01-05-2021 11:20 AM
Hi everyone,
I have some basics questions about Cisco Viptela SD WAN.
1) Let say we have two sites: A and B, A has VPN1 subnet 1.1.1.0/24 and B has VPN1 subnet: 2.2.2.0/24
Both sites A and B can talk to each other and have received OPM updates via vsmart about each other subnets , these updates also carry IPSEC keys. We powered down site A and B and power them back up, at this point there is no traffic in either direction i.e from A to B and vice versa, will IPSEC tunnel still establish between A and B?
2) Let say A and B has user traffic , therefore A and B establish IPSEC tunnels, A and B also sending BFD traffic over this tunnels for link monitoring. assume there is no longer any user traffic between A and B , but A and B continue to use BFD, given that, IPSEC tunnel will never go down as there is BFD traffic which keeps the tunnel up?
Thanks and have a good day!!
Solved! Go to Solution.
01-05-2021 12:05 PM
1)The tunnels will come-up evertime unless you deny the TLOCs in the centralized policy, it doesn't matter if there's no data plane going through.
2)Same as my previos answer but adding this....by default all Edges will stablish tunnels in a full-mesh fashion with all edges unless a control policy restrict it no matter if they have or not the same service VPN's (VRFs). However there's a new feature named On-demand tunnels that works they way you said but I would say that it's something beyond basic stuffs.
Regards
01-05-2021 12:05 PM
1)The tunnels will come-up evertime unless you deny the TLOCs in the centralized policy, it doesn't matter if there's no data plane going through.
2)Same as my previos answer but adding this....by default all Edges will stablish tunnels in a full-mesh fashion with all edges unless a control policy restrict it no matter if they have or not the same service VPN's (VRFs). However there's a new feature named On-demand tunnels that works they way you said but I would say that it's something beyond basic stuffs.
Regards
01-05-2021 01:29 PM
1)The tunnels will come-up evertime unless you deny the TLOCs in the centralized policy, it doesn't matter if there's no data plane going through.
2)Same as my previos answer but adding this....by default all Edges will stablish tunnels in a full-mesh fashion with all edges unless a control policy restrict it no matter if they have or not the same service VPN's (VRFs). However there's a new feature named On-demand tunnels that works they way you said but I would say that it's something beyond basic stuffs.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide