No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Typical Configuration Examples

SD-WAN V100R018C00

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Building an SD-WAN Network for an Enterprise Tenant

Example for Building an SD-WAN Network for an Enterprise Tenant

Related Products

Agile Controller-Campus: V300R003C00

AR: V300R003C00

Networking Requirements

Enterprise A has a headquarters network and multiple branch networks. A Layer 3 MPLS network is used on the WAN side. Aiming to rebuild its own networks, the enterprise submits a network construction application to a service provider (SP) to use both a Layer 3 MPLS network and the Internet on the WAN side. To reduce network costs, the enterprise requires that services be primarily transmitted over the Internet. If a fault occurs on the Internet, service traffic can automatically move to the MPLS network. Figure 1-28 shows the enterprise networking.

Figure 1-28 Enterprise networking

Solution Design

Figure 1-29 SD-WAN networking

Based on the enterprise's networking and requirements, the SP recommends that the enterprise replaces the existing traditional enterprise network with an SD-WAN network. Network engineers of enterprise A are not able to deploy an SD-WAN network; therefore, the SP is authorized as a managed service provider (MSP) to complete network deployment for enterprise A. Figure 1-29 shows the networking diagram.

In this MSP-managed O&M scenario, the configurations include:

  1. The SP creates a tenant for enterprise A and is authorized as an MSP to maintain the network of enterprise A.
  2. The MSP administrator creates a hub site (Hub1) and two branch sites (Site2 and Site3) and completes the network configuration on the Agile Controller-Campus. Site1 does not need to be created on and managed by the Agile Controller-Campus because it uses the traditional network mode and does not need to be upgraded to an SD-WAN network.
  3. The MSP administrator sets the IP address of the NTP server to 10.10.1.1, configures the hub site to synchronize its clock with the NTP server, and configures the branch sites to automatically synchronize their clocks with the hub site.
  4. The WAN-side MPLS and Internet networks support BGP, so these networks can exchange routes with the underlay networks using BGP. The CPEs of Hub1 communicate with the LAN-side Layer 3 switch through VLANs, and OSPF is deployed on the LAN-side network of the hub site. The CPEs of the branch sites communicate with the LAN-side Layer 2 network devices through VLANs.
  5. The customer requires VoIP services to be preferentially forwarded over the MPLS network and other services over the Internet, so the MSP administrator enables centralized Internet access of the SD-WAN network through the hub site. Communication between the SD-WAN sites and legacy sites is implemented in centralized access mode.
  6. The MSP administrator enables URL filtering in a security policy, sets the filtering level of predefined categories to high, and denies access to social media and video sharing websites to guarantee secure network usage of employees and improve their working efficiency.
  7. The email-based deployment mode is used for site deployment. After receiving a deployment email, the deployment engineer goes to the hub and branch sites to install and deploy the CPEs.
  8. After the CPEs are deployed, they automatically obtain configurations from the Agile Controller-Campus.

Data Plan

Table 1-76 MSP administrator information

Item

Value

User name

MSPA@tenantA.com

Password

PassA@1234

Table 1-77 Tenant information

Item

Value

Tenant Name

UserA

Authorize MSP

ON

Account

UserA@tenantA.com

Initial password

Changeme_123

Password

PassA@1234

Table 1-78 Email server parameters

Item

Value

SMTP address

smtp.mail.com

Port

25

Account

testmail

Password

testmail

Email

testmail@163.com

Table 1-79 Global network parameters

Item

Value

Transport Network

MPLS

Internet

Routing Domain

MPLS

Internet

IPSec Encryption

OFF

ON

Encryption algorithm

AES256

Pre-shared key

Generate

URL encryption key

123456

Token validity period (day)

7

AS number

65001

Network scale (based CPEs)

500

IP pool

10.200.0.0/16

DNS Server IP

8.8.8.8

Table 1-80 Information about devices

Device ESN

Device Name

Device Model

2102114484P0GC000030

Hub1_1

AR3670

2102114484P0GC000031

Hub1_2

AR3670

2102351BTJ10H1000020

Site2_1

AR161EW

2102351BTJ10H1000021

Site3_1

AR161EW

2102351BTJ10H1000022

Site3_2

AR161EW

Table 1-81 Site template

Item

Value

Template name

Hub1

Branch1

Branch2

Description

-

-

-

Gateway

Dual Gateways

Single Gateway

Dual Gateways

WAN Link

Name

MPLS

Internet

MPLS

Internet

MPLS

Internet

Device

Device1

Device2

Device1

Device1

Device1

Device2

Interface

GE3/0/0

GE3/0/0

GE0/0/0

GE0/0/4

GE0/0/4

GE0/0/4

Transport Network

MPLS

Internet

MPLS

Internet

MPLS

Internet

Role

Active

Active

Active

Active

Active

Active

Inter-CPE Link

Reuse LAN-side L2 interface

OFF

-

-

OFF

Device1 Interface

GE3/0/1

GE3/0/2

-

-

GE0/0/1

GE0/0/2

Device2 Interface

GE3/0/1

GE3/0/2

-

-

GE0/0/1

GE0/0/2

Table 1-82 Email template information

Item

Value

Email Template

Implementer

Subject

How to install a Huawei SD-WAN router

Content

To install Huawei SD-WAN routers, perform the following steps:

Default Template

OFF

Table 1-83 ZTP configurations at sites

Item

Value

Site

Hub1

Site2

Site3

Site template

Hub

Branch1

Branch2

Link name

MPLS

Internet

MPLS

Internet

MPLS

Internet

Interface protocol

IPoE

IPoE

IPoE

PPPoE

IPoE

IPoE

IP address access mode

Static

Static

Static

-

Static

Static

IP address/Subnet mask

172.16.1.1/30

10.100.1.1/30

172.16.1.9/30

-

172.16.1.13/30

10.100.2.1/30

Default gateway

172.16.1.2

10.100.1.2

172.16.1.10

-

172.16.1.14

10.100.2.2

PPPoE User name

-

-

-

user@web.com

-

-

PPPoE Password

-

-

-

Pass1234

-

-

Public IP

172.16.1.1

10.100.1.1

-

-

-

-

Negotiation mode

Auto

Auto

Auto

Auto

Auto

Auto

Uplink bandwidth (Mbps)

100

100

100

100

100

100

Downlink bandwidth (Mbps)

100

100

100

100

100

100

Table 1-84 NTP information at hub site

Item

Value

Time zone

(UTC+08:00)Beijing,Chongqing,Hong Kong,Urumqi

NTP authentication

ON

Authentication password

ntp123

Authentication key id

456789

NTP client mode

Manual Configuration

Device

Hub1_1

Hub1_2

WAN Link

MPLS

Internet

NTP Server Address

10.10.1.1

10.10.1.1

Authentication

OFF

OFF

Table 1-85 NTP information about branch sites

Item

Value

Time zone

(UTC+08:00)Beijing,Chongqing,Hong Kong,Urumqi

NTP authentication

OFF

NTP client mode

Automatic Synchronization with Parent Node

Table 1-86 Email-based deployment information

Item

Value

Site

Hub1

Site1

Site2

Email address

testadmin@163.com

testadmin@163.com

testadmin@163.com

Email Template

Implementer

Table 1-87 BGP route information about the underlay networks

Item

Value

Site

Hub1

Site2

Site3

Advanced Settings

Default route redistribution

ON

OFF

OFF

Device

Hub1_1

Hub1_2

Site2_1

Site2_1

Site3_1

Site3_2

Peer IP

172.16.1.2

10.100.1.2

172.16.1.10

10.100.3.1

172.16.1.14

10.100.2.2

Peer AS

100

200

100

200

100

200

Local AS

101

102

104

104

105

106

Keepalive time (s)

60

60

60

60

60

60

Hold time (s)

180

180

180

180

180

180

MD5 encrypt

admin123

admin123

admin123

admin123

admin123

admin123

WAN link

MPLS

Internet

MPLS

Internet

MPLS

Internet

Routing Policy

Export

OFF

OFF

OFF

OFF

OFF

OFF

Import

OFF

OFF

OFF

OFF

OFF

OFF

Table 1-88 Basic site information about the overlay network

Item

Value

VPN

VPN-Default

VPN-Default

VPN-Default

Site Name

Hub1

Site2

Site3

Topology mode

Full-mesh

-

-

Table 1-89 Site VLAN information about the overlay network

Item

Value

VPN

VPN-Default

VPN-Default

VPN-Default

VPN-Default

VPN-Default

Device

Hub1_1

Hub1_2

Site2_1

Site3_1

Site3_2

VLAN ID

10

10

10

20

10

10

Mode

Untag

Untag

Untag

Tag

Untag

Untag

Physical interfaces

GE8/0/2

GE8/0/2

GE0/0/1

GE0/0/2

GE0/0/2

GE0/0/2

IP address

10.1.1.1/24

10.1.1.2/24

10.3.1.254/24

10.4.1.254/24

10.5.1.252/24

10.5.1.253/24

Trust mode

Trust

Trust

Trust

Trust

Trust

Trust

Table 1-90 LAN-side OSPF route information

Item

Value

Device

Hub1_1

Hub1_2

Process ID

1001

1001

WAN link

Common Parameter

Default route advertisement

ON

ON

Default route cost

1

1

Internal preference

10

10

ASE preference

150

150

Interface Parameter

Area ID

0

0

Interface Name

Vlanif10

Vlanif10

Authentication Mode

None

None

Hello Timer

10

10

DR Priority

0

0

Route Redistribute

Protocol

-

-

Process ID

-

-

Cost

-

-

Router Filter

Export filter

OFF

OFF

Import filter

OFF

OFF

Table 1-91 Application group

Item

Value

Name

test_app_group_VoIP

Description

-

Predefined Applications

VoIP

Custom Applications

-

Table 1-92 Traffic classifier template information

Item

Value

Traffic classifier name

test_traffic_VoIP

test_traffic_service

Source IP

Any

Any

Destination IP

Any

Any

DSCP

-

-

Type

L7

Any

Application

test_app_group_VoIP

-

Table 1-93 Intelligent traffic steering information about the overlay network

Item

Value

Policy name

test_policy_steering1

test_policy_steering2

Traffic Classifier Template

test_traffic_VoIP

test_traffic_service

Policy Priority

1

2

Switchover Condition

Delay (ms)

50

50

Jitter (ms)

50

50

Packet loss rate (‰)

50

50

Steering Strategy

Primary Transport Network

MPLS

Internet

Secondary Transport Network

Internet

MPLS

Site

Hub1, Site1, and Site2

Hub1, Site1, and Site2

Table 1-94 Site-to-Internet policy information

Item

Value

Centralized Internet access

Internet GW

Hub1

Table 1-95 Site-to-legacy site policy information

Item

Value

Access mode

Centralized access

Site

Hub1

Link Priority

MPLS: 1

IGW

ON

Table 1-96 Security policy information

Item

Value

Policy name

test_security_policy1

Enable URL filter

Default action

Permit

Exception list

-

Use predefine url classification

ON

Predefined URL filter level

High

Site

Hub1, Site2, and Site3

Procedure

  1. Log in to the Agile Controller-Campus as an MSP administrator.
  2. Create a tenant and a tenant administrator.

    1. Click Dashboard.
    2. Click Create under Tenants List. In the displayed dialog box, enter tenant information and administrator information.

    3. Under Tenants List, check the created tenant administrator account.

  3. Configure an email server.

    1. Choose Administration > Email Server to access the Email Server page.
    2. Configure parameters for interworking with the email server.

    3. Click Test to test email sending. If the system displays the message indicating that the test is successful and the test email can be received, the configuration is successful. Click Save to complete the configuration.

  4. Access the tenant managed service view.

    1. Click Dashboard.
    2. In Tenants List, select the tenant that requires maintenance and click the tenant name to access the tenant managed service view.

  5. Set global network parameters.

    1. Choose Configuration > Global Parameters.
    2. Retain the system defaults MPLS and Internet for the transport network. No additional configuration is required.
    3. Set IPSec encryption parameters.

      Select Encryption algorithm and click Generate. A PSK is generated.

      .

    4. Configure device activation security.

      Enter a URL encryption key, and set Token validity period.

    5. Click Apply Changes.
    6. Click Virtual Network. The Virtual Network page is displayed.
    7. Configure a route.

      Enter the AS number of the BGP route. The default value is 65001.

    8. Select the number of sites and add an address pool.

    9. Add the DNS server IP address.

    10. Click Apply Changes.

  6. Add devices in a batch based on the ESN.

    1. Choose Device Management > Device List. The Device List page is displayed.
    2. Click Add Device and set Addition method to Batch import.
    3. Click Template to download the template file.
    4. Fill in the template with required information and save the file.
    5. Click , select the configured template file, and click Upload.
    6. Confirm the imported data, select the data to be created for CPEs, and click OK.

  7. Create two site templates to create the hub site and branch sites separately.

    1. Choose Configuration > Site > Template. On the Site Template page that is displayed, click Create.
    2. Enter template information and click OK.
    • Hub site template

    • Branch site template

  8. Create a hub site and two branch sites.

    1. Choose Configuration > Site.
    2. On the Site page that is displayed, click Create. Set Creation mode to Single.
    3. Create a hub site and two branch sites.
    4. Under Add Device, select the devices added in the above.
    5. Click OK.

  9. Create an email template.

    1. Choose Configuration > Site > Template > Email Template.
    2. On the Email Template page that is displayed, click Create. Enter the template information.

  10. Complete the ZTP configuration for the sites and send a deployment email.

    1. Configure the WAN links for the hub site.
      1. Choose Configuration > Site > ZTP Configuration. The ZTP Configuration page is displayed.
      2. In the Not Activated list, click a created site. The WAN Link page displays link information.
      3. Click in the Operation column in the right pane..
      4. In the Set WAN Link dialog box that is displayed, set WAN link parameters.
      5. Click Apply Changes.

    2. Complete the NTP configuration for the hub site.
      1. Click NTP.
      2. On the NTP page that is displayed, select a time zone. Enter NTP information and click Apply Changes.

    3. Configure WAN links for the branch sites.

      Perform the same operations as those for the hub site to complete WAN link parameter configuration for the branch sites and click Apply Changes.

      • WAN link configuration for Site2

      • WAN link configuration for Site3

    4. Complete the NTP configuration for the branch sites.
      1. On the NTP page that is displayed, select a time zone.
      2. Set NTP client mode to Automatic Synchronization with Parent Node.
      3. Click Apply Changes.

    5. After completing the ZTP configuration, click Send Email.
      1. In the displayed Send Email dialog box, select the site to deploy and click .
      2. Enter the recipient email address and CC email address, select the created email template, modify the email content, and click OK.

  11. Configure BGP routes for the underlay network of the hub site.

    1. Choose Configuration > Site > Underlay Configuration.
    2. Select Hub1 from the left list and click WAN Route.
    3. On the WAN Route page that is displayed, click Click Here to Add Routing Protocol and select BGP.
    4. On the BGP page, click Advanced Settings, and enable Default route redistribution.

    5. On the BGP page, click Create and set BGP route parameters.

    6. Click Apply Changes.

  12. Configure BGP routes for the underlay networks of the branch sites.

    1. Choose Configuration > Site > Underlay Configuration.
    2. Select Site2 from the left list and click WAN Route.
    3. On the WAN Route page that is displayed, click Click Here to Add Routing Protocol and select BGP.
    4. On the BGP page, click Create and set BGP route parameters.

    5. Click Apply Changes.
    6. Select Site3 from the left list and perform the same operations as those for Site2 to complete the BGP route configuration for Site3.

    7. Click Apply Changes.

  13. Complete the overlay network configuration for the sites.

    1. Configure basic information about the hub site.
      1. Choose Configuration > Overlay Network > Site Configuration.
      2. Select the hub site, click Basic in the right pane, and set Topology mode.
      3. Click Apply Changes.

    1. Configure VLAN information about the hub site.
      1. Choose Configuration > Overlay Network > Site Configuration.
      2. Select the hub site and click VLAN in the right pane.
      3. Click Create and set related parameters.

      4. Click Apply Changes.
    1. Perform the same operations to configure VLAN information for the branch sites.
    • VLAN configuration for Site2

    • VLAN configuration for Site3

  14. Configure LAN-side OSPF routes for Hub1.

    1. Choose Configuration > Overlay Network > Site Configuration.
    2. Select Hub1 and click LAN Route in the right pane.
    3. Click Click Here to Add Routing Protocol and select OSPF.
    4. In the displayed OSPF dialog box, click Create and set related parameters.

    1. Click Apply Changes.

  15. Configure an application group.

    1. Choose Configuration > Application Management.
    2. Click Application Group. On the Application Group page that is displayed, click Create.
    3. Enter the application group information and select the predefined application VoIP.

  16. Configure a traffic classifier template.

    1. Choose Configuration > Traffic Policy.
    2. Click Traffic Classifier Template and click Create to create a traffic classifier template.
    3. Configure a traffic classifier template.

  17. Configure intelligent traffic steering policies for the overlay networks.

    1. Choose Configuration > Traffic Policy.
    2. Click Traffic Steering. On the Traffic Steering tab page, click Create and configure intelligent traffic steering policies.

    3. On the Traffic Steering tab page, click in the Operation column of the policy. In the Attach Sites dialog box that is displayed, select a site to be bound to the policy. Click and then click OK.

    4. Select the policy to be submitted, click Commit, and select Commit Selected.
    5. In the Commit dialog box that is displayed, set Effective time to Immediately and click OK.

  18. Configure Internet access policies for the overlay networks.

    1. Choose Configuration > Traffic Policy.
    2. Click Site-to-Internet to access the Site-to-Internet page.
    3. Configure centralized Internet access.
      1. Enable Centralized Internet access and click .
      2. In the displayed Select Site dialog box, select the site that provides the Internet access gateway and click .
      3. Click OK.

    4. Click Apply Changes.

  19. Configure a mutual-access policy for the overlay network of the legacy site.

    1. Choose Configuration > Traffic Policy.
    2. Click Site-to-Legacy Site.
    3. Configure centralized access.
      1. Enable Centralized access and click Create. In the displayed dialog box, select the hub site and click .
      2. Click Next, click in the Operation column to activate the egress link, configure the link priority, and click Apply Changes.

  20. Configure security policies.

    1. Choose Configuration > Security Policy > URL.
    2. Select the VPN to which the sites to be configured belong.
    3. Click Create and set related parameters.

    4. On the Security Policy page, click in the Operation column of the policy. In the Attach Sites dialog box that is displayed, select a site to be bound to the policy, click and then click OK.

    5. Select the policy to be submitted, click Commit, and select Commit Selected.
    6. In the Commit dialog box that is displayed, set Effective time to Immediately and click OK.

  21. Install the CPEs at the sites based on the site networking requirements and connect the WAN ports of the CPEs to the WAN.
  22. Deploy the CPEs at the sites using email-based deployment.

    1. Power on the CPEs.
    2. Wait for a moment until the SYS indicator on the CPEs is blinking green slowly, indicating that the CPEs have started successfully.
    3. Perform email-based deployment according to section Email-based Deployment.

  23. After the deployment is successful, enable all CPEs to register with the Agile Controller-Campus again to obtain the configurations of the new branch sites.
Translation
Download
Updated: 2019-03-04

Document ID: EDOC1100036696

Views: 17872

Downloads: 116

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next