Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
1
Helpful
2
Replies

SDWAN Design VPN0 - subinterface

rjds
Level 1
Level 1

‎04-29-2024 03:59 AM - edited ‎04-29-2024 04:00 AM

Hello guys,

Need some understanding about VPN0 vs sub-interfaces design.

.. at DC design point of view i have one traditional MPLS link connect directly to the sdwan, and one public internet that i want to pass through FW.

i know that is possible to have one physical link facing the LAN with multiple VPN/VFR, each one in it's own sub-interfaces / vfr definition. Placing the parent physical interface in the transport tab, and all the SVI in the Service tab.

So my question is, in the same physical link facing the FW, can i have all the service SVI's and add a SVI transport  tunnel interface (public inet).??

It's possible.?? Anyone has had this challenge.? How you overcame.? Had some embarrassment.? Can i expect some problems.?

Thanks for sharing the knowledge.

RD

Labels:
0 Helpful
2 Replies 2

Kanan Huseynli
VIP
VIP

‎04-29-2024 07:18 AM

Hi,

yes, you can. But not recommended. In case of link failure, you will not only lose internet but also service side.

Recommendation for transport side: each transport should have its own link

Recommendation for service side: dual link with port-channel and different service VPN interfaces on different sub-interface.

Used above approach, works normal as expected and have redundancy both on service and transport side.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

rjds
Level 1
Level 1
In response to Kanan Huseynli

‎04-30-2024 09:10 AM

Hi Kanan,

Thanks for you reply.

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card