Cisco SD-WAN 019 - Service VPN1 NAT Dynamic PAT Local Internet Breakout and OMP Internet Fail Over
Вставка
- Опубліковано 23 сер 2024
- In this video, we are going to setup Dynamic PAT local internet breakout and allow internet failover over the SD-WAN fabric.
Rob, Great videos. Great work you doing. Thanks a lot.
I did same settings like you, but I can't see default routes on vEdge3 from vEdge1 and vEdge2 via OMP. Where did I mistake?
I found. in vEdge_Dual_Site_VPN1_Template - Advertise OMP - OSPF External - ON. Now I see default routes in vEdge3, 4 and 5
@@user-cv8hg9cr5o THanks I has the same mistake
@@user-cv8hg9cr5o THANKS! was driving me batty! was just about there when I saw your entry...
@@user-cv8hg9cr5o Спасибо, тоже с этим столкнулся.
I had the same - Thanks
Hi Rob, thanks for this video it's been very useful. I've got a question if you don't mind please, this isn't strictly relevant to your topology however
As the static NAT routes on edges cannot be redistributed into OMP (I really wish they could), how would you go about advertising a default route in a service VPN if you weren't learning it via routing protocol (I'm assuming your connection to ASA from edge 1&2 is in VPN1 not VPN0)? As it doesn't allow you to have both a default NAT route as well as a default static route to null0 which can be redistributed into OMP. I've managed to get it working with data policies but not convinced it's the best way (match RFC1918 address and route normally, then for everything else forward via VPN0)
Hi Rob, you haven't turn off the icmp blocking below NAT in vpn0 ge0/0. But you still able to ping 1.2.3.4 from IOS13 RTR. You have turned that option Off in next video.
Hello Rob,
Might this is a stupid question, But could you answer me, OMP peer established over transport vpn0, How OMP is able to exchanges routes in VPN 1 as these are different VRFs.
The comment you make regarding the time for the connected default route to drop from the routing table has been a topic of similar lab efforts. And BFD is detecting the failure and we see removal of the impacted OMP routes well before the connected route is gone sending traffic over the available OMP route. Any thoughts on variables in play to speed this process e.g. timers or IP SLA? You mentioned it was “faster” but didnt mention the actual time which I’ve seen testing from 60 sec to 5 minutes.
No, not really. Not sure why it is so slow, interface drivers are either really slow to detect loss of carrier or vEdges aren't a good platform to test on. But that isn't an exhaustive list of reasons, likely more.
Hi Rob, I see in your previous videos, vedge 3 and vedge 4 don't see the 0/0 propagate by vedge 1, but this video I see, how can you do that ?
I have the same...
sir any requirement license for vibtela device or work without licese
no license needed
boom 1.2.3.4!
thanks Rob!
Not enough configuration in the video!