SD-WAN

Hello,

  we are deploying satellite links as a last resort in case all other links fail. Our BIOS fallback to these in case the main links go down.

However, since satellite links have a data cap, we don't really want to send all traffic over them -only some critical apps. 

Our intention is to use a route map to drop unwanted traffic, but the ACL matching traffic for each BIOS is probably not the best place as traffic will always be allowed -before the fallback to backup lines.

Has anyone configured a similar setup before? The goal is to have some lines as backup but limit the traffic that might go over them.

Thanks,

//Anibal

What is the technology that you have deployed for your SD-WAN? Is the EdgeConnect (Silver Peak)? Or Central/ArubaOS SD-Branch? Or something else? Or are you looking what to deploy?

If you are looking what to deploy, it may be best to work with your local HPE Aruba Networking account team to discuss the options and find the best option for you.

If you have made the technology decision already, please share the equipment, version, etc.

Hello,

  we are deploying satellite links as a last resort in case all other links fail. Our BIOS fallback to these in case the main links go down.

However, since satellite links have a data cap, we don't really want to send all traffic over them -only some critical apps. 

Our intention is to use a route map to drop unwanted traffic, but the ACL matching traffic for each BIOS is probably not the best place as traffic will always be allowed -before the fallback to backup lines.

Has anyone configured a similar setup before? The goal is to have some lines as backup but limit the traffic that might go over them.

Thanks,

//Anibal

What is the technology that you have deployed for your SD-WAN? Is the EdgeConnect (Silver Peak)? Or Central/ArubaOS SD-Branch? Or something else? Or are you looking what to deploy?

If you are looking what to deploy, it may be best to work with your local HPE Aruba Networking account team to discuss the options and find the best option for you.

If you have made the technology decision already, please share the equipment, version, etc.

Hello,

  we are deploying satellite links as a last resort in case all other links fail. Our BIOS fallback to these in case the main links go down.

However, since satellite links have a data cap, we don't really want to send all traffic over them -only some critical apps. 

Our intention is to use a route map to drop unwanted traffic, but the ACL matching traffic for each BIOS is probably not the best place as traffic will always be allowed -before the fallback to backup lines.

Has anyone configured a similar setup before? The goal is to have some lines as backup but limit the traffic that might go over them.

Thanks,

//Anibal

Hi Anibal,

In the case of two links and two edgeconnect appliances, I am assuming you have an EdgeHA setup where each appliance has a physical connection to only one of the two links. In such a setup, the active appliance will have a logical connection to the 2nd link that is physically connected to the standby unit. Lets give that the label "SAT" here and the link connected to the primary unit "INET1"

In your BIO setup configure the Critical BIO (one of the default BIO's) so that traffic uses INET1 as primary and SAT as backup. All other BIO's should only have INET1 as transport and no backup configured. Make sure you set that up on the SD-WAN and Breakout tabs of the BIO configuration

If your INET1 or primary Edgeconnect goes down, traffic in the Critical BIO will use SAT as the outbound link. Traffic for other BIO's will be dropped.

Avoid configuring Route Policies yourself (not talking about IP routing here!) as Route Polices are the underlying mechanisms for BIO's and can interfere with what is more elegantly done via BIO's 

What is the technology that you have deployed for your SD-WAN? Is the EdgeConnect (Silver Peak)? Or Central/ArubaOS SD-Branch? Or something else? Or are you looking what to deploy?

If you are looking what to deploy, it may be best to work with your local HPE Aruba Networking account team to discuss the options and find the best option for you.

If you have made the technology decision already, please share the equipment, version, etc.

Hello,

  we are deploying satellite links as a last resort in case all other links fail. Our BIOS fallback to these in case the main links go down.

However, since satellite links have a data cap, we don't really want to send all traffic over them -only some critical apps. 

Our intention is to use a route map to drop unwanted traffic, but the ACL matching traffic for each BIOS is probably not the best place as traffic will always be allowed -before the fallback to backup lines.

Has anyone configured a similar setup before? The goal is to have some lines as backup but limit the traffic that might go over them.

Thanks,

//Anibal

Hi Anibal,

In the case of two links and two edgeconnect appliances, I am assuming you have an EdgeHA setup where each appliance has a physical connection to only one of the two links. In such a setup, the active appliance will have a logical connection to the 2nd link that is physically connected to the standby unit. Lets give that the label "SAT" here and the link connected to the primary unit "INET1"

In your BIO setup configure the Critical BIO (one of the default BIO's) so that traffic uses INET1 as primary and SAT as backup. All other BIO's should only have INET1 as transport and no backup configured. Make sure you set that up on the SD-WAN and Breakout tabs of the BIO configuration

If your INET1 or primary Edgeconnect goes down, traffic in the Critical BIO will use SAT as the outbound link. Traffic for other BIO's will be dropped.

Avoid configuring Route Policies yourself (not talking about IP routing here!) as Route Polices are the underlying mechanisms for BIO's and can interfere with what is more elegantly done via BIO's 

What is the technology that you have deployed for your SD-WAN? Is the EdgeConnect (Silver Peak)? Or Central/ArubaOS SD-Branch? Or something else? Or are you looking what to deploy?

If you are looking what to deploy, it may be best to work with your local HPE Aruba Networking account team to discuss the options and find the best option for you.

If you have made the technology decision already, please share the equipment, version, etc.

Hello,

  we are deploying satellite links as a last resort in case all other links fail. Our BIOS fallback to these in case the main links go down.

However, since satellite links have a data cap, we don't really want to send all traffic over them -only some critical apps. 

Our intention is to use a route map to drop unwanted traffic, but the ACL matching traffic for each BIOS is probably not the best place as traffic will always be allowed -before the fallback to backup lines.

Has anyone configured a similar setup before? The goal is to have some lines as backup but limit the traffic that might go over them.

Thanks,

//Anibal