Go to course home
Site Configurations & Topologies

For data centers, there are topologies that include an SD-WAN Hub and VMware branch setups that use both Internet and MPLS connections. There are legacy branch setups that don’t have an SD-WAN Edge. These are included, and the hub and branch configurations are changed to allow for them.

The picture below shows an example of a layout with two data center hubs, different types of branch topologies, and MPLS and the Internet connecting them. This example will show the different jobs that need to be done for setting up a data center or a branch. You should already know about the ideas and setup details in earlier parts of this documentation. This part is mostly about setting up the Networks, Profile Device Settings, and Edges that are needed for each topology.

There are further additional configuration stages for Edge failover, control routing (e.g., for backhaul traffic and VPNs), and traffic redirection.

This part largely focuses on the configuration that is necessary for a topology that incorporates a variety of data center and branch locations. It also provides an explanation of the Network, Profile/Edge Device Settings, and Profile/Edge Business Policies that are necessary to finish the setups. There are certain ancillary setup stages that are not discussed, such as those for Network Services, Device Wi-Fi Radio, Authentication, SNMP, and Netflow settings. These steps may be required for a comprehensive configuration.

Configurations of Data Centers

A data center’s SD-WAN Edge might serve as a hub to route traffic to and from branches. Both MPLS and Internet traffic can be managed by the SD-WAN Edge. One or two arms can be used to configure the Hub in a data center. A data center can also be utilized as a backup. To enable the datacenter Hubs to accommodate the number of tunnels, flows, and traffic load from branches, careful datacenter Edge capacity planning is required. Additionally, the Edge model needs to be chosen appropriately. Speak with the VMware Support or Solution Architect team for additional details.

A variety of designs, each with its own set of possibilities for incorporating SD-WAN Edge into the topology, are detailed in the table below:

 

Option

Description

Hub 1

The data center or regional hub site uses a two-arm topology to install the SD-WAN edge.

Hub 2

One-arm topology means that the SD-WAN Edge is set up in a data center or regional hub site, and the same interface holds multiple WAN links.

Private WAN link(s) only Site

The initial MPLS sites.

Hybrid Site-1

Deploying SD-WAN Edge is done off-path. Overlay is created between MPLS and Internet channels by SD-WAN Edge. First, traffic is rerouted to the SD-WAN Edge.

Hybrid Site-2

As the usual gateway, SD-WAN Edge is set up in the path. It is always the route that is used. This structure is easier to understand, but SD-WAN Edge has only one point of failure, so it might need HA.

Public WAN link(s) only Site

Two-site Internet (one link is protected by a NAT router).

 

These are some common ways that release is used to explain the idea. These are just a few of the ways that the Customer topology could work.

 

Set up the Hub and Branch

This part gives you an overview of setting up SD-WAN Edge in a two-arm configuration.

Summary

In order to configure up the SD-WAN Edge with two arms:

  • Configure and turn on Hub 1.

    Configure and turn on Hybrid Site-1.

  • Enable the hybrid site-1 to hub 1 branch-to-hub tunnel.
  • Configure and turn on the public WAN-only site.
  • Configure and turn on Hub 2.
  • Configure and turn on Hybrid Site-2.

The steps are explained in more detail in the sections that follow.

Configure and Turn on Hub 1

By completing this phase, you will gain a better understanding of the normal workflow involved in bringing up SD-WAN Edge at the hub address. Two interfaces are used in the deployment of SD-WAN Edge, with one interface being used for each WAN link.

The Virtual Edge will serve as your hub. An illustration of the IP address information and wiring is shown below.

Turn on the Virtual SD-WAN Edge in the Default Profile

  • Use the SD-WAN Orchestrator to log in.
  • The SD-WAN Edge 500 can be turned on with the usual VPN profile.

Turn on SD-WAN Edge Hub 1

  • To add a new SD-WAN Edge, select Configure > Edges. Please indicate which model and profile you are using (we use the Quick Start VPN Profile).
  • Follow the normal setup steps at the hub SD-WAN Edge (DC1-VCE). If you already have the email function set up, you will get an activation email at that address. If not, you can get the activation URL from the device settings page.
  • On the PC that is linked to the SD-WAN Edge, copy the activation URL and paste it into the browser. You can also just click on the activation URL from the PC browser.
  • Then click the “Activate” button.
  • The DC1-VCE data center hub ought to be operational now. Go to Edges > Monitor. Select the tab for Edge Overview. Together with the right public IP address (71.6.4.9) and ISP, the capacity of the public WAN link is detected.
  • Pick out DC1-VCE under Configure > Edges. Scroll all the way down to the Interface Settings on the Device tab.
  • As you sign up, the SD-WAN Orchestrator will be told about the static WAN IP address and port that were set up in the local interface. The VMware settings will be modified according to this.
  • The WAN Settings area can be found by scrolling down. It is expected that the Link Type will be automatically identified as Public Wired.

Set up the Hub 1 SD-WAN Edge’s Private WAN Link.

  • From the SD-WAN Orchestrator, configure the private MPLS Edge WAN interface directly. Select DC1-VCE under Configure -> Edges. Navigate to the Device tab and select the Interface Settings section by scrolling down. Set the default gateway to 192.31.2.2 and the static IP address to 192.31.2.1/24 on GE3. Choose User Defined Overlay under WAN Overlay. In the following stage, this will enable us to manually define a WAN link.
  • Click the Add User Defined WAN Overlay button under WAN Settings.
  • Set up the MPLS path’s WAN layer. In the IP Address box, type 192.31.2.2, which is the next-hop IP address of the WAN link. Choose “Private” as the Link Type. Choose the GE3 as the way to connect. Then click the “Advanced” button.

As a general rule, the hub site has more traffic than the branches. You should always set the WAN bandwidth for the hub site by hand. You can do this in the advanced settings.

  • The bandwidth for the private wide area network is chosen in the advanced settings.
  • Make sure the WAN link is configured correctly, then save the changes.

You’re done configuring the SD-WAN Edge on the hub. You won’t be able to see the new User Defined MPLS layer until you turn on a branch SD-WAN Edge.

Setup a Static Route to the Local Area Network (LAN) Behind the L3 Switch

Through the L3 switch, insert a static route that will take you to the 192.30.0.0/24 subnet. In order to route to the next hop, you are need to specify the interface GE3 that will be used. Ensure that the Advertise checkbox is activated so that other SD-WAN Edges can acquire knowledge about this subnet that is located behind the L3 switch.

Set up and turn on Hybrid Site-1.

This step helps you understand how to add the SD-WAN Edge to a Hybrid Site-1 in a standard way. The SD-WAN Edge is put in a way that isn’t on the path, and it depends on the L3 switch to send data to it. The wiring and IP address details can be seen below.

Set up the Hybrid Site-1 SD-WAN Edge’s Private WAN Link.

The IP communication from the SD-WAN Edge to the L3 switch needs to be built at this stage.

  • Select the Hybrid Site-1-VCE under Configure > Edges, then click the Device tab and travel down to the Interface Settings section. Set the default gateway to 10.12.1.2 and the static IP address to 10.12.1.1/24 on GE3. Choose User Defined Overlay under WAN Overlay. As a result, a WAN link can be manually defined.
  • Click Add User Defined WAN Overlay under WAN Settings.
  • Set up the MPLS path’s WAN layer. The Link Type should be set to “Private.” In the IP Address field, type in 10.12.1.2 as the next-hop IP address for the WAN link. The GE3 should be chosen as the interface. Then click the “Advanced” button. You can let the hub automatically find the speed since it has already been set up. This branch will test the hub’s bandwidth to find out how fast its link is.
  • The Bandwidth Measurement should be set to the Measure Bandwidth setting. This will result in the branch SD-WAN Edge conducting a bandwidth test with the hub SD-WAN Edge, which is analogous to the process that occurs when it connects to the SD-WAN Gateway.
  • Verify the configuration of the WAN link and save the modifications.

Configure a Static Route to the Local Area Network (LAN) Behind the L3 Switch

Through the L3 switch, establish a static route to 192.168.128.0/24. The Interface GE3 must be specified. To make sure that other SD-WAN Edges are aware of this subnet behind the L3 switch, you need enable the Advertise checkbox.

Branch to Hub Tunnel (Hybrid Site-1 to Hub 1) should be turned on

In this step, you’ll build the tunnel that goes from the branch to the hub. You may see that the link is up at this point, but this is only the tunnel to the SD-WAN Gateway over the Internet. It is not the tunnel to the hub. For the connection to be built from the branch to the hub, Cloud VPN will need to be turned on.

Building the tunnel from the branch into the hub is now possible.

Cloud VPN and Edge to SD-WAN Hub tunnel should be turned on.

  • Select Branch VPN Profile from the list of profiles under Configure > Profiles. Then, go to the Device tab. Turn on the Cloud VPN under VPN Service and then do the next steps.
  • Check the box next to Enable under Branch to Hub Site (Permanent VPN).
  • Check the box next to Enable under Branch-to-Branch VPN (Transit & Dynamic).
  • Make sure that the Hubs for VPN checkbox is selected under the Branch-to-Branch VPN (Transit & Dynamic) heading. By carrying out this action, the data plane that is connected to the SD-WAN Gateway for Branch-to-Branch VPN will be deactivated. Prior to the establishment of the direct Branch to Branch tunnel, the traffic from Branch to Branch will initially pass through one of the Hubs, which will be included in the ordered list that you will describe in the following passage.

Locate the Hubs Designation option and then click on Edit Hubs. The DC1-VCE must then be shifted to the right. The DC1-VCE will then be marked as an SD-WAN Hub. Navigate to the Hubs section, find the DC1-VCE, and then enable the backhaul and branch-to-branch VPN hubs by clicking on the corresponding buttons. For both internal and external Internet traffic backhauling to the hub, we will be using the same DC1-VCE. The DC1-VCE is now listed under the Cloud VPN section as both an SD-WAN hub and a VPN hub utilized for branch-to-branch connections.

  • The direct tunnel between the branch and the Hub SD-WAN Edge ought to appear at this point. The direct tunnel between the branch and the Hub is now displayed by the debug command as well.

    Membership Required

    This Course and partial content under every lesson is restricted for Members Only. You must be a member to fully access this Course / Lesson content. You can still preview partially visible text content by using "Preview" tab for Every Lesson.

    View Membership Levels

    Already a member? Log in here

    No Attachment Found
    No Attachment Found
    Previous
    Next
Copyright © 2024 NetworkWords. All rights reserved.