Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
2
Replies

Sd-wan design question

waxensens
Level 1
Level 1

‎05-16-2022 12:39 AM

We recently got a set of c8300s and a few 8200's to convert our larger call center sites to sd-wan.

we are doing some testing and design before cutting over to the sd-wan fabric. but i'm curious how people are doing things.

we have a few dia circuits at each site. one of which has some static ips for us to host servers on prem. we also have a hosted MPLS (lume), we dont see the mpls tags. This mpls doesnt have a route to the internet. we have a few direct connects to AWS regions in this mpls. as well as some sip trunks out to Lumen.

our dias build tunnels end to end no problem. but i'm having trouble bringing the mpls into the SD-wan fabric into VPN0.

i dont see tunnels being created between the routers over the mpls, i see all of our mpls routes announced into vpn0, but i cant figure out how to get those routes into vpn1, i've tried leaking into service vpn, but i keep getting notices that you cant leak routes from global to service? should i just land the mpls inside vpn1 instead? and if i do that can i still do application policies for directing traffic over different circuits?

 

thanks!

router login 192.168.l.l
Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎05-16-2022 05:42 AM - edited ‎05-16-2022 05:44 AM

Hi

 You probably have at least two colors, right? MPLS and Biz-Internet.

If you look at Device Templates, Transport & Management VPN, dont you see two or more Interfaces there with Templates on it?

Also, if you issue "show ip route" on the router, you must have to default route, MPLS and internet.

 Also, with the command "show sdwan omp routes" you must see the ipsec over mpls and biz-internet.

0 Helpful

Kanan Huseynli
VIP
VIP

‎05-19-2022 03:04 PM

Hi,

 

where did you deploy controllers? SD-WAN interface (so called TLOC) is considered valid if it has control connection to vSmart.

You can use max-control-connections 0 under MPLS TLOC configuration to router will not except control connection over this TLOC, however it works if you have another interface (like internet) which has control connection to all controllers (otherwise router can't create OMP session between itself and vSmart and can't be managed by vManage).

 

If you have only one interface, you need to have some sort of connection to controllers. In case of on-prem you may advertise controller private IP in MPLS or controller public (1:1 NATed IP) to MPLS (but it will require hairpinning on NAT device).

If controllers are deployed in cloud, just NAT MPLS tlocs with PAT so they can reach controllers.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents