Solved: Re: System IP in SDWAN Solution

fatalXerror · ‎03-30-2021

Hi Guys,

As we know, in Viptela SDWAN, we need a TLOC and part of the TLOC is the system IP address of the vEdge that we uniquely configured. I would like to know, if we need to make the system IP reachable from one vEdge to another?

Thank you.

osdesent · ‎03-30-2021

The system IP ideally is not a routable IP, it is just an identificador as it is not an IP itself....it only uses the IPv4 notation.

However it is a good practice to create a loopback in the service VPN for management with that IP however it is not mandatory...it is optional and useful for monitoring and management purposes.

Oscar Desentis
Customer Success Specialist (SD-WAN)

View solution in original post

svemulap@cisco.com · ‎03-30-2021

System-IP is synonymous with router-id concept. But it is not a routable-IP. It is not used in routing and only used in the context of bringing up control-connections.

TLOC is basically a 3 tuple of: { System-IP, Encap, Color } to uniquely identify the transport interface.

So, No. No need for System-IP to be reachable from one device to another.
But customers have used the System-IP on the service side VPN/VRF, so they can access the device.
[ typically recommended from best practices point-of-view ]

See below:

Edge# show interface

IF IF IF TCP
AF ADMIN OPER TRACKER ENCAP SPEED MSS RX
VPN INTERFACE TYPE IP ADDRESS STATUS STATUS STATUS TYPE PORT TYPE MTU HWADDR MBPS DUPLEX ADJUST UPTIME PACKETS TX PACKETS
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 system ipv4 11.1.1.2/32 Up Up NA null loopback 1500 00:00:00:00:00:00 1000 full 1416 208:04:00:10 0 0
1 loopback112 ipv4 11.1.1.2/32 Up Up NA null service 1500 00:00:00:00:00:00 1000 full 1416 208:04:00:02 0 0

Hope this helps to clarify.

View solution in original post

osdesent · ‎03-30-2021

The system IP ideally is not a routable IP, it is just an identificador as it is not an IP itself....it only uses the IPv4 notation.

However it is a good practice to create a loopback in the service VPN for management with that IP however it is not mandatory...it is optional and useful for monitoring and management purposes.

Oscar Desentis
Customer Success Specialist (SD-WAN)

svemulap@cisco.com · ‎03-30-2021

System-IP is synonymous with router-id concept. But it is not a routable-IP. It is not used in routing and only used in the context of bringing up control-connections.

TLOC is basically a 3 tuple of: { System-IP, Encap, Color } to uniquely identify the transport interface.

So, No. No need for System-IP to be reachable from one device to another.
But customers have used the System-IP on the service side VPN/VRF, so they can access the device.
[ typically recommended from best practices point-of-view ]

See below:

Edge# show interface

IF IF IF TCP
AF ADMIN OPER TRACKER ENCAP SPEED MSS RX
VPN INTERFACE TYPE IP ADDRESS STATUS STATUS STATUS TYPE PORT TYPE MTU HWADDR MBPS DUPLEX ADJUST UPTIME PACKETS TX PACKETS
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0 system ipv4 11.1.1.2/32 Up Up NA null loopback 1500 00:00:00:00:00:00 1000 full 1416 208:04:00:10 0 0
1 loopback112 ipv4 11.1.1.2/32 Up Up NA null service 1500 00:00:00:00:00:00 1000 full 1416 208:04:00:02 0 0

Hope this helps to clarify.

fatalXerror · ‎03-31-2021

Thanks guys and noted on this.