A branch WAN Edge device shows OMP routes as received but traffic to remote VPNs fails intermittently only for specific prefixes. Which root cause is most likely?

In SD-WAN, the control plane (OMP) learns remote VPN prefixes and the transport locators (TLOCs) that can carry traffic to those sites. The data plane then uses TLOC reachability to decide which tunnels to use for forwarding. If OMP shows routes for remote VPNs but traffic to some prefixes fails intermittently, that points to a data-plane issue rather than a control-plane issue. Specifically, inconsistent TLOC reachability means certain uplinks or tunnels are not reliably reachable, so traffic for prefixes that would use those paths is intermittently dropped while other prefixes that can use reachable TLOCs continue to flow. This is why partial data-plane path selection based on fluctuating TLOC reachability is the most likely root cause. Other scenarios don’t fit the symptom as cleanly: a STP change would typically disrupt broader underlay connectivity rather than be limited to specific prefixes; DHCP exhaustion affects IP assignment for clients, not the control-plane route advertisement; a VLAN mismatch would cause broader L2 connectivity problems rather than selective prefix failures.