In this lesson, we will be looking at the key points in this section that you should learn and understand before continuing further with the course. If you don't feel comfortable with any of the topics, go back and reread the lessons in the chapter.
- The underlay network provides reachability between TLOCs using traditional routing mechanisms.
- Multiple default routes can exist in the transport VPN 0 on a vEdge router. Which one will be used at any given moment depends on the overlay routing.
- A vEdge router establishes the following overlay connections:
- One transient DTLS control connection to the vBond orchestrator over each connected WAN transports only during the onboarding process.
- One persistent DTLS control connection to vManage over a single WAN transport.
- One persistent DTLS/TLS control connections to vSmart over each connected WAN transports;
- IPsec tunnels to all known remote TLOCs with different site-ids over each available WAN transports. A BFD session is automatically started over each IPsec tunnel and can not be disabled.
- The concept of TLOCs and colors does not apply to controllers. An SD-WAN controller may only have one routing interface that terminates DTLS connections.
- The Overlay Management Protocol (OMP) governs the routing among vEdges.
- The OMP best-path algorithm selects the best routes and sorts them in descending order (from best to worst).
- The vSmart controller inserts and keeps all routes in separate VPN tables with the best routes at the top.
- vRoutes:
- Each vroute is associated with a VPN segment;
- The next-hop attribute of a vroute is not an IP address but a TLOC route;
- If the next-hop TLOC route of a vRoute is not known, the vroute is marked as Invalid.
- The site-id is a loop prevention mechanism similar to the AS number in BGP.
- TLOC routes:
- TLOC routes are not associated with a VPN.
- A TLOC route is uniquely identified by {System-IP, Color, Encapsulation}. Notice that the fixed system-IP address instead of the interface IP. This ensures that a TLOC route can be identified at any given moment irrespective of any interface changes.
- Service routes:
- vEdges advertise attached network services using OMP Service Routes.
- The vSmart controllers do not re-advertise a service route.
- The service route is used in centralized policies for service chaining.
- The send-path-limit parameter defines the maximum number of best-paths that an SD-WAN device advertises to its OMP peers.
- The ecmp-limit parameter defines the maximum number of best paths that a vEdge router installs in its routing tables.
- The controller-send-path-limit defines the maximum number of best-paths that a vSmart controller advertises to another vSmart controller.