Solved: Re: Determining the Default Route for Accessing vBond with Multiple IF

yutashimamura2920 · ‎11-22-2024

When an SD-WAN Router establishes a Control Connection with vManage or vSmart, it first creates a DTLS session with vBond.

If the SD-WAN Router has two Colors/Interfaces, private1 and public-internet, and each has its own default route, how is the interface used to access vBond determined?

In simpler terms, when there are multiple default routes (e.g., private1 and public-internet), how does the router decide which default route to use for accessing vBond?

Kanan Huseynli · ‎11-23-2024

Hi,

in SD-WAN logic is a bit different than traditional. Each interface must have its own route (most commonly, default route) towards controllers. One interface can't use another interface's next-hop. Hence, it uses default-route via next-hop within interface subnet.

Suppose, interface_A 100.100.100.1/30 , default route to 100.100.100.2 and router has interface_B with 100.100.101.1/30 without explicit route. The interface_B will not able to make control connection to controllers, DCONFAIL will happen which means dtls connections fails to establish. And the reason is routing in the underlay (= no route within interface_B).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

MHM Cisco World · ‎11-22-2024

Most commonly, a default route is defined via each WAN interface, as illustrated in figure 2. Therefore, if a vEdge router has five WAN connections, we can configure five default routes 0.0.0.0/0 via each WAN link. This is a common point of confusion for network engineers. How does a router choose which default route to use at any time?

In Cisco SD-WAN, when multiple default routes exist, the one that is chosen depends on the local TLOC that will be used. When the overlay routing decides to use a particular IPsec tunnel, the underlay routing uses the default route with a next-hop IP address in the same subnet as the tunnel source IP address. If we look at figure 3, for example, when vEgde1 decides to forward traffic over the orange IPsec tunnel, it uses the default route that points to a next-hop IP address in the same subnet as the source interface IP (ge0/0).

from https://www.networkacademy.io/ccie-enterprise/sdwan/underlay-vs-overlay-routing

MHM

Kanan Huseynli · ‎11-23-2024

Hi,

in SD-WAN logic is a bit different than traditional. Each interface must have its own route (most commonly, default route) towards controllers. One interface can't use another interface's next-hop. Hence, it uses default-route via next-hop within interface subnet.

Suppose, interface_A 100.100.100.1/30 , default route to 100.100.100.2 and router has interface_B with 100.100.101.1/30 without explicit route. The interface_B will not able to make control connection to controllers, DCONFAIL will happen which means dtls connections fails to establish. And the reason is routing in the underlay (= no route within interface_B).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

yutashimamura2920 · ‎11-25-2024

Thank you guys!
Understood.