[SDWAN] Overlay Management Protocol (OMP) - Part 2 - Service Routes

[SDWAN] Overlay Management Protocol (OMP) - Part 2 - Service Routes

Nam Nguyen Nam Nguyen

Nam Nguyen

?? SDWAN 0-to-1 eBook ? Automation ? Cloud ??? Author SDWAN 0-to-1 ?? 4M+ Impressions

发布日期: 2023年1月4日
+ 关注

Service Routes

The service route represents a network service as a firewall that connects directly to a cEdge router.

Usually, network services will be deployed according to the Hub-Spokes scheme, and services are connected at the central site (Hub) so that traffic from other sites is rerouted to the network service site, and then continues to forward to the original destination.

No alt text provided for this image
Figure 1. Service routes

The biggest difference in redirecting traffic from the service route and the traditional network is that the Network Administrator does not do any configuration at the remote Edges site (as Figure 1), but vSmart does it completely by using policy deploying to remote sites to control traffic from specific sites must be redirected through the Firewall (according to the example above).

In a traditional network, it needs to be configured at all site edges manually to achieve the above goal.

The service route configuration at the attached sites is quite simple as the example below: 

vEdge#31
vpn 10
  service FW address 3.3.3.3
!

The policy at vSmart which is deployed to remote edges site: 


policy
  lists 
    site-list need-firewall-sites
      site-id 1000, 4000
  !
  control-policy firewall-service
    sequence 10
      match route
        site-id 3000
      action accept
        set service FW vpn 10
    default-action accept
  !
apply-policy
  site-list need-firewall-sites control-policy firewall-service out
!

As below in Figure 2, and Figure 3, you can easily understand the Service Route's purpose.

No alt text provided for this image
Figure 2. The traffic path without service routes.


No alt text provided for this image
Figure 3. The traffic is redirected with service routes.

You can also check the service route on vEdge, according to the example above, vEdge#31 using the command show omp services.

领英推荐

vEdge31# show omp services

ADDRESS                                            PATH
FAMILY   VPN    SERVICE   ORIGINATOR   FROM PEER   ID  LABEL   STATUS
--------------------------------------------------------------------
ipv4     10     FW        3.3.3.3      9.9.9.30    52   1006   C,I,R

A service route contains the following attributes:

VPN ID: VPN where the service is located. (in the example above is VPN10)

Service ID: Type of service

??_ FW: svc-id = 1

??_ IDS: svc-id = 2

??_ IPS: svc-id = 3

??_ Custom Services: Customers can define the service they want besides the services available above.

????+ netsvc1: svc-id = 4

????+ netsvc2: svc-id = 5

????+ netsvc3: svc-id = 6

????+ netsvc4: svc-id = 7

TLOC: Transport locator where service is behind.

See you in the next part with OMP Best-Path Selection!


About Cisco SDWAN About Cisco SDWAN

About Cisco SDWAN

4,996 位关注者

订阅

要查看或添加评论,请登录

Nam Nguyen的更多文章

社区洞察

其他会员也浏览了