SD-WAN

 View Only
  • 1.  [SD-BRANCH] Tunnel orchestration issue

    Posted Jan 11, 2023 01:00 PM
    Hello community! 

    I recently faced an issue with the following topology:

    • 1 VPNC with 2 WAN uplinks (nat 1:1 behind a fortigate firewall)
    • 1 Branch gateway with 1 WAN uplink (directly connected)
    • VPNC and Branch gateway share the same ISP provider (ISP-A) 


    Under normal circumstances, Branch GW will establish one tunnel from ISP-A to ISP-A.

    But what if ISP-A from VPNC goes down?




    The orchestrator won't bring up a new tunnel from Branch GW ISP-A to VPNC ISP-B 

    I had to delete WAN ISP-A from the VPNC to force the orchestrator create new tunnels using the working WAN uplink (ISP-B)


    This can't be expected behavior, right?

    Thank you in advance!




  • 2.  RE: [SD-BRANCH] Tunnel orchestration issue

    Posted Jan 11, 2023 07:20 PM
    your VPNC should have 2x network paths one for ISP-a and the other for ISP-B
    see the reverse-path-pinning in the validated design guide.

    https://www.arubanetworks.com/techdocs/VSG/docs/070-sd-branch-design/esp-sd-branch-design-100-sdb-overlay-design/#reverse-path-pinning

    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------