From 5ff5c7d618cda6531adf47f6af443f0024212cf7 Mon Sep 17 00:00:00 2001
From: medusa <newton214@gmail.com>
Date: Mon, 28 Jul 2025 15:04:19 -0500
Subject: [PATCH] Update tech_docs/networking/sdwan.md

---
 tech_docs/networking/sdwan.md | 113 ++++++++++++++++++++++++++++++++++
 1 file changed, 113 insertions(+)

diff --git a/tech_docs/networking/sdwan.md b/tech_docs/networking/sdwan.md
index 4c6c07b..4d7ea1e 100644
--- a/tech_docs/networking/sdwan.md
+++ b/tech_docs/networking/sdwan.md
@@ -1,3 +1,116 @@
+### **SD-WAN Site ID + Color + Management Subnet Integration Guide**  
+To build a **scalable, intuitive, and operationally efficient** SD-WAN fabric, we’ll combine:  
+1. **Site IDs** (Logical location identifiers)  
+2. **Colors** (Underlay transport identification)  
+3. **Management Subnet** (Front-door VRF for OOB/In-band management)  
+
+Here’s how to plan and implement them cohesively:
+
+---
+
+## **1. Hierarchy & Assignment Strategy**
+### **A. Site ID + Color + Management Subnet Relationship**
+| Component       | Purpose                          | Example Value          | Design Tip                  |
+|-----------------|----------------------------------|------------------------|-----------------------------|
+| **Site ID**     | Uniquely identifies a branch/DC  | `100` (HQ), `200` (Branch) | Use geographic encoding (e.g., `1` = Americas). |
+| **Color**       | Identifies WAN transport types   | `mpls`, `internet`, `lte` | Match colors to ISP/underlay (e.g., `verizon_mpls`). |
+| **Mgmt Subnet** | Dedicated subnet for OOB/In-band mgmt | `10.255.100.0/24` (VPN 0) | Isolate from data VPNs (1-511). |
+
+### **B. Structured Numbering Example**
+**Scenario**: A multinational with:  
+- **Region 1 (Americas)**: MPLS + Internet  
+- **Region 2 (EMEA)**: MPLS + LTE  
+
+| Site          | Site ID | System IP      | Colors (Transport)      | Management Subnet       |
+|--------------|---------|----------------|-------------------------|------------------------|
+| **HQ (Dallas)** | `100`   | `172.16.100.1` | `mpls_blue`, `biz_internet` | `10.255.100.0/24` (VPN 0) |
+| **Branch (NY)** | `101`   | `172.16.101.1` | `mpls_blue`, `biz_internet` | `10.255.101.0/24` (VPN 0) |
+| **DC (Frankfurt)** | `200`   | `172.16.200.1` | `europe_mpls`, `lte_backup` | `10.255.200.0/24` (VPN 0) |
+
+---
+
+## **2. Color Planning Best Practices**
+### **A. Standardize Color Naming**
+- Use **descriptive, consistent names**:  
+  ```plaintext
+  <carrier>_<type> (e.g., `att_mpls`, `comcast_biz_internet`)  
+  ```
+- Avoid generic names like `primary`, `secondary` (confusing at scale).  
+
+### **B. Color Redundancy Rules**
+- Assign **at least 2 colors per site** (e.g., `mpls` + `internet`).  
+- Use **BFD** for fast failover between colors.  
+
+### **C. Color Mapping to TLOCs**
+- Each **color** corresponds to a **TLOC** (Transport Locator).  
+- Example TLOC config:  
+  ```bash
+  vEdge(config)# vpn 0 interface ge0/0  
+    tunnel-interface  
+      color mpls restrict  # Restrict to MPLS underlay  
+  ```
+
+---
+
+## **3. Management Subnet (Front-Door VRF)**
+### **A. Key Requirements**
+- **Isolation**: Always in **VPN 0** (not shared with service VPNs 1-511).  
+- **Subnet Size**: `/24` recommended (supports up to 254 devices).  
+- **OOB vs. In-Band**:  
+  - **OOB (Out-of-Band)**: Physically separate interface (e.g., `ge0/0`).  
+  - **In-Band**: Shared with control traffic (VPN 0).  
+
+### **B. Addressing Scheme**
+```plaintext
+10.255.<Site ID>.0/24  
+Example:  
+- Site ID 100 → `10.255.100.0/24`  
+- Site ID 200 → `10.255.200.0/24`  
+```
+**Benefits**:  
+- Predictable IPs (easy troubleshooting).  
+- No overlaps with service VPNs.  
+
+### **C. vManage Integration**
+- Define management subnets in **vManage Templates**:  
+  ```bash
+  device vpn 0  
+    interface eth0  
+      ip address 10.255.100.1/24  
+      tunnel-interface  
+        color biz_internet restrict  
+  ```
+
+---
+
+## **4. Putting It All Together: Design Checklist**
+1. **Site IDs**: Geographic/role-based, unique, documented in IPAM.  
+2. **Colors**: Named after carriers, assigned to TLOCs, redundant.  
+3. **Management Subnet**: `/24` in VPN 0, OOB preferred.  
+4. **System IPs**: Align with Site ID (e.g., Site ID `100` → `172.16.100.1`).  
+
+---
+
+## **5. Common Pitfalls**
+❌ **Color Conflicts**: Reusing `mpls` for different ISPs (use `att_mpls`, `verizon_mpls`).  
+❌ **Mgmt Overlaps**: Sharing `10.255.100.0/24` across sites (always subnet per site).  
+❌ **Unstructured Site IDs**: Random numbers (hard to scale beyond 50 sites).  
+
+---
+
+### **Final Topology Example**
+```plaintext
+Site ID: 100 (Dallas HQ)  
+- System IP: 172.16.100.1  
+- Colors: mpls_blue, biz_internet  
+- Mgmt Subnet: 10.255.100.0/24 (VPN 0)  
+- Service VPNs: 10 (LAN), 20 (VoIP)  
+```
+
+Need a **vManage screenshot** or **CLI snippet** for color configuration? Let me know!
+
+---
+
 To **bring up an SD-WAN fabric**, you need to configure key components correctly. Below is a **concise, step-by-step breakdown** of the essentials, along with **critical design considerations**.
 
 ---