Re: two cEdge on DC with different internet link on ech router

lazuardinurfaiz1503 · ‎07-19-2020

Hi all.

I just deployed two cEdge 4451 on DC and one cEdge 4431 on branch. Each of cEdge in DC have one internet connection as transport link, cEdge-1 has internet ISP A and cEdge-2 has internet ISP B.I have several question regarding my SDWAN network.

1. Do I have to configure TLOC extention based on these condition?

2. I have on premise controller on DC. Should it have the same site-id with the cEdge on DC or not?

3. cEdge on branch has establish 2 ipsec tunnel to both router on DC. At the moment, ISP A has intermitten issue, so it disturb the data plane. But from cEdge on branch, it still forwarding the packet to both cEdge-DC-1 and cEdge-DC-2, even though ISP A on cEdge-DC-1 has intermitten issue. How can I fix this? Shouldnt BFD on SDWAN can detect intermitten on ISP A?

Thank you.

Best regads,

Lazuardi Nurfaiz

LeonardoFernandez5618 · ‎07-19-2020

Hi Lazuardi,

This are my comments based on my experience.

1. Do I have to configure TLOC extention based on these condition?

Is always better to have TLOC extension between the cEdges to gain resiliancy of the transports in both boxes, is like having 2 links connected to each box, is a very easy deployment so it makes sense to use it, also it plays a fundamental role in Application Aware Routing.

2. I have on premise controller on DC. Should it have the same site-id with the cEdge on DC or not?

You dont need to have the Site ID configured between the DC cEdge and the DC on premise controllers even is they are physicaly on the same place, by default IPsec tunnels are not formed between WAN Edge routers within the same site which share the same site-id, vBonds are Wan Edge devices with a vBond role so i am not sure if tunnels will be built using the same site id between them, i have never tried it.

3. cEdge on branch has establish 2 ipsec tunnel to both router on DC. At the moment, ISP A has intermitten issue, so it disturb the data plane. But from cEdge on branch, it still forwarding the packet to both cEdge-DC-1 and cEdge-DC-2, even though ISP A on cEdge-DC-1 has intermitten issue. How can I fix this? Shouldnt BFD on SDWAN can detect intermitten on ISP A

BFD is the mechanism to probe the status of the links, is needed to configure Application Aware Routing policies to react on the BFD probes measurements, you need to create SLA Classes with values for Packet Loss or Latency or Jitter tresholds and choose Primary and Backup color for defined applications or set of IPs, if BFD detects measurements that does not comply with the SLA tresholds configured (like 1% packet loss) the traffic will be stereed to the backup color.

Kanan Huseynli · ‎07-20-2020

Hi,
1) in general it is best practice to use TLOC extensions.
2) I personally recommend to use it, because as per design doc controllers and routers with the same Site ID use private addresses, even if one of them has color public.
3) BFD declares tunnel down if 7 BFD messages are missed. If underlay network has problem but still somehow works, then BFD will not declare link down, hence dataplane is UP between branch router and DC1 router (which connected to ISP with issue).
Here you can use centralized control policy and make for higher (better) TLOC preference on interface connected to ISP2 (where everything is OK)

OR you can use centralized data policy and set nexthop for DC prefixes to TLOC which belongs to interfaces that connected to ISP2.

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.