This section will cover several advanced SD-WAN scenarios that will help you learn how to approach different topology and TE requirements.
- Scenario #1 - Preferred DC in a dual-DC design
- Scenario #2 - LTE last-resort circuit for a single app
- Scenario #3 - Application-aware Routing in point-to-multipoint topologies
- Scenario #4 - Asymmetric traffic paths with services
- Scenario #5 - Advanced route leaking
- Scenario #6 - Global Hubs
Initial State
Figure 1 below illustrates the initial topology we will use for all lab scenarios. All system-IPs, site-ids, and IP addresses are according to the diagram.
- All devices have installed certificates and bootstrap configuration.
- All vEdges are connected to two WAN transport clouds - biz-internet and mpls. MPLS color is restricted.
- VPN 0 is configured as per figure 1. There is IP connectivity between the transport clouds.
- Cisco SD-WAN Controllers (vBond, vManage, and vSmart) are located at site-id 100. Controllers can reach all tlocs.
- There is no policy applied at vSmart. Everything is by default.
- Overlay topology is by default. Full-mesh between all sites.
- There are 4 service-side VPNs - 3 through 6. Each WAN edge router has the following service-side IP address scheme - 10.[site-id].[vpn-id].0/24. For example, vEdge-4 's VPN5's address is 10.4.5.0/24, and so on.
- Everything else is by default.
Initial Configs
The initial configuration of each SD-WAN device can be found below. Notice that everything is by default, apart from the basic bootstrap and VPN0 setting.
system
host-name vEdge-1
system-ip 1.1.1.1
site-id 1
organization-name networkacademy-io
vbond 10.1.1.10
!
vpn 0
interface ge0/0
description WAN-INET
ip address 39.3.0.1/24
tunnel-interface
encapsulation ipsec
color biz-internet
no shutdown
!
interface ge0/1
description WAN-MPLS
ip address 10.10.1.1/30
tunnel-interface
encapsulation ipsec
color mpls restrict
no shutdown
!
ip route 0.0.0.0/0 10.10.1.2
ip route 0.0.0.0/0 39.3.0.254
!
vpn 3
interface ge0/3
ip address 10.1.3.1/24
no shutdown
!
vpn 4
interface ge0/4
ip address 10.1.4.1/24
no shutdown
!
vpn 5
interface ge0/5
ip address 10.1.5.1/24
no shutdown
!
vpn 6
interface ge0/6
ip address 10.1.6.1/24
no shutdown
!
system
host-name vEdge-2
system-ip 2.2.2.2
site-id 1
organization-name networkacademy-io
vbond 10.1.1.10
!
vpn 0
interface ge0/0
description WAN-INET
ip address 39.3.2.2/24
tunnel-interface
encapsulation ipsec
color biz-internet
no shutdown
!
interface ge0/1
description WAN-MPLS
ip address 10.10.0.2/24
tunnel-interface
encapsulation ipsec
color mpls restrict
no shutdown
!
ip route 0.0.0.0/0 10.10.0.254
ip route 0.0.0.0/0 39.3.2.254
!
vpn 3
interface ge0/3
ip address 10.1.3.2/24
no shutdown
!
vpn 4
interface ge0/4
ip address 10.1.4.2/24
no shutdown
!
vpn 5
interface ge0/5
ip address 10.1.5.2/24
no shutdown
!
vpn 6
interface ge0/6
ip address 10.1.6.2/24
no shutdown
!
system
host-name vEdge-3
system-ip 3.3.3.3
site-id 3
organization-name networkacademy-io
vbond 10.1.1.10
!
vpn 0
interface ge0/0
ip address 192.168.1.3/24
tunnel-interface
encapsulation ipsec
color biz-internet
no shutdown
!
interface ge0/1
ip address 10.10.0.3/24
tunnel-interface
encapsulation ipsec
color mpls restrict
no shutdown
!
ip route 0.0.0.0/0 10.10.0.254
ip route 0.0.0.0/0 192.168.1.1
!
vpn 3
interface ge0/3
ip address 10.3.3.1/24
no shutdown
!
vpn 4
interface ge0/4
ip address 10.3.4.1/24
no shutdown
!
vpn 5
interface ge0/5
ip address 10.3.5.1/24
no shutdown
!
vpn 6
interface ge0/6
ip address 10.3.6.1/24
no shutdown
!
system
host-name vEdge-4
system-ip 4.4.4.4
site-id 4
organization-name networkacademy-io
vbond 10.1.1.10
!
vpn 0
interface ge0/0
ip address 39.3.0.4/24
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
color biz-internet
!
no shutdown
!
interface loopback1
ip address 10.10.0.4/32
tunnel-interface
encapsulation ipsec
color mpls restrict
!
no shutdown
!
ip route 0.0.0.0/0 10.10.2.2
ip route 0.0.0.0/0 10.10.2.6
ip route 0.0.0.0/0 39.3.0.254
!
vpn 3
interface ge0/3
ip address 10.4.3.1/24
no shutdown
!
vpn 4
interface ge0/4
ip address 10.4.4.1/24
no shutdown
!
vpn 5
interface ge0/5
ip address 10.4.5.1/24
no shutdown
!
vpn 6
interface ge0/6
ip address 10.4.6.1/24
no shutdown
!
system
idle-timeout 5
host-name vEdge-5
system-ip 5.5.5.5
site-id 5
organization-name networkacademy-io
vbond 10.1.1.10
!
vpn 0
interface ge0/0
ip address 39.3.0.5/24
tunnel-interface
encapsulation ipsec
color biz-internet
no shutdown
!
interface ge0/1
ip address 10.10.0.5/24
tunnel-interface
encapsulation ipsec
color mpls restrict
no shutdown
!
ip route 0.0.0.0/0 10.10.0.254
ip route 0.0.0.0/0 39.3.0.254
!
vpn 3
interface ge0/3
ip address 10.5.3.1/24
no shutdown
!
vpn 4
interface ge0/4
ip address 10.5.4.1/24
no shutdown
!
vpn 5
interface ge0/5
ip address 10.5.5.1/24
no shutdown
!
vpn 6
interface ge0/6
ip address 10.5.6.1/24
no shutdown
!
system
host-name vEdge-6
system-ip 6.6.6.6
site-id 6
organization-name networkacademy-io
vbond 10.1.1.10
!
vpn 0
interface ge0/0
ip address 39.3.0.6/24
ipv6 dhcp-client
tunnel-interface
encapsulation ipsec
color biz-internet
no shutdown
!
interface ge0/1
ip address 10.10.0.6/24
tunnel-interface
encapsulation ipsec
color mpls restrict
!
ip route 0.0.0.0/0 10.10.0.254
ip route 0.0.0.0/0 39.3.0.254
!
vpn 3
interface ge0/3
ip address 10.6.3.1/24
no shutdown
!
vpn 4
interface ge0/4
ip address 10.6.4.1/24
no shutdown
!
vpn 5
interface ge0/5
ip address 10.6.5.1/24
no shutdown
!
vpn 6
interface ge0/6
ip address 10.6.6.1/24
no shutdown
!
system
host-name vSmart
system-ip 1.1.1.30
site-id 100
organization-name networkacademy-io
vbond 10.1.1.10
!
omp
no shutdown
graceful-restart
!
vpn 0
interface eth0
ip address 10.1.1.30/24
tunnel-interface
!
no shutdown
!
ip route 0.0.0.0/0 10.1.1.1
!