SD-WAN

 View Only
last person joined: 17 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
  • 1.  Assigning Different Tenants on a Redundant Interface

     
    Posted 09-18-2018 00:00
    I have an HA router with a redundant LAN interface. I want to set different ordering of next hops depending on whether traffic enters via one nodes LAN Phy or the others. I tried assigning different tenants to the LAN interfaces on the two nodes, respectively. This would let me pin traffic entering via the two LAN interfaces to different services, and I can control next-hop ordering by assigning different service policies to those services. However, the two-tenant approach doesn't pass config validation. I guess that makes sense since we are trying to preserve existing sessions in the event of a failover... Given that limitation though, how do I accomplish my goal?

    #HighAvailability #Tenants​​​


  • 2.  RE: Assigning Different Tenants on a Redundant Interface

     
    Posted 09-18-2018 00:00

    Can you elaborate on why you want to order your next hops differently? Generally speaking, a "redundant" interface is logically equivalent irrespective of which node is currently controlling it. What it sounds like you want is something other than a redundant interface (like a ""quasi-redundant"" interface).

    If it's because you want to prefer a local node's egress interface as opposed to an egress interface that is reachable via a dogleg, is it something you can configure with redundancy groups?



  • 3.  RE: Assigning Different Tenants on a Redundant Interface

     
    Posted 09-18-2018 00:00

    @peetee, in your last paragraph you basically echoed my problem statement, which is to prefer a local egress interface for traffic, rather than using the dog-leg. Redundancy groups is a good idea, but it doesn't help when I have two non-redundant WAN interfaces on their respective nodes.

    We have a similar issue with management traffic being handled through the WAN forwarding interface, because we use the same tenant called "_internal_" on both nodes' "kni254" interfaces. So again there is no way to set policy for preferring the local egress WAN interface. 

    Now, the way I get around the latter issue, with outbound management traffic, is I create my own KNI host interface, say kni24, and put different tenants on them depending on the node where it's located. Once I have different tenants, I can set granular egress policy.

    Obviously I can't do that with the redundant LAN interface because I can't name tenants differently on the two nodes. So, this looks like an Epic to me.



  • 4.  RE: Assigning Different Tenants on a Redundant Interface

     
    Posted 09-18-2018 00:00

    Well, I'm not sure what your aversion is to doglegs, but cynophobia aside this "feels" wrong. I don't think that redundant interfaces should be handled differently. Remember, these are two nodes of one router, not two different routers.

     I don't have a lab system with redundant interfaces at the moment, but will the validator complain if you have two different neighborhoods on the respective interfaces? If not, you could hack it together by associating membership in the two neighborhoods differently. But I really advise against it, and unless you have a compelling reason to avoid the dogleg then embrace it.

    (It begs the question as to why the dogleg is there to begin with?)