SD-WAN

 View Only
last person joined: 3 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
  • 1.  Combining services

    Posted 01-21-2019 23:40
    Hello,

    Let's say I have a service-route installed on some remote, which is used to redistribute routes coming from BGP from local cisco site router into SVR and populate them to other routers. This service-route references to service, which has only network 0.0.0.0/0 with security and service policy assigned. It works normally and appropriate service route is auto-generated on all required routers. Let's name it like "remote-subnets-from-bgp". 

    For example, I have another service defined, let's say it is SSH (TCP/22). For these SSH connections I need to use different service policy and security policy. So this route should contain 0.0.0.0/0 as service address and TCP/22 for service transport. Let's name it "Application-SSH". 

    Is there any way to combine "remote-subnets-from-bgp" and "Application-SSH" without creating a service-route on my remote router with "Use Learned Routes" type for each application-specific service like "Application-SSH"? Or is there is a way to auto-generate such service-routes? 

    #BGP #ssh
    Thank you


    ------------------------------
    Ivan Minin
    Houston TX
    (346) 319-6699
    ------------------------------
    ​​


  • 2.  RE: Combining services

    Posted 01-25-2019 10:55
    Hi @Ivan - I see you have yet to get an answer on this question. I believe @Vanya and @Justin have been working on some training materials that cover this topic. Do either of you have some information you can provide to Ivan? ​

    ------------------------------
    Victoria Smiley
    Interchange Community Manager
    Burlington MA
    ------------------------------



  • 3.  RE: Combining services

     
    Posted 01-25-2019 20:34
    Hi @Ivan Minin,

    First off, thank you so much for your question! ​

    Now, let me see if I am understanding what you are asking before I attempt to answer. You currently have a service called "remote-subnets-from-bgp" and it has a service-route that works correctly. You need to create a different service for "Application-SSH" because this has different service and security policies. So you are wondering if you can make the configuration of service-routes easier by using the same service-route you already have configured. Did I understand this correctly?

    @peetee, correct me if I am wrong, but unfortunately, I believe the answer is no, and that's just due to the fact that the service-routes are tied to the service. 

    Now, if it does help at all, you can clone your existing service-routes and then just change the service. This will at least make some of the configuration easier, but it does not automate the whole process.

    Also, as for the auto-generation of service-routes. In order for that to happen, you need to:
    1. be in a neighborhood that has access to the service
    2. already have a service-route to this service defined
    3. make sure you have Share Service Routes in the service set to enabled (which is the default)

    The second point there is the reason I don't think this will work in your case, or at least doesn't make it easier. You will still need to make 1 service-route headed to the SSH service that the 128T can use to auto-generate the other services. 

    Let me know if I understood your original question correctly and if my answer helped at all. 

    Thank you,
    Justin



    ------------------------------
    Justin Melloni
    Documentation/Training Specialist
    MA
    ------------------------------



  • 4.  RE: Combining services

     
    Posted 01-25-2019 21:11
    Yep, you got it Justin!

    While your three points about service-route generation are accurate, I'd phrase it a little differently.

    1. One of your routers must have an explicitly defined (not auto-generated) service-route to get to the service.
    2. The share-service-routes setting in that service must be set to true.

    If these two things are both true, then the Conductor will build service-routes for all directly adjacent routers to the one with the explicit service-route. (Direct adjacency is determined by two routers having interfaces in a common neighborhood with "compatible" topology types.)

    ------------------------------
    pt.
    ------------------------------



  • 5.  RE: Combining services

     
    Posted 01-25-2019 21:12
    Here's a document I wrote on the topic a while back. Old, but still relevant.

    ------------------------------
    pt.
    ------------------------------



  • 6.  RE: Combining services

    Posted 01-31-2019 00:18
    Dear all,

    Thanks for explanations. It is clear now!

    ------------------------------
    Ivan Minin
    Houston TX
    (346) 319-6699
    ------------------------------