"High Away Blues Nr 1" or Challenges in Edge High Availability Part 1: VRRP HA

 

Configuring different High Availability Features one Branch Setup in my lab was using an MPLS CE-Router and VRRP to allow a restricted Fault Tolerance.

When the VMware SD-Wan Edge goes down, there is still a working MPLS connectivity via the CE Router, which means the Branch in that case behaves like a NSD (Non-SD-Wan enabled site) and you need to have a forwarding via either a hybrid Partner Gateway or Hybrid HUB site to still be able to reach all necessary destinations.


 The MPLS-facing CE-Router in my case is a Cisco IOS L3 Router, MPLS connectivity for that customer is using OSPF

 On the VCO the Edge BR-20 has the corresponding VRRP-setting

 

GE1 is the Link from Edge to the CE-Router using pt-2-pt OSPF


 In the WAN Settings GE1 is marked as User Defined Wan Overlay of type Private Wired named MPLS-Cust-2


 The necessary Enable Wan Overlay Flag is correctly set, telling the Edge to also build Overlay tunnels to Gateways using that connection towards MPLS via the CE-Router

BUT ...

  

Unfortunately the MPLS Overlay does not come up with that configuration

But we see that our VRRP configuration is also detected and up

When using the List Paths in the Remote Diagnostics section we only see overlay tunnel built to 2 Gateways via the 110.1.1.0/24 Internet connection

So now we have a seemingly correct configuration, but no Overlay tunnels over MPLS

 Let´s have a look into one of the MUST-HAVE (and MUST-READ) documents

 "SD-WAN Reference Design Guide" White Paper April 2019

 On page 7 we find some useful information regarding requirements so that Tunnel initiation message will be sent out and reaches the defined SD-Wan Gateways


 So according to the info found here we specified all the necessary information for Wan Overlay

 

Looking further into the Edge BR-20  we can find all necessary MPLS destinations learned via OSPF and primarily pointing to the GE1 interface towards the MPLS CE-Router

 

Looking further into the above mentioned Reference Guide you can find on Page 8:


 But again we have 2 Gateways as remote peers connected to the correct MPLS/vrf as well, so that requirement is given in our case

 

 

 However the only thing missing is the automatic Default Route pointing out interface GE1



 



 

Unfortunately I did not get any useful information from the official VMware SD-WAN documentation .

After some useless tries by comparing route table with other working SD-WAN Edges, I found the solution. 


 

 Even though we have an OSPF pt-2-pt Interface on GE1 with only a single OSPF learned neighbor, we need to configure the neighbor address as Gateway address in the interface configuration.


Only then the necessary Default Route out GE1 will be automatically set-up.
 

 

 Using the default route out of an Wan Overlay enabled interface tunnel initiation messages will be sent and when they reach the selected Gateways Overlay tunnels via interface GE1 and MPLS will be set up.

 

 




 Now we have the necessary Tunnels 2 each to our 2 selected Gateways


RESUME: Whenever you need to manually configure IP-Address on an interface used also for WAN Overlay you additionally HAVE TO configure the upstream neighbor address as Gateway address

This concludes Part 1 of our journey into VMware SD-WAN High Availability. Stay tuned for further findings in that area.

Comments

Post a Comment

Popular posts from this blog

Deep Dive on DMPO and its Performance Features (available and missing) Part 1

Image
 In the last year I got quite deep insight into ther vendors SD-WAN implementation and also have seen what various vendors are critizising about the VMware DMPO features. Also there are a lot of misconceptions on the market around some of these features. So let´s try and evaluate and look a little bit deeper into typical performance features and the VMware implementation of them Features discussed in this Blog (Part 1) Per Packet Load Balancing Forward Error Correction (FEC) Packet Replication Latency Remediation The following Features will be discussed in Part 2 of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Per Packet Load Balancing  Unfortunately this term can be quite easily misinterpreted, when you Google for the term and get the following result:  This behaviour (often criticized by other vendors about VMware) as described above would only work quite well when you have very similar or equal connections. If for example 2 ...
Read more

Deep Dive on DMPO and its Performance Features (available and missing) Part 2

Image
  The following Features will be discussed in this second part of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Before diving into the mechanism here an important basic fact:     Remediation is never done for applications classified as LOW priority     TCP optimization TCP has some embedded traffic management capabilities for reliable traffic delivery  (window.size, slow-start, RTT handling,...)  But there are a bunch of factors which can negatively influence the performance, like Latency TCP-slow-start Last Mile network problems Out of Sequence packets Busty losses end host TCP limitations (missing fatures like SACK, windows scaling or timestamp options)  Typically TCP optimization helps on the transmission side and improve the download time for large data transfers over latency-high and lossy WAN links. But it can also be used for improving perfomance when on the receiver side the amount ...
Read more

Secure Edge CLI Access: Addditional Useful Commands and Parameter

Image
 additionally to the possible commands and paramteres described in the docu Secure Edge CLI: Output Examples V5.2 there are a lot of useful commands and procedures you can use  Here some of the commands which does not have a direct representation in the Remote Diagnostics debug --dec  <shows the actual detailed status and QOE for each path RX and TX>   debug --peer_stats all <shows packet counts and peer-is for all peers> the peer-id is needed for a detailed dump of peer statistics per peer diag PATHS_DUMP --peer <peer-id> <shows counter and QOE parameters for all paths to a specific peer> for a nice display you need a terminal window of 350 chars/line if you have priviledged shell access you can also use cd /opt/vc/bin in this directory you find a lot of internal but useful prgrams, phyton or shell scripts like...  ./dispcnt here an example for usage:   ./dispcnt -s  bgp -t 15 -z   shows all non-zero bgp counter updated e...
Read more