05-10-2024 12:06 PM
So if you have 2 transports from the WAN Edge, must it have ECMP to vBond in order for vBond to detect the public and private IP of both transports?
Say for example you had an MPLS and Public-Internet TLOC. The Public-Internet TLOC is (unwittingly) relying on NAT to the internet.
If the preferred route to vBond was via MPLS, will it ever use it's internet TLOC to try and reach vBond (assume it had a route out of this interface, that was less preferred, like a default route).
I guess if this wasn't an issue and the Internet TLOC is not using NAT, then it should still work as the public and private IP would be the same.
Thanks!
05-10-2024 12:10 PM
The vbond have only one transport interface as I know.
So there is no ECMP there is only one control connection between vedge/cedge and vbond
MHM
05-10-2024 12:37 PM
I know the vBond only has one interface usually - I am saying how can the vBond detect the public NATed IP of the Internet TLOC, if the private TLOC is used for the control connection.
05-10-2024 12:43 PM
Vedge use private IP to connect to public IP of vbond'
Then mpls will NATing private IP to public vbond
The vedge send it private IP inside control packet
Here vbond will know the private IP
So as rule not only sdwab all protocol use this
The IP header have public IP
Inside Packet private IP
So all device have mapped private to public
MHM
05-10-2024 12:46 PM
I said the NATing was on the internet TLOC, not MPLS. But the MPLS is the preferred route.
05-11-2024 08:20 AM
Hi,
vBond is not only used for NAT detection.
It is also used to connect router to other controllers.
Normally and if possible you need to have route over all interfaces. But if you have reachibility over one interface only (which is common when MPLS does not have route towards controllers' IPs), then you should use max-control connections 0 under tunnel interface otherwise this interface is not considered for data plane tunnels.
Basically each interface should reach vsmart in order to be advertised as TLOC route and for this interface should reach vbond firstly (unless aforementioned command is used).
For you case: put /32 route and make access over all interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide