Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
55 views22 pages

Lab-Day4 - Lab7&8

This document provides instructions for configuring an active/active high availability branch model on Versa SD-WAN. Key points include: - Two branch nodes will be erased and restaged with new interfaces and networks for dual branch connectivity, with one branch connecting to the MPLS network and the other to the internet. - Sample topologies and template configurations are provided to create redundant pairs between branches for high availability. - Steps include erasing the existing branch configuration, creating a new post-staging template for paired branches with the redundant pair option selected, and configuring interfaces. - Devices can then be added using the new templates and configured normally, with the A and B side devices using their respective

Uploaded by

AARNAV pandey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views22 pages

Lab-Day4 - Lab7&8

This document provides instructions for configuring an active/active high availability branch model on Versa SD-WAN. Key points include: - Two branch nodes will be erased and restaged with new interfaces and networks for dual branch connectivity, with one branch connecting to the MPLS network and the other to the internet. - Sample topologies and template configurations are provided to create redundant pairs between branches for high availability. - Steps include erasing the existing branch configuration, creating a new post-staging template for paired branches with the redundant pair option selected, and configuring interfaces. - Devices can then be added using the new templates and configured normally, with the A and B side devices using their respective

Uploaded by

AARNAV pandey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Versa Training

Lab Guide – Day4


Versa-Training Lab Guide
Lab 7 - HA

2
Lab 7 – Active/Active Branch

• This lab involves creating an hot/hot branch model


• The existing head-end remains the same
• Branch nodes will be erased and restaged with new interfaces and
networks for this dual branch connectivity
• One branch will be connected to the MPLS network
• The other branch will be connected to the Internet

3
Lab 7 – Active/Active Branch

• On the next slides are a sample topology for HA active/active and sample
template configs for creating HA pairs
• Follow these steps to configure HA active/active
− Erase the branch configuration (request erase running-config)
− Create a new post-staging template for your paired branches
− Select redundant pair option
− Enter a template name. This template will be used by the b side device.
− In the interfaces tab, use vni-0/0 for MPLS WAN, vni-0/1 for Internet WAN, vni-0/2
for LAN, and vni-0/3 for the cross-connect port

• Choose DIA and NetGen FW options and create template

4
Lab Group – 1
HA Topology Director Analytics

Control
DC 1 Network DC 2
Director external Access
https://103.231.208.51:1443
SSH Jump node access Controller01 Controller02
103.231.208.51 1122
192.168.100.2 145.67.89.2 192.168.100.50 145.67.89.50

Hub157

MPLS WAN: VNI-0/0 192.168.157.0/24 MPLS Internet Layer 3 Router

Internet WAN: VNI-0/1


LAN: VNI-0/2
Cross connect link –
Vni-0/3

To access device mgmt (eth0)


address Branch 151 Branch 152 Branch 153 Branch 154 Branch 155 Branch 156
ssh to 172.16.10.xxx
xxx = branch number
192.168.151.0/24 192.168.153.0/24 192.168.155.0/24
IP Details – Lab Group1
HA topology

Management- MPLS Transport-


Serial No MPLS NH Internet Transport- VNI-0/1* Internet NH LAN-NETWORK LAN IP
Devices eth0 VNI-0/0*
172.16.10.0/24 192.168.100.x/24 145.67.89.0/24 192.168.x.0/24
Controller 172.16.10.101 192.168.100.2/30 192.168.100.1 145.67.89.2/30 145.67.89.1
Branch151 SR151 172.16.10.151 192.168.100.6/30 192.168.100.5 VRRP IP
192.168.151.0/24 192.168.151.1
Branch152 SR152 172.16.10.152 145.67.89.10/30 145.67.89.9

Branch153 SR153 172.16.10.153 192.168.100.14/30 192.168.100.13


VRRP IP
192.168.153.0/24
192.168.153.1
Branch154 SR154 172.16.10.154 145.67.89.18/30 145.67.89.17

Branch155 SR155 172.16.10.155 192.168.100.22/30 192.168.100.21 VRRP IP


192.168.155.0/24 192.168.155.1
Branch156 SR156 172.16.10.156 145.67.89.26/30 145.67.89.25

Note : Not all Transports are to be used. Refer topology


6
Lab Group – 2 Director Analytics
HA Topology
Control
DC 1 Network DC 2
Director external Access
https://103.231.208.51:2443
SSH Jump node access Controller01 Controller02
103.231.208.51 2222
192.168.100.2 145.67.89.2 192.168.100.50 145.67.89.50

Hub157

MPLS WAN: VNI-0/0 192.168.157.0/24 MPLS Internet Layer 3 Router

Internet WAN: VNI-0/1


LAN: VNI-0/2
Cross connect link –
Vni-0/3

Branch 151 Branch 152 Branch 153 Branch 154 Branch 155 Branch 156
To access device mgmt
(eth0) address
ssh to 172.16.20.xxx 192.168.151.0/24 192.168.153.0/24 192.168.155.0/24
xxx = branch number
IP Details – Lab Group2
HA Topology

MPLS Transport- Internet Transport-


Serial No Management-eth0 MPLS NH Internet NH LAN-NETWORK LAN IP
Devices VNI-0/0 VNI-0/1
172.16.20.0/24 192.168.100.x/24 145.67.89.0/24 192.168.x.0/24
Controller1 172.16.20.101 192.168.100.2/30 192.168.100.1 145.67.89.2/30 145.67.89.1
Branch151 SR151 172.16.20.151 192.168.100.6/30 192.168.100.5 VRRP IP
192.168.151.0/24 192.168.151.1
Branch152 SR152 172.16.20.152 145.67.89.10/30 145.67.89.9

Branch153 SR153 172.16.20.153 192.168.100.14/30 192.168.100.13 VRRP IP


192.168.153.0/24 192.168.153.1
Branch154 SR154 172.16.20.154 145.67.89.18/30 145.67.89.17

Branch155 SR155 172.16.20.155 192.168.100.22/30 192.168.100.21


VRRP IP
192.168.155.0/24
192.168.155.1
Branch156 SR156 172.16.20.156 145.67.89.26/30 145.67.89.25

Note : Not all Transports are to be used. Refer topology


8
Lab 7 – Active/Active Branch

• After template is complete, add both devices, A and B sides


• Select add device from workflows
• Configure normal parameters
• Create a new device group which uses the new templates
− The a side device will use the template you created
− The b side device will use the template that was automatically created by the a
side template
• After device is deployed, run the staging script on your branch to connect to
controller and pull down the new configuration
• Verify both a and b side are working and you are able to ping addresses in the
network over the cross-connect WAN port

9
Lab Group X
Sample Hot/Hot Topology

MPLS Internet
VLAN 19 VLAN 20

192.168.19.110 192.168.20.111

Branch110 Branch111

.110 .111

VRF LAN-xx
VRRP Virtual address
172.16.xx.1/24

10
Active/Active Template - Basic

11
Active/Active Template - Interfaces

12
Versa-Training Lab Guide
Lab 8 – Firewall [optional]

13
Lab 8 – Firewall

• Stateful/NextGen Firewall is one of the unique features of Versa SD-WAN


• In order to enable the Stateful/NextGen Firewall features on Flex-VNF,
‘Subscription-Profile’ should have an appropriate plan selected under the
parent and same would get inherited by the Tenant [ See next slide]
• It has all the features of UTM such as IPS/IDS, Anti-virus, URL Category
Filtering, DoS, IP filtering [blacklist, whitelist and geo-based], decryption
etc.
• Upon enabling the firewall, there would be an implicit deny which blocks
the traffic unless an explicit rule(s) is defined to allow the desired traffic

14
Lab 8 – Firewall
Tenant having Default-All-Services-Plan

15
Lab 8 – Firewall
• Select the Services from the available list
• This can be done per template or from Appliance context

Click to move desired


service from Available
Services to Selected
Services

16
Lab 8 – Firewall
• Add the new service(s) under the Organization Limits

17
Lab 8 – Firewall – Dos Profile
• Now the selected service would be available to configure
• Create the DoS profile with thresholds

18
Lab 8 – Firewall
• Add the policy by defining the match criteria and selecting the DoS profile
under Action settings

19
Lab 8 – Firewall
• Access policies can be defined with or without applying security
profiles
• Security profiles include
• IP Filtering
• Anti-Virus
• IPS/IDS [Vulnerability]
• URL Filtering
• Match criteria can be selected based on various parameters such as
Zones, IP address, DSCP, IP Flags, Application, URL Categories and
even users
• The rules can be scheduled to enable only at certain time [ time of
day, Daily or Weekly , etc..]

20
Lab 8 – Firewall

21
Lab 8 – Firewall

22

You might also like