EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USData Traffic across Private WANs
Data Traffic across Private WANs
Now let’s suppose that your vEdge router is connected to Private network such as MPLS, Meto Ethernet, and let suppose that carrier hosting private network is not advertising router IP address to remote vEdge router which are on same private network at different sites. In this situation all remote site will not be able to exchange data traffic via Private network.
So to solve one solution was that, remote routers must route data traffic through local NAT over internet to vBond Orchestrator, which further provides routing information to direct the traffic to destination. But this solution add very much overhead for data traffic to reach to destination because vBond may be located very far distance from two vEdge routers which may be connected at DMZ.
To allow vEdge routers which are present on different Overlay network on private network to exchange data traffic directly using private IP address, there is requirement to configure WAN interface in same private colors.
Exchange Data Traffic within a Single Private WAN
Let’s see below, topology where two vEdge are connected to same private WAN, and is directly connected to PE routers of MPLS carrier provider Cloud. And if we want both router to communicate each other via private IP address, it needed specific configuration due to the following reasons:
- The vEdge routers are in different sites with different site IDs.
- The vEdge routers are directly connected to the PE routers
- The MPLS carrier does not advertise the link between the vEdge router and its PE router
Here, Interface directly connected to WAN are not used for data traffic, instead loopback interface is used to handle data traffic. This Loopback interface is source for DTLS connection and IPsec Connection and TLOC is created for it and it acts as transport interface and is in VPN 0.
To communicate over Private WAN , Set the interface color with Private WAN nomenclature.
vedge-1(config)# vpn 0
vedge-1(config-vpn-0)# interface loopback1
vedge-1(config-interface-loopback1)# ip address 172.16.255.25/32
vedge-1(config-interface-loopback1)# tunnel-interface
vedge-1(config-tunnel-interface)# color mpls
vedge-1(config-interface-tunnel-interface)# exit
vedge-1(config-tunnel-interface)# no shutdown
vedge-1(config-tunnel-interface)# commit and-quit
vedge-1# show running-config vpn 0
...
interface loopback1
ip-address 172.16.255.25/32
tunnel-interface
color mpls
!
no shutdown
!
On vEdge-2, you configure a loopback interface with the same tunnel interface color that you used for vEdge-1:
vedge-2# show running-config vpn 0
vpn 0
interface loopback2
ip address 172. 17.255.26/32
tunnel-interface
color mpls
no shutdown
!
Now data to actually allow out the WAN interface , you bind the loopback interface to a physical interface that connect to private network.
Here is the situation , where you don’t need any special configuration
• vEdge-1 and vEdge-2 both are configured with the same site ID.
• vEdge-1 and vEdge-2 are in different sites, and are connected to a CE router
• vEdge-1 and vEdge-2 are in different sites, connected to the PE router in the MPLS cloud, and the private network carrier advertises the link between the vEdge router and the PE router in the MPLS cloud.
• vEdge-1 and vEdge-2 are in different sites, communication is being done using their public IP addresses
Exchange Data Traffic between Two Private WAN
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.