Cisco SD-WAN 019 - Service VPN1 NAT Dynamic PAT Local Internet Breakout and OMP Internet Fail Over

Рет қаралды 4,700

Rob Riker's Tech Channel

Күн бұрын

Пікірлер: 19

@sanjaymehta3980 3 жыл бұрын

Rob, Great videos. Great work you doing. Thanks a lot.

@АлександрКоробейников-б2э 4 жыл бұрын

I did same settings like you, but I can't see default routes on vEdge3 from vEdge1 and vEdge2 via OMP. Where did I mistake?

@АлександрКоробейников-б2э 4 жыл бұрын

I found. in vEdge_Dual_Site_VPN1_Template - Advertise OMP - OSPF External - ON. Now I see default routes in vEdge3, 4 and 5

@apolo8906 4 жыл бұрын

@@АлександрКоробейников-б2э THanks I has the same mistake

@sclutzo 4 жыл бұрын

@@АлександрКоробейников-б2э THANKS! was driving me batty! was just about there when I saw your entry...

@Torcheban 3 жыл бұрын

@@АлександрКоробейников-б2э Спасибо, тоже с этим столкнулся.

@speirsy 3 жыл бұрын

I had the same - Thanks

@jlosFLTX 4 жыл бұрын

The comment you make regarding the time for the connected default route to drop from the routing table has been a topic of similar lab efforts. And BFD is detecting the failure and we see removal of the impacted OMP routes well before the connected route is gone sending traffic over the available OMP route. Any thoughts on variables in play to speed this process e.g. timers or IP SLA? You mentioned it was “faster” but didnt mention the actual time which I’ve seen testing from 60 sec to 5 minutes.

@RobRikerTechChannel 4 жыл бұрын

No, not really. Not sure why it is so slow, interface drivers are either really slow to detect loss of carrier or vEdges aren't a good platform to test on. But that isn't an exhaustive list of reasons, likely more.

@padge4112 4 жыл бұрын

Hi Rob, thanks for this video it's been very useful. I've got a question if you don't mind please, this isn't strictly relevant to your topology however As the static NAT routes on edges cannot be redistributed into OMP (I really wish they could), how would you go about advertising a default route in a service VPN if you weren't learning it via routing protocol (I'm assuming your connection to ASA from edge 1&2 is in VPN1 not VPN0)? As it doesn't allow you to have both a default NAT route as well as a default static route to null0 which can be redistributed into OMP. I've managed to get it working with data policies but not convinced it's the best way (match RFC1918 address and route normally, then for everything else forward via VPN0)

@sanjaymehta3980 3 жыл бұрын

Hello Rob, Might this is a stupid question, But could you answer me, OMP peer established over transport vpn0, How OMP is able to exchanges routes in VPN 1 as these are different VRFs.

@buratino02 3 жыл бұрын

Hi Rob, I see in your previous videos, vedge 3 and vedge 4 don't see the 0/0 propagate by vedge 1, but this video I see, how can you do that ?

@speirsy 3 жыл бұрын

I have the same...

@sanjaymehta3980 3 жыл бұрын

Hi Rob, you haven't turn off the icmp blocking below NAT in vpn0 ge0/0. But you still able to ping 1.2.3.4 from IOS13 RTR. You have turned that option Off in next video.