We have seen earlier in this chapter that we cannot assign a particular TLOC color to more than one interface per vEdge because the color uniquely identifies a single WAN link. Therefore, in scenarios where a vEdge has multiple interfaces connected to the same WAN provider, we must use different colors on each interface. However, this can overcomplicate the overlay topology with restricted colors and tunnel groups. That is why the Cisco SD-WAN solution allows us to configure a loopback interface as a local TLOC instead of a physical interface.
Loopback TLOCs
Using a loopback interface as a local TLOC is a technique that allows a vEdge router to have multiple physical interfaces attached to the same WAN provider and utilize ECMP across them. The loopback interface serves as a tunnel endpoint and is marked with a single TLOC color. The following figure visualizes this use case:
Depending on the specific scenario, there are two modes for a loopback TLOC - standard mode and bind mode.
Standard mode
We use the standard mode in scenarios where a vEdge router has multiple physical interfaces to the same WAN provider. Figure 2 shows a typical use-case where vEdge-4 has two interfaces connected to the same MPLS cloud - ge0/6 with IP address 10.10.2.1/30 and ge0/7 with addresses 10.10.2.5/30. This scenario often happens when the service provider has two CE routers onside, and we want to have extra resiliency in the underlay by connecting each vEdge to both CEs.
In standard mode, traffic coming from the underlay can reach the loopback IP address via each of the physical links. The loopback interface is not strictly bound to any of the physical interfaces and can load-balance between them based on the ECMP hash. From a configuration standpoint, there is no tunnel configuration on the physical links but instead, the local TLOC configuration is applied on the loopback interface, as is highlighted in the output below:
!
vpn 0
interface ge0/6
ip address 10.10.2.1/30
no shutdown
!
interface ge0/7
ip address 10.10.2.5/30
no shutdown
!
interface loopback1
ip address 10.10.0.4/32
tunnel-interface
encapsulation ipsec
color mpls
allowed services all
!
ip route 0.0.0.0/0 10.10.2.2
ip route 0.0.0.0/0 10.10.2.6
!
The key point here is to make sure that the service provider network has IP reachability back to the loopback IP address. In our example, for simplicity, we will just add two static routes on the MPLS router for vEdge-4’s loo1 IP address via each physical interface.
MPLS# conf t
Enter configuration commands, one per line. End with CNTL/Z.
MPLS(config)# ip route 10.10.0.4 255.255.255.255 Ethernet0/0 10.10.2.1
MPLS(config)# ip route 10.10.0.4 255.255.255.255 Ethernet0/2 10.10.2.5
However, in real-world deployments, the vEdge router will typically advertise the loopback subnet to the CE routers through a dynamic routing protocol such as BGP or OSPF.
In standard mode, there is something essential to keep in mind. Because the loopback interface is not strictly bound to any of the physical WAN links, the link status of the overlay tunnels can be seen differently on different remote ends. That could happen because the BFD probes measuring the tunnels’ liveliness and performance metrics to different remote TLOCs would be hashed over different physical links. If one of the CE routers onside experiences an outage or performance degradation, some overlay tunnels to the mpls color may degrade while others work normally.
Bind mode
In bind mode, the loopback interface is strictly bound to a single physical link. Any traffic coming from the underlay destined for the physical connection is transparently carried over to the loopback interface and vice-versa.
Full Content Access is for Registered Users Only (it's FREE)...
- Learn any CCNA, DevNet or Network Automation topic with animated explanation.
- We focus on simplicity. Networking tutorials and examples written in simple, understandable language for beginners.