This structured to show the interplay of different network sites interconnected via multiple transports such as MPLS and public internet links. The core of this design revolves around SD-WAN controllers and edge devices that help manage and optimize traffic between sites, enhancing performance, security, and manageability.
In this scenario, the controllers (vManage, vBond, and vSmart) are deployed in the management network (`10.155.237.0/24`) at the central site (SITE 1). These controllers are responsible for orchestrating, managing, and enforcing policies across the WAN infrastructure. hashtag
vManage is the network management tool, hashtag
vBond facilitates secure connections between all SD-WAN devices, and hashtag
vSmart is the control plane element that enforces routing policies. These controllers are connected to multiple hashtag
vEdge routers (at different sites) through a variety of transport networks.
We have four remote sites connected via SD-WAN:
1. SITE 10(`192.168.10.0/24`) uses BGP for routing and is connected to the management, MPLS, and public internet networks.
2. SITE 20 (`192.168.20.0/24`), also leveraging BGP, follows a similar design.
3. SITE 30 (`192.168.30.0/24`) employs OSPF, indicating a different routing protocol than the others, but still participates in the overall SD-WAN fabric.
4. SITE 40 (`192.168.40.0/24`), which also uses BGP, is connected using multiple **vEdge** devices and the core router for high availability.
The vEdge routers at each site provide the data plane and connect to the WAN through multiple interfaces (MPLS and internet). These routers handle the forwarding of traffic, often using BGP as a dynamic routing protocol, and are responsible for ensuring seamless connectivity between sites. For instance, in **SITE 10**, hashtag
VI-vEdge-01 and hashtag
VI-Core-01 are connected to MPLS and public internet links, which ensure redundancy and load sharing across the different WAN transports.
A key aspect of this lab is traffic optimization and redundancy. The hashtag
Border_Router sits centrally and connects to both MPLS and internet links, acting as the aggregation point for WAN traffic from the different edge routers and sites. This router ensures that traffic can traverse between different sites through the best possible path, whether it is MPLS for critical data or public internet for less sensitive traffic.
The presence of multiple loopback addresses for each core router (VI-Core-01, MI-Core-01, etc.) across the sites signifies that this topology also supports overlay tunnels for end-to-end encryption and secure data transmission across the WAN using Ciscoโs SD-WAN fabric.
This lab validates SD-WAN capabilities, including dynamic path selection between MPLS and internet based on real-time conditions, secure traffic encryption over public networks, and seamless routing via BGP and OSPF.
Fig: LLD for Interconnected via multiple transports public internet links
No comments:
Post a Comment