WAN-Side Site Configuration
Configuring the Underlay Network
You can configure the following features only when the tunnel mode is set to EVPN on the page.
Configuring WAN Interfaces
Context
After WAN-side devices at a site are connected to the Internet or MPLS network, if the WAN interfaces have been specified during WAN link configuration, you can modify WAN interface parameters and set the MTU and MSS for the WAN interfaces after site deployment.
Prerequisites
- Sites have been added. For details, see "Creating a Site" in Network Design.
- Site WAN links have been configured. For details, see "Configuring the Network Access Mode for a Site" in Network Design.
Procedure
- Choose from the main menu.
- Select the site for which an underlay network needs to be configured.
- Configure WAN interface parameters for a site's underlay network.
- Click the WAN Interface tab.
- In the Operation column, click
and modify WAN interface parameters.
- The values of Negotiation mode, Uplink bandwidth, and Downlink bandwidth are the same as those configured in "Configuring the Network Access Mode for a Site" by default. You can modify these parameters on this page.
- Exercise caution when you modify the parameters Negotiation mode, Media, Duplex, Speed, MTU, and MSS, which may cause network anomaly.
- Click OK.
- Click Apply.
and modify WAN interface parameters.
Parameter Description
Parameter |
Description |
|---|---|
Negotiation mode |
The meanings of the parameters are the same on the ZTP tab page in the Zero Touch Provision page. Details about these parameters can be obtained from the ZTP tab page. The parameters on the Underlay Configuration tab page need to be modified after site deployment. |
Working mode |
|
Duplex mode |
|
Speed |
|
Uplink bandwidth |
|
Downlink bandwidth |
|
MTU |
Maximum transmission unit of a WAN interface of a site. |
MSS |
Maximum segment size of a TCP packet on a WAN interface of a site. |
Configuring LAN Interfaces
Context
On the LAN side of a site, if the interfaces connected to the site gateway work in non-auto-negotiation mode, you need to configure the attributes of the non-auto-negotiation mode for the LAN interfaces on the gateway for interconnection with LAN devices.
Prerequisites
- Sites have been added. For details, see "Creating a Site" in Network Design.
- Site WAN links have been configured. For details, see "Configuring the Network Access Mode for a Site" in Network Design.
Procedure
- Choose from the main menu.
- Select the site for which an underlay network needs to be configured.
- Configure LAN interface parameters for a site's underlay network.
- Click the LAN Interface tab.
- Click Configure and modify LAN interface parameters.
- Click OK.
- Click Apply.
Parameter Description
Parameter |
Description |
|---|---|
Device |
Device where a LAN interface resides. |
Interface |
Name of a LAN interface. Only GE, FE, and XGE interfaces are supported. |
Interface Mode |
The interface can work in switch or router mode, that is, the Layer 2 or Layer 3 interface. |
Negotiation mode |
Negotiation mode of a LAN interface. Interfaces at both ends of a link must use the same negotiation mode. If an interface frequently alternates between Up and Down, disable auto negotiation and forcibly set the same rate and duplex mode on both interfaces. |
Working mode |
Working mode of a LAN interface. Only a combo interface can work as an optical interface or electrical interface. You can set this parameter to Copper or Fiber as needed. Other interfaces can be selected according to their working modes. NOTE:
If an interface cannot work as an optical interface but Media is set to Fiber, the configuration fails to take effect after being delivered to the CPE. |
Duplex mode |
Duplex mode of a LAN interface. Interfaces at both ends of a link must use the same duplex mode. An optical interface works in full duplex mode by default. For an electrical interface, you can set this parameter to Full duplex or Half duplex as needed. |
Speed |
Speed of a LAN interface. Interfaces at both ends of a link must have the same speed. |
(Optional) Configuring Eth-Trunks
An Eth-Trunk is a logical interface that is formed by bundling multiple Ethernet interfaces to increase the link bandwidth and reliability.
Configure an Eth-Trunk for a site if the site is connected to a transport network through an Eth-Trunk. Eth-Trunks can be connected to LAN-side devices in different VNs of a site or directly connected to devices in a dual-gateway site. Eth-Trunks can be classified into Layer 2 Eth-Trunks and Layer 3 Eth-Trunks. You can configure Layer 2 or Layer 3 Eth-Trunks based on network applications.
Prerequisites
- Sites have been added. For details, see "Creating a Site" in Network Design.
- Site WAN links have been configured. For details, see "Configuring the Network Access Mode for a Site" in Network Design.
Procedure
- Click the Eth-Trunk tab.
- Click Create and enter basic information about the Eth-Trunk.
- Click OK.
- Click Apply.
Parameter Description
Parameter |
Description |
|---|---|
Device |
Site gateway on which an Eth-trunk needs to be created. |
Eth-Trunk ID |
ID of an Eth-Trunk. In a dual-gateway scenario, if the two gateways are connected through two Layer 3 physical links, the system automatically creates Eth-Trunk 0 for the two gateways. In such scenario, you cannot create an Eth-Trunk with ID 0. NOTE:
The value range of Eth-Trunk ID varies depending on the AR model. The options are as follows:
|
Eth-Trunk type |
Type of an Eth-Trunk interface, Layer 2 or Layer 3. |
Physical interface |
Physical member interface of an Eth-Trunk. A maximum of eight member interfaces can be added to an Eth-Trunk. The signal types of all member interfaces must be the same. If a Layer 2 Eth-Trunk is configured, its member interfaces must be Layer 2 physical interfaces. If a Layer 3 Eth-Trunk is configured, its member interfaces must be Layer 3 physical interfaces. |
Configuring Underlay Routes (OSPF)
This section describes how to configure WAN-side underlay routes.
Prerequisites
- A site has been configured. For details, see "Creating a Site" in Network Design.
- Site WAN links have been configured. For details, see "Configuring the Network Access Mode for a Site" in Network Design.
Procedure
- Choose from the main menu.
- Select the site for which underlay routes need to be configured.
- Click WAN Route.
- On the WAN Route tab, click Click Here to Add Routing Protocol.
- Select OSPF from the Protocol drop-down list and click OK.
- On the OSPF tab page, click Create and set related parameters.
- Click OK.
- Click Apply.
Parameter Description
Parameter |
Description |
|||
|---|---|---|---|---|
Device |
CPE on which an OSPF route needs to be configured. |
|||
Process ID |
OSPF process ID. In the EVPN tunnel mode, if OSPF routes are deployed on an underlay network, the process ID is in the range from 20001 to 30000. If OSPF routes are deployed on an overlay network, the process ID is in the range from 1 to 20000. |
|||
WAN Link |
Link with OSPF enabled. If the WAN link is specified, the interface for which OSPF needs to be enabled is determined accordingly. An interface can be bound with only one OSPF process. |
|||
Common Parameter |
Default route advertisement |
Whether to advertise the default route to common OSPF areas. After default route advertisement is enabled, the device keeps advertising OSPF default routes. |
||
Default route cost |
Cost of an advertised OSPF default route. |
|||
Internal preference |
Priority of an OSPF route (excluding AS-external routes). A smaller value indicates a higher priority. |
|||
ASE preference |
Priority of an OSPF AS-external route. A smaller value indicates a higher priority. |
|||
Interface Parameter |
Area ID |
OSPF area ID. |
||
Interface Name |
Name of an interface with OSPF enabled. You do not need to set this parameter. The system will automatically set this parameter based the value of WAN Link. |
|||
Authentication Mode |
Authentication mode. OSPF packets must be authenticated before a neighbor relationship can be established. The authentication modes that can be used in an OSPF area are as follows:
NOTE:
The simple, MD5, and HMAC-MD5 authentication modes may pose potential security risks. As such, the HMAC-SHA256 authentication mode is recommended. |
|||
Key |
Key for cipher-text authentication on an interface. This parameter is available only when the authentication mode is set to Cryptographic. |
|||
Password |
Password for ciphertext authentication. This parameter is available only when the authentication mode is set to Simple or Cryptographic. |
|||
Hello Timer |
Interval for an interface to send Hello packets, in seconds. |
|||
DR Priority |
Priority of an interface that participates in Designated Router (DR) election. The DR priority of an interface determines whether the interface participates in DR election. If the DR priority is 0, the router where the interface is located cannot be elected as a DR or BDR. |
|||
Cost |
OSPF cost of an interface. The cost specified here will be added to the costs of OSPF routes learned on the interface. |
|||
Route Redistribute |
Protocol |
Protocol of routes to be redistributed. Static, OSPF, BGP, UNR and direct routes can be redistributed. |
||
Process ID |
Process ID of the redistributed OSPF route. This parameter is available only when the protocol is OSPF. |
|||
Cost |
Cost of a redistributed route. The value of this parameter will overwrite the cost in the original route. |
|||
Routing Policy |
Export |
Export |
Whether to filter routes to be advertised. When a WAN site communicates with a traditional site, OSPF can be used to control access paths. In the scenario where the current WAN site has established a neighboring relationship with a traditional site, you can enable or disable this parameter to control the advertisement of the underlay OSPF routing information. That is, after this parameter is enabled, the site only advertises the routes based on its requirement or the requirement of its neighbor. In this way, the access from the traditional site to LAN-side network segments of the WAN site can be controlled. |
|
Match |
Match |
Route filter criteria. Currently, routes to be advertised can be filtered based on IP prefixes or tags. Either of the two filtering methods can be used. |
||
IP prefix list |
IP route prefix. You can specify IP route prefixes by setting the following parameters. The parameter values must meet the following conditions: Mask ≤ Greater-equal ≤ Less-equal.
|
|||
Tag |
Route tag. The routes to be advertised can be filtered based on the tag. The value must be in the range from 0 to 4294967295. Route tags can be used to classify routes as needed. You can attach a tag to routes of the same type so that the routes can be flexibly controlled and managed based on the tag through a routing policy. |
|||
Apply |
Filter type |
Mode for filtering OSPF routes to the underlay network:
|
||
Cost |
Cost of a routing policy, which is used as the cost of the OSPF routes advertised by an interface. This parameter is available only when Filter type is set to Whitelist. The value must be in the range from 0 to 4294967295. |
|||
Tag |
Route tag. A tag is attached to the routes matching the filter criteria. The value must be in the range from 0 to 4294967295. The modified tag value will overwrite the original tag value. If this parameter is not set, the original tag value is retained. This parameter is configurable only when Filter type is set to Whitelist. |
|||
Import |
Import |
Whether to filter routes to be received. When a WAN site communicates with a traditional site, OSPF can be used to control access paths. In the scenario where the current WAN site has established a neighboring relationship with a traditional site, you can enable or disable this parameter to control the reception of the underlay OSPF routing information. That is, after this parameter is enabled, the site only receives the routes based on its requirement. In this way, the access from the WAN site to LAN-side network segments of the traditional site can be controlled. |
||
Match |
Type |
Type. Routes can be filtered only by IP address prefix. |
||
IP prefix list |
IP route prefix. You can specify IP route prefixes by setting the following parameters. The parameter values must meet the following conditions: Mask ≤ Greater-equal ≤ Less-equal.
|
|||
Tag |
Route tag. The routes to be received from the underlay network can be filtered based on the tag. The value must be in the range from 0 to 4294967295. |
|||
Apply |
Filtering type |
Mode for filtering OSPF routes to be received from the underlay network:
|
||
Configuring Underlay Routes (BGP)
Prerequisites
- Sites have been added. For details, see "Creating a Site" in Network Design.
- Site WAN links have been configured. For details, see "Configuring the Network Access Mode for a Site" in Network Design.
Procedure
- Choose from the main menu.
- Select the site for which underlay routes need to be configured.
- Click WAN Route.
- On the WAN Route tab, click Click Here to Add Routing Protocol or
.
- Select BGP from the Protocol drop-down list and click OK.
- On the BGP tab page, click
to expand Advanced Settings, and set related parameters.
- Click Create and set related parameters.
- Click OK.
- Click Apply.
.
to expand 
Parameter Description
Parameter |
Description |
|
|---|---|---|
Advanced Settings |
External preference |
Priority of EBGP routes. You can set different priorities for different devices. For a dual-gateway site, you can specify a separate EBGP route priority for each gateway. |
Default route redistribution |
Whether to redistribute the default routes in the local IP routing table to the BGP routing table. |
|
Route redistribution |
Protocol of routes to be imported. Static and direct routes can be imported. |
|
Summary route |
Route obtained by summarizing specific routes in the local BGP routing table. The system advertises only the summarized route, and suppresses the advertisement of all specific routes within the summarized route. You can specify IP addresses and masks of multiple summarized routes. |
|
Parameter |
Description |
|||
|---|---|---|---|---|
Device |
CPE on which a BGP route needs to be configured. |
|||
Peer IP Address |
IP address of the peer device. In most cases, a BGP peer relationship is established between the current WAN site and a traditional site. |
|||
Peer AS |
AS number of the peer device. |
|||
Local AS |
Fake AS number of the local device. Typically, a device supports only one BGP process. That is, a device supports only one AS number. In some special cases, for example, when AS numbers need to be changed in the network migration scenario, you can set a fake AS number for a specified peer to ensure successful network migration. If this parameter is left empty, the AS number in the global configuration is used by default. |
|||
Keepalive time (s) |
Interval for sending Keepalive packets to the peer. After establishing a BGP connection, two peers periodically send Keepalive messages to each other to detect the status of the BGP connection. If a device receives no Keepalive message or any other type of packet from its peer within the hold time, the device considers the BGP connection terminated and closes the BGP connection. |
|||
Hold time (s) |
Hold time. The hold time should be at least three times the Keepalive time. |
|||
MD5 encryption |
Whether to use MD5 authentication between BGP peers. If this parameter is enabled, you need to enter the password in cipher-text. The MD5 protocol is an insecure encryption algorithm. To reduce security risks of MD5 authentication, you are advised to periodically update the MD5 authentication password. |
|||
WAN link |
Link where an EBGP route is to be deployed. |
|||
Routing Policy |
Export |
Export |
Whether to filter routes to be advertised. When a WAN site communicates with a traditional site, BGP can be used to control access paths. In the scenario where the current WAN site has established a neighboring relationship with a traditional site, you can enable or disable this parameter to control the advertisement of the underlay OSPF routing information. That is, after this parameter is enabled, the site only advertises the routes based on its requirement or the requirement of its neighbor. In this way, the access from the traditional site to LAN-side network segments of the WAN site can be controlled. |
|
Match |
Type |
Type. Routes can be filtered only by IP address prefix. |
||
IP prefix list |
Routing range. You can specify a routing range by setting the following parameters. The parameter values must meet the following conditions: Mask ≤ Greater-equal ≤ Less-equal.
|
|||
Apply |
Filter type |
Mode for filtering BGP routes to the underlay network:
|
||
MED |
MED value of a BGP route in the network segment specified in IP prefix. Similar to the metric of an IGP, the MED value is used to determine the optimal route for the traffic to enter an AS. When a BGP-enabled device obtains multiple routes to the same destination address but with different next hops from EBGP peers, it selects the route with the smallest MED value as the optimal route. This parameter is available only when Filter type is set to Whitelist. |
|||
Community |
Community attribute to be added to a BGP route in the network segment specified in IP prefix. The community attribute is a private BGP route attribute. It is transmitted between BGP peers and is not restricted to within an AS. The community attribute allows a group of BGP-enabled devices in multiple ASs to share the same routing policies. This allows routing policies to be flexibly used and makes it simple to maintain and manage routing policies. This parameter is available only when Filter type is set to Whitelist. |
|||
AS Path |
AS path of a BGP route in the network segment specified in IP prefix. The AS_Path attribute records the numbers of all ASs that a route passes through, from the source to the destination, in the vector order. You can configure the AS_Path attribute to implement flexible route selection. This parameter is available only when Filter type is set to Whitelist. |
|||
Import |
Import |
Whether to filter routes to be imported. When a WAN site communicates with a traditional site, BGP can be used to control access paths. In the scenario where the current WAN site has established a neighboring relationship with a traditional site, you can enable or disable this parameter to control the reception of the underlay OSPF routing information. That is, after this parameter is enabled, the site only receives the routes based on its requirement. In this way, the access from the WAN site to LAN-side network segments of the traditional site can be controlled. |
||
Match |
Type |
Type. Routes can be filtered only by IP address prefix. |
||
IP prefix list |
Routing range. You can specify a routing range by setting the following parameters. The parameter values must meet the following conditions: Mask ≤ Greater-equal ≤ Less-equal.
|
|||
Apply |
Filter type |
Mode for filtering BGP routes to be received from the underlay network:
|
||
Configuring Underlay Routes (Static Routes)
Prerequisites
- Sites have been added. For details, see "Creating a Site" in Network Design.
- Site WAN links have been configured. For details, see "Configuring the Network Access Mode for a Site" in Network Design.
Procedure
- Choose from the main menu.
- Select the site for which underlay need to be configured.
- Click WAN Route.
- On the WAN Route tab, click Click Here to Add Routing Protocol or
.
- Select IPv4 Static from the Protocol drop-down list and click OK.
- On the IPv4 Static tab page, click Create and set related parameters.
Create an IPv4 static route:
- Click OK.
- Click Apply.
.
Parameter Description
Parameter |
Description |
|
|---|---|---|
Device |
CPE on which a static route needs to be configured. |
|
Priority |
Priority of a static route. The value is an integer that ranges from 1 to 255. A smaller value indicates a higher priority. If you specify the same priority for static routes with the same destination, load balancing can be implemented among these routes. If you specify different priorities for multiple static routes with the same destination, backup can be implemented among these routes. |
|
WAN link |
Link where a static route is to be deployed. |
|
Destination address/mask |
Destination IP address and mask of an IPv4 static route. |
|
Next-Hop |
Next-hop type |
Type of the next hop in a static route.
|
IP address |
Next-hop IP address of an IPv4 static route. This parameter is available only when Next-hop type is set to IP address. |
|
Track |
Whether to associate a static route with an NQA test instance. This parameter is available only when Next-hop type is set to IP address or Outbound interface. |
|
Target |
Destination address in an NQA test instance. If a static route is associated with an NQA test instance, only ICMP test instances can be used to check whether there are reachable routes between the source and destination. |
|
Verifying the Network Deployment Result
This section describes how to check the network deployment status after the underlay and overlay network configurations are complete.
Procedure
- Choose from the main menu. Select a site.
- Click the Generate Configuration tab. If Successful is displayed in the Device Configuration Status column for all records, the network deployment is successful.
If the value of Device Configuration Status is not Successful, rectify the fault according to "WAN Service Configuration Delivery Fails" in the Troubleshooting Guide.
Only the current device configuration status (success or failure) is displayed, and the status is displayed after a certain delay.