Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1523
Views
0
Helpful
4
Replies

SDWAN IP addressing and routing

Steven Williams
Level 4
Level 4

‎12-06-2019 01:12 PM

I am having trouble grasping a concept with vedges. The vEdges have physical interfaces that are referenced in "vpn 0"

 

 

  • VPN 0 is the transport VPN. It contains the interfaces that connect to the WAN transports. Secure DTLS/ TLS connections to the vSmart or between vSmart and vBond controllers are initiated from this VPN. Static or default routes or a dynamic routing protocol needs to be configured inside this VPN in order to get appropriate next-hop information so the control plane can be established and IPSec tunnels can connect to remote sites.
  • VPN 512 is the management VPN. It carries the out-of-band management traffic

So when I look at a config like this:

 

vpn 0
interface ge0/0
ip address 10.99.0.1/24
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
allow-service https
!
no shutdown
!
ip route 0.0.0.0/0 10.99.0.254

 

 

Is the IP address 10.99.0.1/24 an IP of the ISP you are connecting to?

 

How do the tunnels get IP addresses?

Labels:
0 Helpful
4 Replies 4

hsood
Cisco Employee
Cisco Employee

‎12-06-2019 01:45 PM

10.99.0.1/24 would be a part of your underlay and Yes, it would be connected to your ISP just like a normal MPLS circuit used to be in a traditional environment.

The tunnels that are formed are based on certificate exchange mechanisms and they are communicating on overlay using System IPs.

All Overlay components in a SDWAN fabric has unique system IP.

Regards,
Hitesh
0 Helpful

Steven Williams
Level 4
Level 4
In response to hsood

‎12-06-2019 04:47 PM

As far as adding controllers and devices to the vmanager, are you using the system IPs? The vbond has two IP addresses one for vpn0 and one for vpn512, so which one is used for adding to vmanager?

I have tried the vpn512 IP but get "no route to host" then when I try the vpn0 IP it spins for a good long time and gives me a socket error connection timed out.

Do I need to deploy the certificate configuration before adding vbond to vmanager? What is the easiest way to do cert based things for a lab without having to roll out a whole PKI?
0 Helpful

Surjeet Singh
Level 1
Level 1
In response to Steven Williams

‎12-25-2019 03:26 AM

you need add vBond using IP address belongs to vpn 0. also make a note that you need to remove tunnel config from the interface of vbond before adding else it will give you error. once you are able to successfully add it you can put the tunnel config back under the interface.
Regards,
Surjeet Singh
0 Helpful
Customers Also Viewed These Support Documents