Control Plane – SD-WAN Design

By | 03/15/2023
0 Comment

The vSmart component resides in the control plane. vSmart controllers provide routing, enforce data plane policies, and enforce network-wide segmentation. Because policies are created on vManage, vSmart is the component responsible for enforcing these policies centrally. It is the “brains” of the architecture. vEdge routers communicate their routing information with the vSmart controllers, not to each other. Overlay Management Protocol (OMP) is used for this vEdge-to-vSmart communication.

Data Plane

The vEdge component resides in the data plane. vEdge routers are responsible for establishing the network fabric and forwarding traffic; they bring up IPsec and GRE tunnels between sites. vEdge routers can be virtual or physical. vEdge routers establish a control channel to vSmart controllers and IPsec tunnels to other vEdge devices to form the overlay network. A vEdge router implements data plane and application-aware routing policies and exports performance statistics.

For clarity in nomenclature, the service side of a vEdge device is the LAN side (interfaces), and the transport side is the WAN interfaces (MPLS/IPsec).

vEdge Color Attributes

A color attribute on a vEdge router is used to identify WAN transport tunnels. Private colors are used for private networks or where there will be no NAT addressing of the transport IP endpoints. Predefined private colors include metro-ethernet, mpls, private1, private2, private3, private4, private5, and private6. When using a private color, a vEdge device is using a native private underlay IP.

vEdge devices use public colors where tunnels will be built to the post-NAT IP address. Predefined public colors include 3g, biz, internet, blue, bronze, custom1, custom2, custom3, default, gold, green, lte, public-internet, red, and silver.

Overlay Management Protocol

Overlay Management Protocol (OMP) manages the overlay network. This protocol runs within the TLS or DTLS tunnels formed between vEdge routers and a vSmart controller. Communication between a vSmart controller and vEdge routers includes route prefixes, next-hop routes, crypto keys, and policy information. OMP advertises three types of routes:

  • OMP routes: OMP advertises prefixes learned at the local site, including static, OSPF, or BGP routes. These routes are also called vRoutes.
  • TLOC routes: Transport location (TLOC) routes are logical tunnel termination points on WAN edge routers that connect to the transport network.
  • Service routes: OMP advertises routes for services such as firewalls, intrusion prevention, application optimization, and VPN labels.

OMP routes include the following attributes:

  • TLOC: This is the transport location identifier of the next hop for OMP routes. It is similar to the BGP NEXT_HOP attribute. A TLOC consists of three components:
    • System IP address of the OMP speaker that originates the OMP route
    • Color to identify the link type (for example, mpls, metro-ethernet)
    • Encapsulation type on the transport tunnel (IPsec or GRE)
  • Origin: This is the source of the route, such as BGP, OSPF, connected, or static, and the metric associated with the original route.
  • Originator: This is the OMP identifier of the originator of the route, which is the IP address from which the route was learned.
  • Preference: This is the degree of preference for an OMP route. A higher preference value is more preferred.
  • Service: This is the network service associated with the OMP route.
  • Site ID: This ID identifies a site within the SD-WAN overlay network domain to which the OMP route belongs.
  • Tag: This is an optional transitive path attribute that an OMP speaker can use to control the routing information it accepts, prefers, or redistributes.
  • VPN: This is the VPN or network segment to which the OMP route belongs.

TLOC routes contain the following attributes:

  • TLOC private address: This is the private IP address of the interface associated with the TLOC.
  • TLOC public address: This is the NAT-translated address of the TLOC.
  • Carrier: This is an identifier of the carrier type, which is generally used to indicate whether the transport is public or private.
  • Color: The color identifies the link type.
  • Encapsulation type: This is the tunnel encapsulation type.
  • Preference: This is the degree of preference that is used to differentiate between TLOCs that advertise the same OMP route.
  • Site ID: This ID identifies a site within the SD-WAN overlay network domain to which the TLOC belongs.
  • Tag: This is an optional transitive path attribute that an OMP speaker can use to control the flow of routing information toward a TLOC. When an OMP route is advertised along with its TLOC, both or either can be distributed with a community tag, to be used to decide how to send traffic to or receive traffic from a group of TLOCs.
  • Weight: This value is used to discriminate among multiple entry points if an OMP route is reachable through two or more TLOCs.

Leave a Reply

Your email address will not be published. Required fields are marked *