07-17-2023 02:07 PM
What is the purpose of enabling tunnel/ allowing services in the vpn 512 interface
07-17-2023 02:17 PM - edited 07-17-2023 02:21 PM
Hello @kagisolebambo458,
Enabling a tunnel on the VPN 512 interface means configuring the interface to participate in the VPN infrastructure. This allows the vSmart controller to establish secure communication channels between vEdge routers across the SD-WAN network. Tunnels are essential for secure data transmission and enable the overlay network to function effectively!!!
By allowing services on the VPN 512 interface, you are permitting specific applications or services to traverse the VPN tunnel associated with that interface. You can allow services like HTTP, HTTPS, VoIP, or specific enterprise applications to pass through the VPN tunnel while blocking or prioritizing other traffic types.
07-17-2023 02:31 PM
It depends on the requirement of whichever companies SD-WAN youre working on and their needs. Most services are disabled by default (fro security reasons) but can be turned on. VPN 512 is for MGMT so lets say the MGMT interfaces needs BGP connectivity since it goes over the internet. YOu can enable that service to allow it to connect to other BGP speakers and log into it.
See documentation of the list of services available:
Scroll down just a little bit to the services able and you can see.
Hope this helps.
-David
07-17-2023 10:54 PM
VPN512 is for management VPN.
Enabling and disabling "tunnel" on interface which belongs to VPN512, does not change anything in router configuration. Mgmt interface can not be tunnel (because interface purpose is OOB management, but not SD-WAN overlay).
07-18-2023 07:42 AM
07-18-2023 09:12 AM
07-18-2023 09:44 AM
Tunnel interface enabled interface is added to SD-WAN overlay. It tries to connect vBond over there, if it is successful connects to vSmart. Then this interface is considered valid TLOC (SD-WAN interface) and advertised in OMP as TLOC route. And over this port BFD tunnel can be built.
Allow-services on transport interface defines what protocols natively is allowed over interface. Natively means what is allowed on underlay network, not overlay (SD-WAN). For example, you should allow BGP in tunnel interface if this interface in underlay should have BGP peering with some remote device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide