Cisco SD-WAN 010 - Service VPN1 Static Routes via CLI and Templates

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

how's it going everybody in this video we're going to continue on the uh setting up the service vpn for basic operations where in this video we're going to focus on static routes so that's going to be a static route configured on the v-edge to point to loopbacks or connected lan segments that are attached to devices behind the v edge so for example if vh1 here if i should say over here v edge one here needs to reach something on switch 16 or router five or something along those routes that are more than one hop away and it's not disconnected link between switch 16 and v edge one that you need a static route in order to to reach that so we're gonna put configure the static routes underneath the service vpn so it's that's a service bpm specific configuration and so in other words we'll go to the vpn template uh the feature template and will add a static route and then we'll push that config down to the appropriate and we're going to the appropriate v edges no it'll be have to be device specific so that we can go in and adjust those devices accordingly because you wouldn't want to have the same subnet in multiple locations so in that case there this is basically what you'll end up needing to do so static routes will be configured on the v edges to point to subnets that are behind or more than one hop away from the v edge so there are other options like ospf or bgp in this case but we'll take a look at those in later videos so right now we're just doing just the extreme basics right now with the routing so let's go ahead and take a look at this from the cli perspective so the cli is pretty much always going to be the easier way of doing this so let's go ahead and type in admin and then admin again and go to global config and underneath vpn one on switch 16 there's a number of i've got to bring this all the way over so let's go ahead and take a look at the show ip interface brief and i have a connection to a couple different subnets that i want to be able to reach i have a loopback address here of 10 116. i also have you can you can disregard vlan 109 so i'll type in no vlan 109. and no interface vlan 109 okay we'll take a look at the connected link between switch 16 and router 5 so this 10-5-16 so what we're going to actually do on for v-edge one we're going to create two static routes one for the prefix to get to 10-116 i'm sorry the 10-1-0-16 so loop back of router's switch 16 and then this connected link between router 5 and switch 16. we'll do that real quick get that guy squared away now in the v managed piece of this if you want to create multiple static routes you can you just have to make sure that they are different in some way so for example you need to make sure if you're going to say create two default routes that you're not creating the same default route globally right so if you go to the global option that you don't set global default route global default route so if you do that then you're going to have a duplicate entry and then the v8 will reject it you need to have some sort of uniqueness per static route in order for it to work and we'll take a look at exactly how that comes into play because we have some subnets on each one of the edges or on the router sitting behind the b edges so for example 14 14 14 14 32 and then some loopback address that's simulating a connected lan segment so we're going to create static routes for both just so you can see how that comes into play so let me go ahead and get out of the way and get this configured we're going to type in iprout to 1010.1632 with the next top of 10.1.16.16 and hit the enter key i'm also going to type in ip route to 10.5.16.0.24 via 10.1.16.16. so a quick show config of that breakdown that's the configuration that i'm going to throw at the router i'm going to go ahead and commit that now on router 5 here we go ahead and do a show ip interface brief real quick that interface is connected and if i was to i'm going to go ahead and throw gig zero one into a vrf so we've talked briefly about vrfs already on for the service vpn how vpn 0 is different than vpn512 and how the transport vpn is different than the service vpn they're two separate vpns or two different vrfs so i'm going to show you how to create a vrf on a router it's really simple and this will be what they refer to as vrf lite where you create a vrf that does not have anything to do at all with mpls if it's an mpls vrf in other words a vrf created on a provider edge router and an mpl's vpn service then that is not vrf light because then you're using vrfs to separate customer a from customer b and then you're using mpls to get from the ingress pe router to the egress pd router through the sd uh from through the mpls backbone so let's take a look at exactly how to do that i'm going to come up here and type in vrf definition and i'm going to just type in i'll say sd-wan and then the address family will be ipv ipv4 unicast and that the route distinguisher value will be 5 colon 5. something very simple do oh i've already got it configured so do show run section vrf i don't remember typing that command in on this box oh it's already set okay cool um so let's go ahead and do show run interface gig zero slash one right now oh he's already in a vrf okay perfect i forgot that i had done that already so when you create the vrf sd-wan you then place the ip address on the interface and then you're squared away so if i do show ip route vrf sd when i don't have a static route but i am learning ospf routes from the from this guy so if we were to do a show ip route do show ifp route so he's got that's a little bit weird why does he have ospf routes do show ip route do show run section vrf i don't remember creating a vrf on oh you know why i know why there's no vrf configured but do show ip ospf interface brief i do have it running on that interface so do show ip ospf neighbors i do have an active connection with router 5 so we're good to go there so what i'm going to go do is i'm going to go back to vh5 or router 5 where is router 5 router 5 is right there and i'm going to type in iprout vrf sduan zero to 0.0.0.0.0.0 uh 10.5.16.16 and then do show ip vrf sd when now i have a default route back to it so in when we come when it comes time to test connectivity from router 5 or from the switch i'll be able to send the traffic out the vrf so there we're good to go there so now if i go back to vh1 and i've committed the config do show iprout vpn1 we can see that these routes are uh we have a static route at the 10-5-16 right here and we also have 10-1 0-16 right there now if i look at the be smart show omp appears i should be receiving more prefixes in from the edge one i'm receiving six in now if i go to bh3 and show ip route vpn 1 i should be receiving 10 1 here and i'm also 10 5 16 there okay so the cli piece is done right pretty straightforward not very complicated right simple static routes what i'm going to do now is we're going to jump into the v manage and get him squared away and get all that dialed in so that won't be very difficult so let's go ahead and start that process up now so the way to do that is on the v manage go ahead and log in real quick and underneath here we're going to have to go to the feature vpn feature template for each vpn and add a static route it's uh sometimes it does this to me i don't know why it does that it just it's weird that way okay so what we're going to do is configuration and then templates and then on feature templates for each one of those devices so we're going to say dual side first we'll just get that one out of the way since we're right here so for vpn one so the vpn one template not the interface but the template itself for the vpn go ahead and edit this and underneath the ipv4 route this is where we're going to set so we're going to say on vh2 right what we're going to do is we're going to create two static routes we're going to create static route and we're going to say prefix in this case here will be we could say device specific if we want to but we don't need to really we're going to type in um actually you know what in this case here i will go device specific because you might have other the edge other locations that have dual v edges so we're going to say device specific the ipv4 vpn 1 ipv4 prefix like so and then i'm going to set the next top the next top here i'm going to say device specific as well so we'll type in vpn 1 and the next hop ip like so okay and then add okay so that's been added so i'm going to go you can make this optional as well if you want to which means that you don't have to pro populate the field if you don't want to i'm going to go ahead and add i'm also going to create a new ipv4 route i'm going to create two of them so could you get more specific you could but in this case here i'm not going to i'm going to say device specific for vpn one for some reason moving the hover away removes it i don't know why it does that there we go vpn one ipv4 prefix and then the next top will be again device specific and we'll type vpn one next up ip get rid of all this and add and then add one more time or oh yeah you have to give it a different name that's right i forgot about that's another variable you have to it has to be unique so what we're going to do is on vpn 1 ipv4 prefix we'll say vpn one i'll put in here loop loopback prefix okay that that does that and then i'll create a new ipv4 route and this one will be uh lan one so you can make that a lan one prefix and go from there and then we're gonna say next top we'll put in here mix up ip a lan one lan one there we go it's gotta be specific click on add and then mark is optional as well and then add okay so now if i were to go in here and look at this we've got vpn one ipv4 prefix the neck and we also have this one here which would be the loopback or that's lan let me just make sure that this one is unique loopback prefix like so save changes okay so if we were to go here and look at this it's the vpn one ipv4 loopback prefix with the next top next top is there we go and then this one here is going to be the vpn one ipv4 lan prefix so it's going to be the subnet associated to it so it's unique to what we're doing so there we go so i'm going to go ahead and i'm going to click on update and now we have to go in here and populate the field so this is going to be vh2 notice we have the two two variables so we're going to come in here and edit device template and so we have a couple of things we have the these are optional so if you have a site that doesn't need the config you don't have to push it so this year the prefix that we're going to point to is going to be 10.1.0.1 32 and then we're going to say the land1 prefix is going to be 10.5.16.0.24 and the next top will be 10.2 and 10.2.16.16. we're going to use the same next top ipd reach both i'm going to go ahead and click on update and then click next and then we're going gonna do a config div to see what the update looks like it'll be the exact same stanza that we saw for the cli variation but we're gonna go under vpn one and we should see that we're gonna say in order to reach the loopback address of switch 16 point to 10.2.16.16 and in order to reach the prefix of 10.5 at 16. 0 24 same point to the next stop ip go ahead and configure devices and then i'm going to push that config all right well the push was good so if we were to pull up the cli and look at vh2 let's go ahead and log in real quick and show iprout for vpn1 we should have two static routes we have we have those going to the next top so i should be able to ping 10.1.0.16 and unfortunately it defaults to vpn zero so vpn one there it goes i can ping that i should be able to ping 10.5.16.5 from vpn one as well and i can't which means that because the edge 2 can reach it then so should the rest of the devices okay so let's go ahead and back to templates and let's do the same configuration for the other the other devices so we did the dual site let's go ahead and knock out the single site so i'm going to go to feature template and i'm going to adjust this for each one so let's do let's do single site vpn one template let's go ahead and edit that then under ipv4 route i'm going to create an ipv4 route it's going to be device specific and i'm going to type in vpn 1 and then i'm going to say ipv4 loopback prefix there we go and then next top add next top device specific and it'll be vpn one i hate that when you mouse off of the feel that it goes away next top vpn next hop being one next top ip let's say loopback next top ip get rid of all this other extraneous information right there there we go and add and then add one more time mark is optional and add we're going to create one more this one will be vpn 1 ipv4 prefix like so this will be lan 1 prefix lab one not lab one lan one and then add next top this will be the device specific as well vpn one next hop we're going to say this would be uh lan one next top ip address get all that squared away and then add and then add one more or less go ahead and edit this one mark is optional save changes and then update and then we'll have to do the necessary updates for this one as well so we're going to go ahead and we'll say edit device configs so here we have in this case here since we're going to these sites over here let me go ahead and minimize this for the moment so we're going to go to [Music] this is going to 10 3 so we're going to want to be specific to that site so this will be the loopback will be 13.13.13.13 32 and to 10.3.130 and we have 10.3.13.13 and 10.3.13.13. now you might be wondering why are you adding the same next top ip if they're the same why can't you just do that globally you could 100 but what i'm trying to show you is that you might be pointing to different devices so one might be going to core switch one one might be going to core switch two and you don't want to you're in any diff different next top ips so that's why i'm just trying to show you that it is possible to do that so i'm gonna go ahead and click on update and then do the same thing for 14. so this one here is going to be um i'm sorry in this case here would be uh 15. so 15.15.15.15 32 and then 10.4.150.0.24 value 10.4.15.15 and 10.4.15.15 and click on update go ahead and click on next grab the output real quick make sure everything is squared away and then once there we go config diff we're going to add in those two static routes a lot of configuration for just a little bit about editing or should say adding and go ahead and click on configure devices push it out to both click on ok and then i will pause until this is all squared away so a question you might have do you have to sit here and wait no you don't you could be you could have this opened up in multiple tabs you could say open a new tab and you can go do your template configuration over here and then do a new push but to be honest with you when you start doing too many things at the same time and i lose track i will very easily lose track of what i'm doing and especially if i get distracted by something i tend to like to focus on what it is that i'm doing and wait until i'm done with what i'm doing before i move on to the next task because can i multitask i can't i can be on the phone with somebody talking about something and then be able to focus on something else if it's something pretty simple like configure an ip address if i have the information right in front of me so i can do both at the same time and maintain a conversation or listen to somebody but if i'm trying to focus on two things that are pretty critical i can i can't really only focus on one it just i'm human i'm good at what i do but i'm human so to negate the possibility of making a mistake i'd rather focus on one thing like i am right now then have multiple tabs open and try to get go faster because i find the faster you go the more errors you tend to make so if you go slow but smooth is it slowest smooth smooth is fast i forget who said that but i've heard a lot of military folks refer to that slow smooth smooth as fast because when you're able to get into a groove and things are going you know step one two three four five six seven you're doing them in the correct order and you're not trying to do step two three and four at the same time and then you end up forgetting what you did that's when i find problems creep into play and i'm trying to avoid though those trying to show you how i do things so with that being said we should be good to go there so let's go pull up our cli and make sure that vh3 has a couple of static routes in it for those prefixes and there you go i have um i have 10 4 150 and i have 15 15 15 15 coming across so everything's working the way that i needed to last but certainly not least let's go ahead and do the templates for the mpos only site so feature go to feature click in here go to mpls only and for the vpn one template we're going to go ahead and edit this add ipv4 route let's go ahead and bring this guy over so we can see what we're going to be adding ipv4 route new ipp4 route globally for the prefix and we're going to say that this is we'll say vpn 1 underscore loopback ipv4 prefix mark is optional then add next top i'm going to show you that you can add the next top globally so in this case here i'll type in 10.5.14.14. now that i'm sorry 14 like so now my next top is global i won't set it to i won't have to type that in again click on add i'm going to add another ipv4 route did i not add oh i didn't add it next top is global cancel add there we go so add a new ipv4 route there we go uh the prefix is going to be device specific this will be vpn one yeah i can't stand when i mouse off when i mouse away messes me up every time on the prefix itself this will be vpn one lan 1 ipv4 prefix that's good to go next top we'll say is going to be 10. 5.14.14 then and add and then add markers optional add again so there we have it so i'm gonna go and click on update give that a couple seconds for it to do its push and i'm gonna go edit the device template you're gonna see that the only thing i need to update here is the loop the prefix so it's going to be in this case here 14.14.14.14 32 and then 10.5.140.0624. i don't need to specify the next top ip because it's already been defined i'm going to go ahead and click on update click on next and then do a config diff and you'll see what i mean so there are multiple ways of doing it you just have to go in there and play with it so let's go ahead and config diff vpn one there you go 10 5 140 14 14 14 14 both settings in the next stop ip configure devices and we're going to go ahead and i'll pause until this is done okay so the push was good so let's go take a look at vh5 so i'm going to go log in admin and admin and do a show ip route so i should have those routes in the routing table 14 14 14 14 and then 10 5 14 or 140 excuse me and you'll notice i have all those other prefixes in here as well which is what i want so now if i go to 14 for example here and i do a show ip route right i have a default route if i let's go ahead and minimize this guy so let's go take a look at this if i try to ping 15.15.15.15 sourcing from a loopback zero give it a couple of seconds and that should that then it works it takes a couple seconds for it to propagate but that was probably some stuff like arp had to happen and some other stuff so i'm not going to get into why the the pings dropped a couple times no big deal it is what it is so the the fact of the matter is if i hit the up arrow again it pings all good now if i go back here and i do a hit the up arrow and i do a trace but then i add in numeric i get to where i've got to go all day long let's do the same thing to let's go to let's change the where i'm heading to 10.4.15 oh we have ourselves a loop so let's look let's let it finish out it's almost there so i have a loop how did i get a loop okay so i ended up hitting i say 10 4 150.15 from source loopback zero so it got me to 10 5 got me to bh5 then it dropped me onto the edge 4 then it got me to loopback 5 and then when i tried to respond 10 415 it got back to 10 415 pointed back to 10 4 15 5 15. so the problem is over here on vh4 so show iprout vpn1 okay so those are all squared away let's take a look at ios 15 show ip route that's a little weird because what it should do is if i do it uh oh you know why because i don't have a um uh okay so the problem is here is i don't have the loopback created so let's go ahead and create a loopback interface loopback zero um actually i'm sorry let's not do loopback zero let's do interface loopback 150. ip address in here will be 10.4.150.15.24 okay so do show ip interface brief and then do show ipv route all right so that problem should go away now when i go back to 14 hit the up arrow again and it gets to where it's got to go so what was happening was the reason why we're getting this loop which started that's why you have to be able to analyze this so we're good good good good and then i'm sorry to here and then we see a point back to vh4 and then pointed back to the ios 15 and then it's a it got into a loop so basically what was happening was we look on 15 before i created the loopback 150 i didn't have that route in the routing table so what was happening was ios 15 was receiving that prefix or for the message for it it's like well i don't know what to do with that so i'm going to go ahead and send it back to you you're my default route so if i don't know what to do with something i'm going to point it to you and then but you're configured on vh4 to point to me so that's what was happening so being able to identify a loop is important as well so i'm glad i actually got to show you guys that so there we go that was a pretty easy one to figure out let's go ahead and take a look at let's take a look at 15 and let's do a ping to 10.1.0.16. sourcing from loopback 150. give that a couple seconds to do its thing there it goes and if i try to do a traceroute to it and i should be able to get to that all day long now let's change this up a little bit and instead of doing that with 10.5.16.5 and i get to there all day long so that means i have reachability everywhere i need to have reachability to and let's go to v edge let's go to ios 5 and we'll do a show ip route vrf sd-wan and i'm going to do a ping to 13 dot ping vrf sd-wan to 13-13-13-13 there we go if we do a trace route vrf sd wan to 13 to 13 to 13 13 sourcing from uh or numerically i get there all day long take get to switch 16 then vh1 then i jump over to vh3 and then i drop off where i've got to go so ladies and gentlemen our connected or static routes are working as expected so pretty straightforward stuff in the next video we're going to take a look at doing some basic ospf we're going to go through some of the capabilities that go into that and get through all those details until next time guys thanks so much for stopping by and i'll catch you guys in the next video

Info

Channel: Rob Riker's Tech Channel

Views: 2,508

Rating: undefined out of 5

Keywords: cisco, sd-wan, sd, wan, software defined wide area network, templates, static, routes, cli, configuration, setup, vmanage, vsmart, vbond, omp, network

Id: A4fK6XJQhig

Channel Id: undefined

Length: 31min 29sec (1889 seconds)

Published: Fri Sep 25 2020