Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
5
Helpful
1
Replies

System IP Address - Should I use RFC1918 VS unique facticious IP addresses

Go to solution
jgardner150
Level 4
Level 4

‎10-10-2018 07:46 AM - edited ‎03-08-2019 05:32 PM

Quick question about the system IP address assigned to each vEdge router and vSmart controller in a deployment. I get that the main purpose is to act as a unique router ID, but I've noticed that their documentation is using ip addresses like 1.1.1.1 or 2.2.2.2 and some are RFC1918... Are the system IP addresses supposed to be rout-able outside of the SD-WAN environment?  My first thought is can I use these like a loop back interface for direct SSH access? If yes than I am thinking it would be best to stick to RFC1918 address space that is able to route on my internal network.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jayesh Singh
Cisco Employee
Cisco Employee

‎10-12-2018 12:15 PM

Hi,

The system IP address can be any IPv4 address except for 0.0.0.0/8, 127.0.0.0/8, and 224.0.0.0/4, and 240.0.0.0/4 and later.

 

As you got it right, system ip is for the interface named system that is placed in vpn0 and port type is loopback. So system ip has to be unique in vpn0, no other interface in vpn0 should have same ip.

 

For device management purposes, it is recommended as a best practice that you also configure the same system IP address on a loopback interface that is located in a service-side VPN that is an appropriate VPN for management purposes. You use a loopback interface because it is always reachable when the router is operational and when the overlay network is up. 

 

Hope this answers your query.

 

Thanks,

Jayesh

 

Make sure you rate this post and mark it as a solution if that solves your query. This will help other users in case they have similar query.

 

 

 

View solution in original post

1 Reply 1

Go to solution
Jayesh Singh
Cisco Employee
Cisco Employee

‎10-12-2018 12:15 PM

Hi,

The system IP address can be any IPv4 address except for 0.0.0.0/8, 127.0.0.0/8, and 224.0.0.0/4, and 240.0.0.0/4 and later.

 

As you got it right, system ip is for the interface named system that is placed in vpn0 and port type is loopback. So system ip has to be unique in vpn0, no other interface in vpn0 should have same ip.

 

For device management purposes, it is recommended as a best practice that you also configure the same system IP address on a loopback interface that is located in a service-side VPN that is an appropriate VPN for management purposes. You use a loopback interface because it is always reachable when the router is operational and when the overlay network is up. 

 

Hope this answers your query.

 

Thanks,

Jayesh

 

Make sure you rate this post and mark it as a solution if that solves your query. This will help other users in case they have similar query.

 

 

 

Customers Also Viewed These Support Documents