SD-WAN Mixed Deployment 混合部署

鸣谢

江苏易纬的山羊同学搭建环境完成测试

测试环境信息

  • SD-WAN VPX 10.2
  • Router: Cisco IOS 15.4
  • Client:  Linux Host
  • Hypervisor: Workstation

拓扑图

  • PC的网关指向直连的路由器
  • Virtual Inline部署模式
    • 路由器有两条线路互联,分别是INET和MPLS
    • SD-WAN与路由器单臂连接,路由器的接口配一个IP,SD-WAN的互联接口配置两个IP,分别为INET_IP和MPLS_IP
    • 路由器设置PBR,将SD-WAN从INET_IP的下一跳指为INET线路,从MPLS_IP指定为MPLS线路
    • 路由器对于INET的流量,增加了NAT的配置,模拟现网环境,MPLS则是裸IP连接
  • Gateway部署模式
    • SD-WAN有eth-1和eth-2作为WAN口,互相指网关
    • eth-1和eth-2直接模拟公网地址互联,不做NAT
    • 建立Path
  • Virtual Path建立,双向总共有四个Path,分别是INET,MPLS,ETH-1,ETH-2

流量模型

  1. PC1 –> PC2,Ping测试
  2. 到达R1后,PBR转到SD-WAN DC上
  3. SD-WAN DC根据Path当前质量进行选路
  4. 如果Cloud1的链路质量好,就会走红色的PBR线路,反之走蓝色的Gateway线路
  5. 流量到达SD-WAN BR之后,解开封装,发往PC2,完成单向通信
  6. 进行回程流量

实际测试

  • 走PBR线路时的实测路径

图中的1、2、3、4、5代表每一个下一跳,实际走的Path是从PBR的MPLS线路过来的

  • 走Gateway线路时的实测路径

Trace显示的路径,是从ETH-2的Path到达

配置参考

R1

interface Ethernet0/0
ip address 10.86.1.254 255.255.255.0
ip policy route-map lan_to_sdw
!
interface Ethernet0/1
ip address 192.168.88.11 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map sdw_to_wan
!
interface Ethernet0/2
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/3
ip address 2.2.2.1 255.255.255.0
!  ip nat inside source static 192.168.88.12 1.1.1.3
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route 172.16.1.0 255.255.255.0 1.1.1.2
!
!
route-map sdw_to_wan permit 10
match ip address 101
set ip next-hop 1.1.1.2
!
route-map sdw_to_wan permit 20
match ip address 102
set ip next-hop 2.2.2.2
!
route-map lan_to_sdw permit 10
match ip address 100
set ip next-hop 192.168.88.12
!
!
access-list 100 permit ip host 10.86.1.1 host 172.16.1.1
access-list 101 permit ip host 192.168.88.12 host 192.168.150.12
access-list 102 permit ip host 192.168.88.13 host 192.168.150.13

R2

interface Ethernet0/0
ip address 172.16.1.254 255.255.255.0
ip policy route-map lan_to_sdw
!
interface Ethernet0/1
ip address 192.168.150.11 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map sdw_to_wan
!
interface Ethernet0/2
ip address 1.1.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/3
ip address 2.2.2.2 255.255.255.0
!
ip nat inside source static udp 192.168.150.12 4980 1.1.1.2 4980 extendable
ip route 0.0.0.0 0.0.0.0 2.2.2.1
ip route 10.86.1.0 255.255.255.0 1.1.1.1
!
!
route-map sdw_to_wan permit 10
match ip address 101
set ip next-hop 1.1.1.1
!
route-map sdw_to_wan permit 20
match ip address 102
set ip next-hop 2.2.2.1
!
route-map lan_to_sdw permit 10
match ip address 100
set ip next-hop 192.168.150.12
!
!
access-list 100 permit ip host 172.16.1.1 host 10.86.1.1
access-list 101 permit ip host 192.168.150.12 host 192.168.88.12
access-list 102 permit ip host 192.168.150.13 host 192.168.88.13

SD-WAN DC

Interface

VIP

WAN Link

SD-WAN BR

WAN Link (Interface 和 VIP 略)

SD-WAN DC Routing Table

SD-WAN BR Routing Table

Virtual Path配置

Views: 44
By Citrix, SD-WANLeave a Comment on SD-WAN Mixed Deployment 混合部署

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注