Cisco catalyst SD-WAN IOS-XE Cloud based Controllers

israr · ‎10-29-2024

I have 3 different Internet service providers which are connecting to my transport side as VPN 0 on dual WAN Edge (8300) and some internet based application devices inside like email server and firewall etc., which are having 3 different routable IPs with respect to ISP. now tell me how should I route the traffic for outbound and Inbound. DIA or Route Leaking.

balaji.bandi · ‎10-29-2024

Its all depends on the requirement, in SD-WAN all possibiltties there.

If you like all the traffic to go via your Hub, then it uses all traffic using that path.

If you like to use only traffic going to Hub based on the prefix and rest all you like to go internet that is possible,

there are different use cases :

https://www.cisco.com/c/m/en_uk/solutions/enterprise-networks/sd-wan/five-use-cases.html

Look at some design use cases :

https://community.cisco.com/t5/networking-knowledge-base/sd-wan-community-resources/ta-p/4604647

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎10-29-2024

Sorry can you draw topolgy

Thanks

MHM

israr · ‎10-30-2024

Hi @balaji.bandi @MHM Cisco World

Thanks for the response.

I do not have any problem with branch connectivity from the hub. I need help in Internet connectivity routing. As mentioned in diagram there are 3 internet ISPs terminating on a dual SDWAN router with /29 routable IPs for Transport VPN 0 and similarly /28 series IPs for Internet base devices on inside, each having 3 different public IPs with respect to ISPs.

Does configuring DIA do enough to handle inbound and outbound traffic?

Please also suggest running vrrp is a good option to go for ISP load balancing.

balaji.bandi · ‎10-30-2024

Does configuring DIA do enough to handle inbound and outbound traffic?

what kind of Traffic, is this one going to Internet or going to Corporate network. as i mentioned you make decision what traffic to send to Hub and what traffic need to leave directly internet using different ISP Links.

Please also suggest running vrrp is a good option to go for ISP load balancing.

If configured Edge router and colors correctly then Edge routers able to do the Load-share

If you like you can also run VRRP, but personal i make it simple rather complicated over engineering where not required.

I am not sure Lan side single switch or multiple (stack) that is single point of failure .

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

israr · ‎10-30-2024

Hi @balaji.bandi

what kind of Traffic, is this one going to Internet or going to Corporate network. as i mentioned you make decision what traffic to send to Hub and what traffic need to leave directly internet using different ISP Links.

going to internet only.

If configured Edge router and colors correctly then Edge routers able to do the Load-share

You mean public colors will handle load-sharing? Let's say in this case I have 3 Internet ISPs, so if color is like following, so does outbound connection load share

biz-internet for ISP 1

public-internet for ISP 2

Gold for ISP 3

MHM Cisco World · ‎11-04-2024

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/sdwan-dia-deploy-2020aug.pdf

review this doc. in appendix there are example check """Dual-Router Dual-Internet Model"""

MHM

israr · ‎11-18-2024

Hi @MHM Cisco World

I have gone through the document and seen that the firewall is directly terminating on the Internet. In my case, the firewall is behind the WAN Edge router and has a public IP. Just need to know, can I configure a public IP on service-side vpn in SDWAN like in VPN1, where we normally configure local IPs?