cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
930
Views
1
Helpful
4
Replies

SDWAN Design VPN0 - subinterface

rjds
Level 1
Level 1

Hello guys,

Need some understanding about VPN0 vs sub-interfaces design.

.. at DC design point of view i have one traditional MPLS link connect directly to the sdwan, and one public internet that i want to pass through FW.

i know that is possible to have one physical link facing the LAN with multiple VPN/VFR, each one in it's own sub-interfaces / vfr definition. Placing the parent physical interface in the transport tab, and all the SVI in the Service tab.

So my question is, in the same physical link facing the FW, can i have all the service SVI's and add a SVI transport  tunnel interface (public inet).??

It's possible.?? Anyone has had this challenge.? How you overcame.? Had some embarrassment.? Can i expect some problems.?

Thanks for sharing the knowledge.

RD

4 Replies 4

Hi,

yes, you can. But not recommended. In case of link failure, you will not only lose internet but also service side.

Recommendation for transport side: each transport should have its own link

Recommendation for service side: dual link with port-channel and different service VPN interfaces on different sub-interface.

Used above approach, works normal as expected and have redundancy both on service and transport side.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Hi Kanan,

Thanks for you reply.

 

Hi Kanan, 

Thanks for your suggestion on this: i also having the bit same thing as in Existing Network on ISR router there is presence of same ISP but the physical interface split into two sub-interfaces just to take the advantage of redundancy but i need to migrate it to SDWAN cEdge 8200 then would you please share the documentation that it is not recommended so that it would be great help for to make customer understandable or is it possible to replicate the same on cEdge ?

my confusion is in existing on one interface AS prepending is applied and is it possible to make the same in cEdge device then as per the understanding: Interface without prepending treated as Primary (main Primary TLOC) & interface with Prepending allowed treated as Secondary (Secondary TLOC)

Please suggest ....

Regards


@Kanan Huseynli: Good Day !! Would  request if you please suggest on the below:

Hi Kanan,

Thanks for your suggestion on this: i also having the bit same thing as in Existing Network on ISR router there is presence of same ISP but the physical interface split into two sub-interfaces just to take the advantage of redundancy but i need to migrate it to SDWAN cEdge 8200 then would you please share the documentation that it is not recommended so that it would be great help for to make customer understandable or is it possible to replicate the same on cEdge ?

my confusion is in existing on one interface AS prepending is applied and is it possible to make the same in cEdge device then as per the understanding: Interface without prepending treated as Primary (main Primary TLOC) & interface with Prepending allowed treated as Secondary (Secondary TLOC)

Regards,