Velocloud SD-WAN

overview this document describes the steps to integrate velocloud sd wan edge appliances in high availability (ha) configuration with the nile service block (nsb) the desired result is a seamless integration between the nile access service and the customer’s extended network and thus with the internet prerequisites four unique /30 subnets – to implement a high definition and always on service, the setup uses equal cost multi path (ecmp) routing to configure four point to point links, to provide layer 3 transit between the nsb and the velocloud edge appliances administrative access to the velocloud orchestrator we will use the ospf routing example in this guide we recommend using ospf for dynamic routing between the nsb and the velocloud edge topology both nile gateways are active active devices four unique ports (two each) are required to connect to the upstream edges velocloud is in active/standby mode; it requires two unique ports on the active appliance and two unique ports on the standby appliance velocloud interface assignment ge1 velocloud ha link ge3, ge4 wan interfaces ge5, ge6, sfp1, sfp2 lan interfaces configure the wan side interface • log into your velocloud orchestrator • navigate to edges • select your site specific edge device • click on configure • navigate to interfaces • click on ge3 this example uses ge3 as the wan interface • in the ipv4 settings addressing type drop down list, choose one of dhcp, static, or pppoe if “static” is chosen, use either (1) a private ip address with a nat device in front of the edge, or (2) a public ip address this example shows a public point to point ip link • scrolling down, set the nat direct traffic checkbox if a public ip address is specified in the addressing type data otherwise (1) uncheck this checkbox for a private ip address, and (2) provide a firewall or router that can nat traffic outbound to the internet click the save button if you have a second wan (internet) interface, repeat the same steps for that interface use ge4 for the second wan interface configure the lan side interface navigate to interfaces and click on ge5 in this example, we have used ge5 as the lan side interface connecting to the nile gateways you will need to repeat the below config on the other 3 interfaces (ge6, sfp1 and sfp2) once you have selected the routed port, uncheck the checkboxes underlay accounting and enable wan link ip address provide the ipv4 ip address to the interface it is typically a /30 subnet • click on the ospf checkbox so that it’s checked • click the trusted source checkbox so it’s checked • in the reverse path forwarding drop down, select “not enabled” these two settings enable asymmetric routing among all the lan side interfaces enable ospf • log into your velocloud orchestrator • navigate to profiles • click on the branch profile which is assigned to the branch edge that we are going to configure in this setup • navigate to ospfv2 and enable it, as shown below configure ospf settings • on the same lan interface configuration (ge1 and ge2) that we set earlier, click on advanced settings under ospf • keep the default settings as they are inbound route learning click on ospf configure the settings as shown below this configuration blocks the appliances from learning a default route inbound and allows everything else the velocloud edge appliances learns all the nsb and user subnets as they are advertised by the nile gateways route advertisement click on route advertisement configure the settings as shown below the velocloud edge appliances advertise a default route to the nile gw this setting attracts all traffic towards itself repeat the steps above for ge6, sfp1, and sfp2 lan side interfaces make sure the /30 subnets are unique for each of these lan side interfaces