medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update tech_docs/networking/sdwan.md

Browse Source
This commit is contained in:
medusa
2025-07-28 15:04:19 -05:00
parent ecfb73f484
commit 5ff5c7d618
1 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
tech_docs/networking/sdwan.md
View File

@@ -1,3 +1,116 @@
### **SD-WAN Site ID + Color + Management Subnet Integration Guide**
To build a **scalable, intuitive, and operationally efficient** SD-WAN fabric, well combine:
1. **Site IDs** (Logical location identifiers)
2. **Colors** (Underlay transport identification)
3. **Management Subnet** (Front-door VRF for OOB/In-band management)
Heres how to plan and implement them cohesively:
---
## **1. Hierarchy & Assignment Strategy**
### **A. Site ID + Color + Management Subnet Relationship**
| Component | Purpose | Example Value | Design Tip |
|-----------------|----------------------------------|------------------------|-----------------------------|
| **Site ID** | Uniquely identifies a branch/DC | `100` (HQ), `200` (Branch) | Use geographic encoding (e.g., `1` = Americas). |
| **Color** | Identifies WAN transport types | `mpls`, `internet`, `lte` | Match colors to ISP/underlay (e.g., `verizon_mpls`). |
| **Mgmt Subnet** | Dedicated subnet for OOB/In-band mgmt | `10.255.100.0/24` (VPN 0) | Isolate from data VPNs (1-511). |
### **B. Structured Numbering Example**
**Scenario**: A multinational with:
- **Region 1 (Americas)**: MPLS + Internet
- **Region 2 (EMEA)**: MPLS + LTE
| Site | Site ID | System IP | Colors (Transport) | Management Subnet |
|--------------|---------|----------------|-------------------------|------------------------|
| **HQ (Dallas)** | `100` | `172.16.100.1` | `mpls_blue`, `biz_internet` | `10.255.100.0/24` (VPN 0) |
| **Branch (NY)** | `101` | `172.16.101.1` | `mpls_blue`, `biz_internet` | `10.255.101.0/24` (VPN 0) |
| **DC (Frankfurt)** | `200` | `172.16.200.1` | `europe_mpls`, `lte_backup` | `10.255.200.0/24` (VPN 0) |
---
## **2. Color Planning Best Practices**
### **A. Standardize Color Naming**
- Use **descriptive, consistent names**:
```plaintext
<carrier>_<type> (e.g., `att_mpls`, `comcast_biz_internet`)
```
- Avoid generic names like `primary`, `secondary` (confusing at scale).
### **B. Color Redundancy Rules**
- Assign **at least 2 colors per site** (e.g., `mpls` + `internet`).
- Use **BFD** for fast failover between colors.
### **C. Color Mapping to TLOCs**
- Each **color** corresponds to a **TLOC** (Transport Locator).
- Example TLOC config:
```bash
vEdge(config)# vpn 0 interface ge0/0
tunnel-interface
color mpls restrict # Restrict to MPLS underlay
```
---
## **3. Management Subnet (Front-Door VRF)**
### **A. Key Requirements**
- **Isolation**: Always in **VPN 0** (not shared with service VPNs 1-511).
- **Subnet Size**: `/24` recommended (supports up to 254 devices).
- **OOB vs. In-Band**:
- **OOB (Out-of-Band)**: Physically separate interface (e.g., `ge0/0`).
- **In-Band**: Shared with control traffic (VPN 0).
### **B. Addressing Scheme**
```plaintext
10.255.<Site ID>.0/24
Example:
- Site ID 100 → `10.255.100.0/24`
- Site ID 200 → `10.255.200.0/24`
```
**Benefits**:
- Predictable IPs (easy troubleshooting).
- No overlaps with service VPNs.
### **C. vManage Integration**
- Define management subnets in **vManage Templates**:
```bash
device vpn 0
interface eth0
ip address 10.255.100.1/24
tunnel-interface
color biz_internet restrict
```
---
## **4. Putting It All Together: Design Checklist**
1. **Site IDs**: Geographic/role-based, unique, documented in IPAM.
2. **Colors**: Named after carriers, assigned to TLOCs, redundant.
3. **Management Subnet**: `/24` in VPN 0, OOB preferred.
4. **System IPs**: Align with Site ID (e.g., Site ID `100` → `172.16.100.1`).
---
## **5. Common Pitfalls**
❌ **Color Conflicts**: Reusing `mpls` for different ISPs (use `att_mpls`, `verizon_mpls`).
❌ **Mgmt Overlaps**: Sharing `10.255.100.0/24` across sites (always subnet per site).
❌ **Unstructured Site IDs**: Random numbers (hard to scale beyond 50 sites).
---
### **Final Topology Example**
```plaintext
Site ID: 100 (Dallas HQ)
- System IP: 172.16.100.1
- Colors: mpls_blue, biz_internet
- Mgmt Subnet: 10.255.100.0/24 (VPN 0)
- Service VPNs: 10 (LAN), 20 (VoIP)
```
Need a **vManage screenshot** or **CLI snippet** for color configuration? Let me know!
---
To **bring up an SD-WAN fabric**, you need to configure key components correctly. Below is a **concise, step-by-step breakdown** of the essentials, along with **critical design considerations**.
---