Solved: SD Wan Routing

MsmanXY · ‎01-09-2024

Dear all Friends,

We are use Cisco SDWAN and have two links ( path)

- Public Internet

- Biz Internet

By default, we use active/active on both links, per-flow load balancing from Branches to HQ and HQ - to Branches.

Now we want apply a policy for routing like : Some traffic, subnets ...from Branch to HQ prefer Public Internet and backup route by Biz Internet.

Please help me, how to do that, can we define branch traffic by subnet .

Thank you so much.

MsmanXY

MHM Cisco World · ‎01-09-2024

if you want all subnet in site-A use one circuit as primary and other as backup check this
https://www.thenetworkdna.com/2021/02/the-role-of-preference-and-weight-in.html

if you want specific subnet then as I mention before use tloc-action

MHM

View solution in original post

MHM Cisco World · ‎01-09-2024

https://www.cisco.com/c/en/us/support/docs/routers/sd-wan/214232-why-set-tloc-action-in-a-centralized-con.html

check this link
MHM

MsmanXY · ‎01-09-2024

Thank you,

As my understand , If we use TLOC action, that mean all traffic from branch always prefer one of two links right ?

I am a newbie , Can I user AAR routing to make a policy matches source subnet of branch to destination subnet of HQ and prefer biz or pubic link ?

Thank you so much.

MHM Cisco World · ‎01-09-2024

check my answer to Mr. @Kanan Huseynli below
thanks
MHM

Kanan Huseynli · ‎01-09-2024

Hi,

do you have full mesh tunnels between sites or you use restrict and/or tunnel group to have separate tunnels over separate TLOCs?

By default you should have not 2 but 4 (2x2) tunnels between sites:

biz - public
biz - biz
public - public
public - biz

If you use restrict / tunnel group you will have:

biz - biz

public - public

Firstly, confirm this to understand how to apply policy properly.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MHM Cisco World · ‎01-09-2024

I think he ask to make prefix-A in Site-A use Public
and prefix-B in Site-A use private

so he need to config policy match route and site then apply action set the tloc as primary and backup

I hope I am correct

MHM

Kanan Huseynli · ‎01-09-2024

Whatever you mentioned above is totally related to different thing. Primary/ Backup in tloc-action does not work in this way when you have direct paths only.

I understood what he wanted, but to give proper policy configuration there is need to understand existing overlay design.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MHM Cisco World · ‎01-09-2024

I think we can use it.

In hub and spoke we set tloc using hub IP

Here we use vedge IP and set primary

And then finally we stop advertise tloc (not omp) between vedge.

This way the vedge have only tloc receive from vsmart from it policy.

MHM

Kanan Huseynli · ‎01-09-2024

Sir, did you test "tloc-action" in lab/production environment? It totally works differently

Secondly, if you filter TLOC via policy using vSmart, how does router will switch path to the secondary if there is no tunnel between TLOCs?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MsmanXY · ‎01-09-2024

Hi Kanan Huseynli and MHM

Real , we have both links , one is 200 Mbps, and one is 500 Mbps. As I research and read, We can set TLOC prefer by weight to prefer traffic to TLOC 1 ( link 500Mbps) right ?

Can you help me how to config it, bz I am a newbie .

Thank you so much

Kanan Huseynli · ‎01-09-2024

Please, answer to the question I addressed before and also say me "do you have branch to branch" tunnels?

Depending on your overlay design, answer varies, so I'm asking this question.

Note: there are couple of ways to do, depends on your overlay design and business/technical requirements

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MsmanXY · ‎01-09-2024

Dear Kanan Huseynli,

Yes, we are using overlay like :

f you use restrict / tunnel group you will have:

biz - biz

public - public

Two branches , Two Internet Link per site, topology like :

Site A-----2 links-----Site B, and 04 tunnel formed

A -----Biz----B

B-----Biz----A

A-----Public---B

B----Public-----A.

Thank you so much,

Kanan Huseynli · ‎01-10-2024

Can you share below command output to understand fully,

"show bfd sessions" from branch? (or "show sdwan bfd sessions" if it is IOS XE)

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

MHM Cisco World · ‎01-09-2024

if you want all subnet in site-A use one circuit as primary and other as backup check this
https://www.thenetworkdna.com/2021/02/the-role-of-preference-and-weight-in.html

if you want specific subnet then as I mention before use tloc-action

MHM

MsmanXY · ‎01-12-2024

Thank all you guy, I use Weight on tunnel interface.

Regards.,

Ms