Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
1
Helpful
4
Replies

SDWAN Design VPN0 - subinterface

rjds
Level 1
Level 1

‎04-29-2024 03:59 AM - edited ‎04-29-2024 04:00 AM

Hello guys,

Need some understanding about VPN0 vs sub-interfaces design.

.. at DC design point of view i have one traditional MPLS link connect directly to the sdwan, and one public internet that i want to pass through FW.

i know that is possible to have one physical link facing the LAN with multiple VPN/VFR, each one in it's own sub-interfaces / vfr definition. Placing the parent physical interface in the transport tab, and all the SVI in the Service tab.

So my question is, in the same physical link facing the FW, can i have all the service SVI's and add a SVI transport  tunnel interface (public inet).??

It's possible.?? Anyone has had this challenge.? How you overcame.? Had some embarrassment.? Can i expect some problems.?

Thanks for sharing the knowledge.

RD

Labels:
0 Helpful
4 Replies 4

Kanan Huseynli
VIP
VIP

‎04-29-2024 07:18 AM

Hi,

yes, you can. But not recommended. In case of link failure, you will not only lose internet but also service side.

Recommendation for transport side: each transport should have its own link

Recommendation for service side: dual link with port-channel and different service VPN interfaces on different sub-interface.

Used above approach, works normal as expected and have redundancy both on service and transport side.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

rjds
Level 1
Level 1
In response to Kanan Huseynli

‎04-30-2024 09:10 AM

Hi Kanan,

Thanks for you reply.

 

0 Helpful

Sushil93
Level 1
Level 1
In response to Kanan Huseynli

‎02-27-2025 07:34 AM

Hi Kanan, 

Thanks for your suggestion on this: i also having the bit same thing as in Existing Network on ISR router there is presence of same ISP but the physical interface split into two sub-interfaces just to take the advantage of redundancy but i need to migrate it to SDWAN cEdge 8200 then would you please share the documentation that it is not recommended so that it would be great help for to make customer understandable or is it possible to replicate the same on cEdge ?

my confusion is in existing on one interface AS prepending is applied and is it possible to make the same in cEdge device then as per the understanding: Interface without prepending treated as Primary (main Primary TLOC) & interface with Prepending allowed treated as Secondary (Secondary TLOC)

Please suggest ....

Regards


0 Helpful

Sushil93
Level 1
Level 1
In response to Sushil93

‎03-02-2025 10:49 PM

@Kanan Huseynli: Good Day !! Would  request if you please suggest on the below:

Hi Kanan,

Thanks for your suggestion on this: i also having the bit same thing as in Existing Network on ISR router there is presence of same ISP but the physical interface split into two sub-interfaces just to take the advantage of redundancy but i need to migrate it to SDWAN cEdge 8200 then would you please share the documentation that it is not recommended so that it would be great help for to make customer understandable or is it possible to replicate the same on cEdge ?

my confusion is in existing on one interface AS prepending is applied and is it possible to make the same in cEdge device then as per the understanding: Interface without prepending treated as Primary (main Primary TLOC) & interface with Prepending allowed treated as Secondary (Secondary TLOC)

Regards,

0 Helpful
Customers Also Viewed These Support Documents