View Only
last person joined: 15 hours ago 

Forum to discuss Silver Peak EdgeConnect SD-WAN and Aruba SD- Branch. This includes SD-WAN Orchestration WAN edge network functions including routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practices, third party integrations, All things SD-WAN!
Expand all | Collapse all

Branch Controllers and Routing

This thread has been viewed 36 times
  • 1.  Branch Controllers and Routing

    Posted Jan 12, 2021 09:39 AM
    From the following URL:

    Configuring VLANs on Aruba Gateways

    As a layer 2 switch, the Branch Gateway requires an external router to route traffic between VLANs. The Branch Gateway can also operate as a layer 3 switch that can route traffic between VLANs.

    You can configure one or more physical ports on the Branch Gateway to be a member of a VLAN. Additionally, each wireless client association constitutes a connection to a virtual port on the Branch Gateway, with membership in a specified VLAN. You can place all authenticated wireless users into a single VLAN or into different VLANs, depending on your network requirements. You can also configure an IP address and netmask for a VLAN. The IP address is up when at least one physical port in the VLAN is up. The VLAN IP address can be used as a gateway by external devices; packets that are not destined for the Branch Gateway and directed to a VLAN IP address are forwarded according to the Branch Gateway's IP routing table.

    For the SD-WAN deployment, each Branch Gateway requires VLAN interfaces for WAN uplinks and LANs. Each VLAN must have a unique VLAN ID assigned to it. By default, the Branch Gateways are pre-configured with the VLAN 4094.

    See the following topics for instructions on configuring VLANs:

    Does the gateway have to be configured as a VPNC? or can the gateway indeed route traffic itself without the requirement of an external router between the VLANs?

    steve zajac

  • 2.  RE: Branch Controllers and Routing

    Posted Jan 12, 2021 05:31 PM
    You can route traffic between two VLANs if you have roles that have policies that allow the traffic. If you're using untrusted interfaces, which you probably should :)

    I think in some early version you had to have the Branch Gateway as the default router for all the LAN networks, but at least today you can have LAN networks over routed links too. All the users/devices get the same role when they send traffic to the gateway.

    Gateways can route traffic, you don't need to have them in VPNC mode which is for the DC gateways.

  • 3.  RE: Branch Controllers and Routing

    Posted Jan 13, 2021 11:19 AM
    The difference between a VPNC/Branch Gateway is it's role in the SD-WAN network.

    A VPNC is terminating overlay tunnels coming from branch gateways.

    The switching/routing capabilities (leaving the scalability aspect aside) are the same for any gateway type. This is just a question of how you configure the gateway to operate. If you have configured multiple VLANs on a Branch Gateway, the BGW can route between those VLANs.

    Perhaps check out this document that explains a lot about the design/capabilities of the solution: