The configuration of a WAN overlay can be set to either Auto-Detect or User Defined. Through the default configuration, every routed interface is configured to Auto-Detect the tunnel.
If Auto-Detect is set to “on,” once an IP address is given to a routed interface with an assigned IP address, it will send a tunnel initiation packet to the closest VMware SD-WAN Gateway that the Orchestrator assigns. If the tunnel initiation packet gets to the Gateway, it will respond & the tunnel will be created automatically & will further be reported to the orchestrator.
If the WAN overlay stays the default for all interfaces (auto-detect), there will be no tunnel formed on the interface that faces the LAN switch in the above topology. The tunnel will be built immediately as a public overlay over the MPLS network if the MPLS can connect to the Internet or if the tunnel initiation packet can get to the Gateway from the MPLS. This is not a desired behaviour because the Edge won’t be able to tell the difference between the private and public overlays.
If a site doesn’t have any public WAN overlays and needs to use the MPLS link as a WAN overlay to connect to the gateway, make sure that the configuration setting of “SD-WAN Service Reachable” is checked. You can only use this choice if the WAN overlay is User Defined.
Please make sure that the MPLS network has the appropriate routing configured for all of the Public SD-WAN Addresses at the time that you are using the “SD-WAN Service Reachable” option. This will ensure that these addresses can be reached through the MPLS network.
The Most Important Points: To ensure that this topology behaves in the appropriate manner:
- The WAN Overlay setting should be configured for User Defined Overlay for an interface that only uses an MPLS link.
- If a site doesn’t have any public WAN overlays and needs to use the MPLS link as a WAN overlay to connect to the gateway, make sure that the “SD-WAN Service Reachable” option is checked.
- For an interface that does not require the WAN Overlay, such as one that faces the LAN, the WAN overlay checkbox should be unchecked. This interface will solely manage traffic that does not include tunnels.
- Check the WAN Overlay checkbox for an interface that has a WAN overlay and is also used to deliver traffic to the LAN side, for example – an off-path insertion design.
WAN Overlay Options
- One overlay for each Physical Interface
The hybrid wide area network branch seen above is an example of a basic topology. Two WAN interfaces, one public and one private, are terminated by the Gateway. It is important to note that the Edge has the capability to directly terminate the MPLS interface if it is Ethernet (copper or fiber). Within this particular instance, the physical interface and the WAN overlay are connected in a manner that is exactly one-to-one as well. There is also the possibility of configuring the physical interface itself to support 802.1Q. Each and every piece of networking information, such as the IP address, the next hop, and the VLAN ID, is passed down to the WAN overlay that is tied to the interface.
- Multiple Overlays per Physical Interface
In this topology, the Edge terminates only ONE physical link. However, there is an upstream switchport that is configured as a trunk to send various VLANs with different 802.1Q tags to the Edge. This is what most service providers (SP) do when they choose to send both MPLS and Internet over the same physical interface.
Those who already know a lot about Cisco or Juniper routers might find this part hard to understand. You always connect the tunnel source to an interface or a sub-interface on a router. With an SD-WAN Edge, that’s not the case.
The WAN overlay only needs to be linked to a physical interface from the Edge configuration point of view. The WAN overlay has an extra configuration area where you can set the IP address, next-hop, and VLAN ID if they are different from the physical interface that the WAN overlay is connected to.
Let’s say this is a GE3 link. Over this link, the SP gives out two VLAN IDs, 98 and 99. For both public and private networks, we need to configure the right WAN overlay.
