11-29-2020 01:56 AM
Hello,
I do have a relatively simple SDWAN fabric that includes a public-internet line and a private line for all sites in the transport VPN0.
The controllers are cloud hosted from Cisco within Azure DC and the private line does not have a connection to the public-internet, this means per default there won't be any control connections from the private TLOCs to the controllers in the cloud.
I was wondering if one vEdge router, eg. in the datacenter could be used as a "bridge" between the private line and the public-internet by pointing the branches with a default route to the next-hop IP (private line IP) of the vEdge router in the datacenter and doing NAT from private line to the public-internet?
I have tried to set it up in a sandbox environment, but could not get the vEdge router in the DC doing the NAT, an ASA Firewall inserted as the "bridge device" doing NAT & routing was working without any trouble.
Disabling the "control connections" within the private line interfaces is no option, since these should also be used as a backup one the public-internet interface fails.
Any Ideas, feedback are highly welcome.
Thank you and best regards,
Thomas
12-05-2020 08:16 AM
Disabling the "control connections" within the private line interfaces is no option, since these should also be used as a backup one the public-internet interface fails.
Hi,
confirm if I understand correctly. You want control connection redundancy, yes? Then you have to have some kind of connection to controllers. This can be done via central device in DC as you said. I don't know , what type of configuration you have done in lab, but central device with one interface in service VPN (connected to private line) and dynamic NAT over internet interface (VPN0) should work.
But iff your redundancy requirement is only for dataplane, then max-control-connections 0 should help. Regarding this command you can find relevant section in SD-WAN CVD.
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide