On Prem SD WAN controller and DC Edge Router communication

Salauddin · ‎10-16-2020

Hello Team,

We have on Prem Controllers are installed in DMZ, for DC SD WAN Edge VPN 0 interface is connected to MPLS CE routers and Service VPN is connected to DC LAN core switch. Can you please confirm if we can enabled Edge routers & controller communication through service VPN ?

inderdeeps · ‎10-16-2020

Hi Salauddin,

So the connectivity from the branches to the DMZ in the DC through the MPLS links ? The WAN connectivity should be from VPN 0 as recommended as service VPN is basically for LAN connectivity. It may possible technically but not recommended i think.

Regards

Inderdeep Singh

www.thenetworkdna.com

Kanan Huseynli · ‎10-16-2020

Hi,

you can't use service side or VPN512 for control communication. Control communication can only and only happen over VPN0. So, in your case MPLS CE node should route traffic to controllers.

Regards,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Oluyemi · ‎08-09-2022

Hi, I'm not sure if you ever got through this problem, but by design controller traffic should come through VPN0 as this is the designated VPN for transport (Global routing table). What works is to have your DC WAN Edge connect via a non-tunnel interface in VPN0 to the segment where you have your controllers, and also have your DC advertise your controller subnet via MPLS to the branch networks. This way both your Edge and remote locations have the controller details via MPLS.

On Prem SD WAN controller and DC Edge Router communication

Innovations in Secure SD-WAN Routing using Multitenant WAN Edge

Cisco Catalyst SD-WAN How To

Doc - Resolución de problemas SD-WAN DTLS/TLS y Sesiones BFD/IPSec SD-WAN

Doc - Introducción a SD-WAN Manager e integración a ThousandEyes

【原创】Cisco Vipteal SD-WAN实验