Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
0
Helpful
0
Replies

SD-WAN controller deployment on-premise with Disaster-recovery

Mario Rosi
Level 1
Level 1

‎06-06-2022 02:54 AM

Hi guys,

i'd be very happy to receive any feedbacks from the expert ones about this scenario:

- my customer wants to implement on premise the controllers deployment

- it wants to use disaster-recovery for resiliency of solution (their are going to promote themselves as SD-WAN provider)

- the controllers site must be accessed by two different underlay: Satellite (Private IP space for TLOCs) and Internet (privage IP space for TLOCs) infrastructures

 

Based on what described here https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKRST-2559.pdf on slide 15-16:

 

- WAN Edge points to the vBond FQDN that resolves both public and private IP.

- WAN Edge communicates with vSmart and vManage NATed public IP over Internet and use private IPs over MPLS

- Private color to private color uses private IP, public color to public color uses public IP.

- vSmart and vManage point to the vBond NATed public IP.

- vBond learns interface private and NATed IP address of vSmart and vManage.

- vSmart and vManage use private IPs for communication

- vSmart and vManage use private color (non-default).

 

...and that sounds good for me and match good enough with my scenario having Satellite instead of MPLS.

 

Now, i'm proposing this design below where:

 

- vSmart, vManage are in one DMZ and one segment VLAN

- vBond in in another DMZ and another segment VLAN

- i've two vBond for redundancy

- i've two FW for redundancy

- i've two sites one with vManage cluster active and the one for disaster recovery with vManage cluster in standby

- vSmart, vBond and FWs are all active on both the two sites (so traffic of control may cross through the L2 DCI between the two sites)

 

My questions:

1) Is ok for you as design? 

2) may i avoid to have the two FWs used to let vBonds to communicate with vSmart and vManage, configured in cluster active/standby and just let them to work each one alone?

3) How could work the NAT-ing between vManage/vSmart and vBond on both the sites (may you explain a little better how cisco is suggesting to deploy this scenario in general?)

I attach my schemas and the flow of control plane traffic among the vEdge and controller and among controllers themselves.

I really would appreciate your contribution, being an important project where the Satellite infrastructure would be used aside the other classic ones.

Mario



Labels:
Preview file
2229 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents