Hi,I am working on a design where I need to connect a Palo Alto firewall cluster (A/P mode) to a VXLAN EVPN fabric, with each firewall being connected to a different vPC leaf pair.The VXLAN EVPN fabric will use anycast gateway, with the firewall prov...
Hi, I have a question about how the AAR SLA Class strict option works (vManage version 20.9, IOS-XE cEdges). Imagine a router with 2 colors: mpls and public-internetBy using an SLA class, you want to force FTP traffic over the public-internet color.W...
Hi Chris,In one of my other comments, I show the output of command "show sdwan app-route stats remote-system-ip x.x.x.x" to the 2 cEdges of the destination site.For both the app-route stats with local color mpls, the sla-class-index shows "0,1". If I...
Yes I have a route over both interfaces, see the screenshots of my other comment.When I introduce delay over the public-internet transport, the 'Simulate Flows' feature shows blackhole for the TCP/21 I match in the AAR policy, but still shows 4 paths...
The destination site has 2 routers, one with color mpls, one with color public-internet.The AAR only show 2 paths because it is only towards one router (1.1.1.51)This is both routers:r21#show sdwan app-route stats remote-system-ip 1.1.1.51
app-route ...
This is the AAR policy that is applied (no data policy):The SLA class i'm testing with has index 1: r21#show sdwan app-route sla-class
APP PROBE
INDEX NAME LOSS LATENCY JITTER CLASS ID APP PROBE CLASS FALLBACK BEST TUNNEL
---------------------------...
If you follow this diagram for the case where public-internet is down and mpls is up, you get the following flow:This is in line with the Cisco documentation I listed, but in my lab, only using AAR preferred-color internet+strict (without using an ex...
