"High Away Blues Nr 1" or Challenges in Edge High Availability Part 1: VRRP HA

 

Configuring different High Availability Features one Branch Setup in my lab was using an MPLS CE-Router and VRRP to allow a restricted Fault Tolerance.

When the VMware SD-Wan Edge goes down, there is still a working MPLS connectivity via the CE Router, which means the Branch in that case behaves like a NSD (Non-SD-Wan enabled site) and you need to have a forwarding via either a hybrid Partner Gateway or Hybrid HUB site to still be able to reach all necessary destinations.


 The MPLS-facing CE-Router in my case is a Cisco IOS L3 Router, MPLS connectivity for that customer is using OSPF

 On the VCO the Edge BR-20 has the corresponding VRRP-setting

 

GE1 is the Link from Edge to the CE-Router using pt-2-pt OSPF


 In the WAN Settings GE1 is marked as User Defined Wan Overlay of type Private Wired named MPLS-Cust-2


 The necessary Enable Wan Overlay Flag is correctly set, telling the Edge to also build Overlay tunnels to Gateways using that connection towards MPLS via the CE-Router

BUT ...

  

Unfortunately the MPLS Overlay does not come up with that configuration

But we see that our VRRP configuration is also detected and up

When using the List Paths in the Remote Diagnostics section we only see overlay tunnel built to 2 Gateways via the 110.1.1.0/24 Internet connection

So now we have a seemingly correct configuration, but no Overlay tunnels over MPLS

 Let´s have a look into one of the MUST-HAVE (and MUST-READ) documents

 "SD-WAN Reference Design Guide" White Paper April 2019

 On page 7 we find some useful information regarding requirements so that Tunnel initiation message will be sent out and reaches the defined SD-Wan Gateways


 So according to the info found here we specified all the necessary information for Wan Overlay

 

Looking further into the Edge BR-20  we can find all necessary MPLS destinations learned via OSPF and primarily pointing to the GE1 interface towards the MPLS CE-Router

 

Looking further into the above mentioned Reference Guide you can find on Page 8:


 But again we have 2 Gateways as remote peers connected to the correct MPLS/vrf as well, so that requirement is given in our case

 

 

 However the only thing missing is the automatic Default Route pointing out interface GE1



 



 

Unfortunately I did not get any useful information from the official VMware SD-WAN documentation .

After some useless tries by comparing route table with other working SD-WAN Edges, I found the solution. 


 

 Even though we have an OSPF pt-2-pt Interface on GE1 with only a single OSPF learned neighbor, we need to configure the neighbor address as Gateway address in the interface configuration.


Only then the necessary Default Route out GE1 will be automatically set-up.
 

 

 Using the default route out of an Wan Overlay enabled interface tunnel initiation messages will be sent and when they reach the selected Gateways Overlay tunnels via interface GE1 and MPLS will be set up.

 

 




 Now we have the necessary Tunnels 2 each to our 2 selected Gateways


RESUME: Whenever you need to manually configure IP-Address on an interface used also for WAN Overlay you additionally HAVE TO configure the upstream neighbor address as Gateway address

This concludes Part 1 of our journey into VMware SD-WAN High Availability. Stay tuned for further findings in that area.

Comments

Post a Comment

Popular posts from this blog

Orchestrator Upgrade to Version 5.2

Image
 Recently I upgraded my VMware SD-WAN lab from version 5.0 to 5.2. Since some previous versions the official documentation  recommends to ask TAC for help in upgrading.   Docu 5.2: Orchestrator Upgrade  But if you have an unsupported implementation, like I do, you need to do it on your own: Trying to copy the new version to the VCO failed and I found out that I needed to increase a disk volume How to increase disk volume on VCO is described in this blog:   VCO Upgrade to 4.5.x After increasing the disk size my copy succeeded   NOTE: I did not copy direct to the installation directory including a renaming, as once an upgrade started that file gets deleted and if there are any problems to have to redo the copy from outside.  vcadmin@vco-lab-254:~$ ls -l total 2504488 drwxr-x--- 2 root    root          4096 Aug 31  2022 20220831130007 -rw-rw---- 1 vcadmin vcadmin 2564587520 Aug 10 07:57 vco-debs-signed-5.2.0.3-R5203-20230809-GA-ff5cd1917e.tar vcadmin@vco-lab-254:~$ sudo cp vco-debs-signed
Read more

Deep Dive on DMPO and its Performance Features (available and missing) Part 1

Image
 In the last year I got quite deep insight into ther vendors SD-WAN implementation and also have seen what various vendors are critizising about the VMware DMPO features. Also there are a lot of misconceptions on the market around some of these features. So let´s try and evaluate and look a little bit deeper into typical performance features and the VMware implementation of them Features discussed in this Blog (Part 1) Per Packet Load Balancing Forward Error Correction (FEC) Packet Replication Latency Remediation The following Features will be discussed in Part 2 of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Per Packet Load Balancing  Unfortunately this term can be quite easily misinterpreted, when you Google for the term and get the following result:  This behaviour (often criticized by other vendors about VMware) as described above would only work quite well when you have very similar or equal connections. If for example 2 links have  both 10
Read more

Deep Dive on DMPO and its Performance Features (available and missing) Part 2

Image
  The following Features will be discussed in this second part of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Before diving into the mechanism here an important basic fact:     Remediation is never done for applications classified as LOW priority     TCP optimization TCP has some embedded traffic management capabilities for reliable traffic delivery  (window.size, slow-start, RTT handling,...)  But there are a bunch of factors which can negatively influence the performance, like Latency TCP-slow-start Last Mile network problems Out of Sequence packets Busty losses end host TCP limitations (missing fatures like SACK, windows scaling or timestamp options)  Typically TCP optimization helps on the transmission side and improve the download time for large data transfers over latency-high and lossy WAN links. But it can also be used for improving perfomance when on the receiver side the amount of buffers is limited and/or when the client is n
Read more