Cisco SD-WAN: DIA NAT Tracker and Fallback

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello my name is hassan ahmed and i'm a technical marketing engineer for the sd-wan product in this video we will explore what nat tracker in direct internet access dia is about and how to fall back to a backup path in case a dia part fails tia is a component of cisco's demand architecture which allows a user located on a branch to route the internet-bound traffic or public cloud traffic directly to the internet instead of backhauling the traffic through a data center or a co-location facility this helps in reducing bandwidth consumption latency and saves cost on van links by offloading the internet traffic from the private manned circuit like mpls let's this is about the nat dia tracker and fallback in the event when there is some outage along the local breakout or along the internet path the branch order does not have a way of learning about this disruption hence it will still be forwarding the internet bound traffic on that circuit as a result the traffic will get dropped in order to prevent the internet bound traffic from being dropped the branch router can be configured with nat dia tracker this will help the van edge router to track the status of the path along the internet circuit and during the event of a failure nat fallback can be configured which will take care of rerouting the internet traffic across a bfd tunnel through a data center let's take a deeper look by combining both these features together for a better perspective the van h device tracks the status of the van interface or the path by sending out https probes to an endpoint which could be an ip address url or a dns name if the device gets a response back from the end point within the configure timeout value the status of the tracker remains up and the internet traffic is sent out through the dia path which is gigabit ethernet 1 interface from van h router site 300 ce1 in this example in case of a failure across the internet path during which the edge router does not get a response for the probes the nat dia tracker goes down upon detecting this the router reroutes the traffic through a fallback path across the bfd tunnel which is through gigabit ethernet 2 interface during this period the van h router still keeps tracking the status of the internet path and once the internet path is back up and running the internet traffic will be rerouted back through the dia path now let's see a quick demo and configuration through vmanage the tracker configuration is done under the system template for this navigate to configuration templates click on feature and select the respective system template in this case is tracker system template click on edit click on tracker click on new tracker here add the tracker name which is tracker 1 in this case i'm going to change the threshold and interval value from the default values timers are mainly modified to achieve a faster convergence the endpoint i'm going to select is dns name and the dns name is www click on add and click on update click on next and click on configure devices once the tracker is defined under the system template the next step is to bind this tracker under the interface on a feature template for this click on configuration go to templates click on feature and select the device you're going to use interface gigabit ethernet 1 as the van interface in this use case click on edit click on advanced and another tracker option provide the name of the tracker which was created in step 1 which is tracker 1. click on update click on next and configure devices in order to check the status of the tracker go to monitor click on network and select the appropriate device go to real time and search for endpoint click on endpoint tracker info and as we can see the tracker name is tracker 1 and the tracker status is up the next step is to configure policy in order to configure the nat fallback option for this navigate to configuration click on policies under centralized policy click on add policy click on next and under the traffic rules click on traffic data click on add policy and create new give the name and the description as nat fallback policy click on sequence type and click on custom select the sequence rule match the condition with source data prefix as 10.30.1.10 slash 32 in this use case and the destination data prefix is going to be 4.2.2.2 32. click on actions click on accept click on that vpn this is where you actually try to enable the nat fallback configuration click on fallback and save match and actions make sure you have an accept action under the default action click on save data policy click on next and provide the policy name and policy description and under traffic data apply the policy to the site list site 300 and the vpn is going to be vpn 10. click on add preview the policy and click on save policy now activate this policy by clicking activate once the policy is activated now we'll jump to the cli to quickly do a small demo the tracker is actually bound to interface gigabit ethernet 1. in order to see the tracker status you have to issue the command show endpoint tracker which shows the status as up and the show endpoint tracker records will actually give you a detailed option to check what's endpoint what's the end point type and what is the interval configured for this particular section now let's jump to the client and do a trace part to understand what path is it taking as we can see the second hop is 10.2.6.1 which is the next top of the isp and now start the ping and check the translation so this traffic is getting added to 10.2.6.2 which is interface ip and that's a dia in order to mimic the failover of the nat and the nat fallback to kick in i'm going to shut down the interface of the next hop and let's wait for some time for the tracker to go down now the tracker is down the pings have now restarted now we'll disable the ping and check the trace path and confirm that the traffic is in fact going through the bfd tunnel and as we can see the traffic is going out of the site 300 towards the site 100. this confirms that the net fallback kicked in and the traffic got failed over to the pfd tunnel as always thanks for joining please like and subscribe for latest updates on cisco sd-wan and cloud networking
Info
Channel: Cisco SD-WAN and Cloud Networking
Views: 1,566
Rating: undefined out of 5
Keywords:
Id: Cgpcw-pfew8
Channel Id: undefined
Length: 7min 24sec (444 seconds)
Published: Tue Jul 06 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.