SD-WAN VeloCloud Network Migration
SD-WAN VeloCloud Network Migration
In this topic we will see how a traditional WAN is transformed to SD-WAN , what are all step by step procedure that is to be used for SD-WAN network Migration. Let see how the topology looks like before SD-WAN migration.
In this above topology, Branch 1 is connected to MPLS and one legacy site is also connected to MPLS. Two DC which are also connected to MPLS and Internet and also to each other via DCI link.
- Two identical active/standby DCs with DCI
- Branch 1 will eventually replace CE with SD-WAN but no change to MPLS circuit
Step 1: Add HUB VCE and activate in DC1 & DC2
- Activate the hub VCE and enable BGP with the L3 switch, by doing this this HUB will be managed by Orchestrator and will peer with Global gateway for Control plane. It will build the tunnel with gateway and start running BGP with L3 switch in DC.
- Best practice: When you start, filter the BGP routes from SD-WAN toward your network, so that you start learning any prefixes but do not inject in DC network until all SD-WAN is ready.
Step 2: Add Branch VCE and Activate
Activate the branch VCE and enable BGP with L3 switch, by doing so Branch VCE will form the SD-WAN overlay tunnel to DC1 and DC2 HUB VCE via internet link
Step 3: Building the overlay tunnel and enable routing at branch
- Once Routing at branch is enabled, Overlay built between all the VCEs
- Now Enable BGP on the VCE and disable between L3 SW and CE also From Branch VCE make the MPLS neighbor as Uplink neighbor.
By making MPLS router as BGP neighbor on VCE , all prefix advertised by branch to MPLS will be tagged to uplink community TAG so it can be easily identified that those are prefixes coming from SD-WAN site but can be later used to filter out if required.
Now once done, let’s understand How Prefixes are learned in DC. We will refer this via below figure and will discuss pint wise.
- VCE at DC1 will learn the Prefix from Its own DC1 LAN
- VEC will learn the Prefix from DC2 LAN
- VCE will learn Prefix from Traditional MPLS CE site
- Prefix from DC1 and DC2 will be advertised and will be tagged by BGP uplink community.
- HUB VEC will learn the Prefix from BR1
- The BR1 Prefix Learned by HUB VCE will be advertised to MPLS underlay, because if Branch MPLS goes down, the DC1 acts as back path to legacy MPLS sites to reach to BR1, also this Prefix has longer AS path so it will be any ways used as Backup.
- HUB VCE will block the BR1 prefix learned by MPLS, as it is tagged with BGP uplink community because the rule is BR1 should be reachable by overlay not by underlay.
Now let’s understand how Branch 1 will learn the Prefixes. Here also we will talk what prefix branch learned based on below figure.
- Legacy prefix from MPLS but as it is tagged to uplink will not redistributed to Overlay.
- Prefixes from MPLS will be sent via SD-WAN overlay to branch 1 but as it has longer AS path as backup
- Branch will drop the Prefix of DC1 and DC2 as it is SD-WAN prefix tagged with community learned via MPLS
- Branch will accept prefix of DC1 and DC2 as it is SD-WAN sites
- Branch 1 will send or advertise its prefix towards SD-WAN overlay
- Branch 1 will also send the its prefix from MPLS by tagging it as BGP uplink community
- Branch1 will block its own prefix coming from MPLS to avoid loop.
- Prefixes from SD-WAN sites should be dropped
- Branch will learn the same MPLS prefix from both underlay and overlay
- Remember uplink feature, it helps the branch distinguish that this MPLS prefixes are not owned by the hub Thus, it is less preferred through the overlay
Now once the prefix has been advertised and received we will see how End to end traffic will flow by building the overlay tunnel.
- Traffic to legacy site takes MPLS directly
- Traffic to other SD-WAN sites take overlay
Step 4 End State: Replace CE Router, as per below figure
- You can now safely decommission CE router
- Move the circuit to the VCE
- Use Uplink feature to allow VCE to differentiate between local and remote prefixes
- Always validate traffic flow with a test site prior to rolling actual sites
- Do not overcomplicate the traffic flow if not necessary
How SD-WAN Migration can be made be very simple:
By using the right Feature sets and method we can make the SD-WAN Migration very simple. Below figure explains the way in very simple manner.
What Routing Protocol to use:
BGP is a better protocol to use with SD-WAN
- Policy tuning, e.g. AS-path, Local pref, community are carried across the overlay
- Prefix advertised into the underlay coming back through the overlay from another SD-WAN site
Hybrid Sites Routing Options:
Below figure provides, Hybrid Sites Routing Options:
BGP Support on VCE
Below figure explains how BGP provides supports to VCE.
- Support on L3 (routed) primary port,sub-interface, and VLAN interface
- Routes learned from SD-WAN overlay are redistributed into BGP
- BGP attributes –AS-PATH, community, local-pref, and MED are preserved across overlay and used for SD-WAN endpoint selection