Print

VeloCloud SD-WAN 6.4 - Administration Guide - Site Configurations Overview Print

Site Configurations Overview

Topologies for data centers that include a Hub and VeloCloud branch configurations and configured using both MPLS and Internet connections. Legacy branch configurations, those without an Edge, are included, and hub and branch configurations are modified given the presence of the legacy branches.

The diagram below shows an example topology that includes two data center Hubs and different variations of branch topologies interconnected using MPLS and the Internet. This example will be used to describe the individual tasks required for data center and branch configurations. It is assumed that you are familiar with concepts and configuration details in earlier sections of this documentation. This section primarily focuses on configuring Networks, Profile Device Settings, and Edge configuration required for each topology.

Additional configuration steps for traffic redirection, control routing, such as for backhaul traffic and VPNs, and for Edge failover are also included.

Figure 1. Site Configurations Overview

This section primarily focuses on the configuration required for a topology that includes different types of data center and branch locations, and explains the Network, Profile/Edge Device Settings, and Profile/Edge Business Policies required to complete the configurations. Some ancillary configuration steps that may be necessary for a complete configuration – such as for Network Services, Device Wi-Fi Radio, Authentication, SNMP, and Netflow settings – are not described.

Data Center Configurations

An Edge in a data center can act as a Hub to direct traffic to and from branches. The Edge can be used to manage both MPLS and Internet traffic. The Hub in a data center can be configured in a one-arm or two-arm configuration. In addition, a data center can be used as a backup. Datacenter Edge capacity planning must be thoroughly done to enable the datacenter Hubs to handle the number of tunnels, flows and traffic load from branches. Also, the Edge model must be selected accordingly. For more information, consult the Arista Support or Solution Architect team.

The following table describes the various designs with different options, about how Edge can be inserted into the topology:

Table 1. Data Center Design Options
Option Description
Hub 1 Data Center or regional Hub site with Edge deployed in two-arm topology.
Hub 2 Data Center or regional Hub site with Edge deployed in one-arm topology (same interface carries multiple WAN links).
Private WAN link(s) only Site Classic MPLS sites.
Hybrid Site-1 Edge is deployed off-path. Edge creates overlay across both MPLS and Internet paths. Traffic is first diverted to the Edge.
Hybrid Site-2 Edge is deployed in-path as the default gateway. It is always the default gateway. This topology is simpler but makes Edge a single point of failure and may require HA.
Public WAN link(s) only Site Dual-Internet site (one of the links is behind a NAT router).
   
Note: These are some common deployment methods used to explain the concept. The Customer topology may not be limited to these methods.

Configure Branch and Hub

This section provides an overview of configuring Edge in a two-arm configuration.

To configure the Edge in a two-arm configuration, perform the following tasks:
  • Configure and activate Hub 1.
  • Configure and activate the Hybrid Site-1.
  • Enable branch-to-Hub tunnel (Hybrid Site-1 to Hub 1)
  • Configure and activate Public WAN only Site
  • Configure and activate Hub 2
  • Configure and activate Hybrid Site-2

The following sections describe the steps in more detail.

This step helps you understand the typical workflow bringing up Edge at the hub location. The Edge deploys with two interfaces, one interface for each WAN link.

You will use the Virtual Edge as a hub. Below is an example of the wiring and IP address information.

Figure 2. Example Topology

Activating the Virtual Edge in a Default Profile

  1. Log in to the Orchestrator.
  2. The default VPN profile allows the activation of the Edge 500.

Activating Hub 1 Edge

  1. Go to Configure > Edges and add a new Edge. Specify the correct model and the profile. In this example, use the Quick Start VPN Profile.
  2. Go to the hub Edge (DC1-VCE) and follow the normal activation process. If you have the email feature set up, you receive an activation email at that email address. Otherwise, you can go to the Device Setting page to get the activation URL.
  3. Copy the Activation URL and paste that to the browser on the PC connected to the Edge or just select on the Activation URL from the PC browser.
  4. Select Activate.
  5. Now the DC1-VCE data center hub should be up. Go to > Monitor > Edges . Select Edge Overview. The public WAN link capacity is detected along with the correct public IP 71.6.4.9 and ISP.
  6. Go to Configure > Edges and select DC1-VCE. Go to the Device tab and scroll down to the Interface Settings. You see that the registration process notifies the Orchestrator of the static WAN IP address and gateway configured through the local UI. The configuration on the VeloCloud updates accordingly.
  7. Navigate to the WAN Settings section. The Link Type should be automatically identified as Public Wired.

Configure Static Route to LAN Network Behind L3 Switch

Add a static route to the 172.30.0.0/24 subnet through the L3 switch. You need to specify the interface GE3 to use for routing to the next hop. Make sure you enable Advertise so other Edge can learn about this subnet behind L3 switch. For more information, see Configure Static Route Settings.

Configure and Activate Hybrid Site-1

This step helps you understand the typical workflow of inserting the Edge at a Hybrid Site-1. Insert the Edge off-path and the L3 switch redirects traffic to it.

Figure 3. Example Topology for Hybrid Site-1

Configure the Private WAN Link on the Hybrid Site-1 Edge

At this point, you need to build the IP connectivity from the Edge towards the L3 switch.

  1. Go to Configure > Edges , select the Hybrid Site-1-VCE and go to the Device tab and navigate to the Interface Settings section. Configure static IP on GE3 as 10.12.1.1/24 and the default gateway of 10.12.1.2. Under WAN Overlay, select User Defined Overlay. This allows you to define a WAN link manually.
  2. Under WAN Settings, select Add User Defined WAN Overlay.
  3. Define the WAN overlay for the MPLS path. Select the Link Type as Private. Specify the next-hop IP (10.12.1.2) of the WAN link in the IP Address field. Choose the GE3 as the Interface. Select Advanced. Tip: Since the hub has already been set up, set it auto-discover the bandwidth. This branch runs a bandwidth test with the hub to discover the link bandwidth.
  4. Set the Bandwidth Measurement to Measure Bandwidth. This causes the branch Edge to run a bandwidth test with the hub Edge in the same manner as the Gateway.
  5. Validate that the WAN link is configured and save the changes.

Configure Static Route to LAN Network Behind L3 Switch

Add a static route to 192.168.128.0/24 through the L3 switch. You need to specify the Interface GE3. Make sure you enable the Advertise so the other Edges learn about this subnet behind L3 switch.

Enable Branch to Hub Tunnel (Hybrid Site-1 to Hub 1)

Next, build the overlay tunnel from the branch into hub. Note that at this point, you may see that the link is up but this is the tunnel to the Gateway over the Internet path and not the tunnel to the hub. And, then enable Cloud VPN to enable the tunnel from the branch to the hub to be established.

Enable Cloud VPN and Edge to Hub Tunnel

  1. Go to the Configure > Profiles , select Branch VPN Profile and go to the Device tab. Under VPN Service, enable Cloud VPN and do the following.
    • Enable Branch to Hub Site (Permanent VPN).
    • Enable Branch to Branch VPN (Transit & Dynamic) and Hubs for VPN.
    Enabling Hubs for VPN deactivates the data plane through the Gateway for Branch to Branch VPN. The Branch to Branch traffic first transits one of the Hubs in the order you specify while the direct Branch to Branch tunnel establishes the connection. Enable Hubs Designation Edit Hubs. Next, move the DC1-VCE to the right. This designates the DC1-VCE to be a Hub. Select the DC1-VCE in the Hubs, and select both Enable Backhaul Hubs and Enable Branch to Branch VPN Hubs. Use the same DC1-VCE for both Branch to Branch traffic and to Backhaul Internet traffic to the Hub. Under the Cloud VPN section, DC1-VCE now shows as both Hubs and used for Branch to Branch VPN Hubs.
  2. At this point, the direct tunnel between the branch and the Hub Edge activates. The debug command now also shows the direct tunnel between the branch and the Hub.

Configure and Activate Public WAN only Site

Create a Public WAN only Site – a dual Internet site with one DIA and one broadband. The example topology displays the wiring and IP address information. The Public WAN only Site-VCE Edge LAN and activate the Edge. No configuration required on the WAN because it uses DHCP for both WAN interfaces.

Configure and Activate Hub 2

Configure the Steer by IP address commonly used in one-arm hub deployments. The example topology displays the wiring and IP address information. With one-arm deployment, the same tunnel source IP can be used to create overlay over different paths.

Figure 4. Example Topology for a Hub

Configure the Hub 2 Edge to Reach the Internet

  1. Connect a PC to the Edge and use the browser to point to http://192.168.2.1.
  2. Configure the hub Edge to reach the Internet by configuring the first WAN interface, GE2.
    Figure 5. Configuring the WAN Interface

Add the Hub 2 Edge to the Orchestrator and Activate

In this section, create the second hub Edge, called DC2.VCE.
  1. On the Orchestrator, go to Configure > Edges , select New Edge to add a new Edge.
  2. Go to Configure > Edges , select the Edge that you just created, then navigate to the Device Tab to configure the same Interface and IP configured in the previous step. Because the configuration deploys the Edge in one-arm mode (same physical interface, but multiple over tunnels created from this interface, it is important to specify the WAN Overlay as User-Defined.
  3. At this point, you need to create the overlay. Under WAN Settings, select Add User Defined WAN Overlay.
  4. Create an overlay across the public link. In the example, use the next-hop IP of 172.29.0.4 to reach the Internet through the firewall. The firewall has a configuration to NAT the traffic to 209.116.155.31.
  5. Add the second overlay across the private network. In this example, specify the next-hop router 172.29.0.1 and also specify the bandwidth since this is the MPLS leg and DC2-VCE is a hub. Add a static route to the LAN side subnet, 172.30.128.0/24 through GE2.
  6. Activate the Edge. After the activation is successful, return to the Device tab under the edge level configuration. Note the Public IP field is now populated. You should now see the links in the Monitor > Edges, under the Overview tab.

Add the Hub 2 Edge to the Hub List in the Branch VPN Profile

  1. Go to Configure > Edges and select the profile Quick Start VPN.
  2. Go to the Device tab and add this new Edge to a list of hubs.

Configure and Activate Hybrid Site-2

This step helps you create a Hybrid Site-1 – a hybrid site, which has the Edge behind CE router as well as Edge being the default router for the LAN. Below is an example of the wiring and IP address information for each hardware.
Figure 6. Example Topology for Hybrid Site-2

Connect a PC to the Edge LAN or Wi-Fi and use the browser to point to http://192.168.2.1.

For more information on activation of Edges, see Activate Edges.

..