMP routes, TLOC routes, etc. Are they advertised together, or?

So if I get this right, if there is a route that has 5.5.5.5 as the next hop, the router will check the corresponding TLOC route that has a system IP of 5.5.5.5? Which should contain everything the device needs to establish an overlay tunnel, so things like the public (or private) IPs, etc.

Do the colors need to match on the routers? Say that I decide to color an MPLS circuit as “RED” on the advertising router. The receiving router will eventually receive the TLOC and see “RED” there. If the colors match, would it know that it needs to route the traffic via MPLS? Or how exactly do the colors and exit interfaces work?

Thank you
David

Hello David

I will attempt to respond to each of your questions as best I can.

A TLOC is a logical identifier represented by the 3-tuple that you mention. A TLOC route is the advertised metadata associated with a TLOC, including:

  • Public/private IP addresses (tunnel endpoints)
  • Carrier type (public/private transport)
  • Preference, site ID, and status (e.g., BFD uptime)

TLOC routes resolve how to reach the TLOC’s physical transport interfaces, while the TLOC itself is the identifier.

Correct. The system IP is not a routable address in the underlay. It serves as a stable identifier for the WAN edge router in the overlay. The actual tunnel endpoints are derived from the TLOC route’s public-ip/private-ip fields.

Yes. The TLOC route provides the details needed to build the IPsec tunnel to a peer, such as
public/private IP addresses, ports, BFD session info, encryption parameters,

OMP advertises three types of routes:

  • OMP routes – prefixes (e.g., 10.1.1.0/24) and their associated TLOCs
  • TLOC routes – metadata about the transport locators
  • Service routes – optional routes like NAT, FW, ZBF, etc.

The TLOC routes are advertised before or alongside OMP routes, since you can’t resolve a prefix via a TLOC unless that TLOC is known. So yes, OMP routes and TLOC routes are interdependent and are exchanged between vSmart and vEdge routers via OMP.

Yes, that’s exactly right.

Yes, and no, depending on context. Color is locally configured on interfaces and identifies WAN transport type (e.g., biz-internet, mpls, etc.) When a router advertises a TLOC with color “mpls,” it is saying: “This TLOC is reachable via my MPLS interface.” The receiving router does not need to match the color to receive and interpret the route, but to form a tunnel, the local router must have an interface with the same color. Otherwise, it won’t have a matching underlay path to build the tunnel. So yes, colors guide how SD-WAN maps overlay tunnels to underlay transports.

I hope this has been helpful!

Laz