Home > GUI > Configuration > SD-WAN
|
SD-WAN
Enable SD-WAN, view and add SD-WAN route groups, and view routing policies.
Navigate using the tab icons. Hover over an icon to see the name of the tab.
Configure > Network Policies > policy_name > Router Settings > SD-WAN
SD-WAN (software-defined WAN) is a means for routers to classify different types of traffic and monitor WAN link quality so they can statically and dynamically determine the links through which to route outbound traffic. When you enable SD-WAN in a network policy, you can then configure policies that make routing decisions based on Layer 7 application service sets, user profiles, incoming LAN interfaces, or source and destination addresses. For example, a router can direct more important traffic through a business-grade WAN link and less important traffic through a secondary consumer-grade link. If the higher grade link fails or if the quality becomes degraded, the router then redirects that traffic to the lower grade link.
Before you enable SD-WAN, make sure that you have assigned a branch ID to the router (see Assign Branch ID in the Advanced Onboarding Guide, and have one or two Extreme Networks VGVAs (VPN Gateway Virtual Appliances) configured as part of a VPN service (see VPN Service Settings). Then toggle Enable SD-WAN to ON.
In SD-WAN Route Groups, select Add and configure a new route group containing prioritized WAN links as described in SD-WAN Route Group.
The link priorities are:
WAN0: The highest prioritized Ethernet WAN link in the router device template for this network policy
WAN1: The second highest prioritized Ethernet WAN link in the router device template
USB: The USB link
Note
An SD-WAN route group requires priorities for three WAN links. If the router template for this network policy only has the ETH0 and USB ports set as WAN links, the route group ignores the third priority setting.Once you enable SD-WAN for a network policy, routing policy rules can reference SD-WAN route groups (among other choices) as forwarding actions.
After you configure and save an SD-WAN route group, you can view the name, description, and WAN priorities in the New SD-WAN Groups window. You can see the VPN service in the New VPN Service window (Router Settings > VPN Service > Add).
After you configure a routing policy (Router Settings > Routing Policy), you can view the policy rules you set to determine how routers direct outbound traffic based on various factors such as Layer 7 application service sets, user profiles, incoming LAN interfaces, or source and destination addresses (see SD-WAN Route Group).
The settings on this window are part of a longer configuration workflow that is described in the following section.
This table lists the configuration steps for SD-WAN with the corresponding Help topics for more information:
| Step | Description | Corresponding Help Topic |
|---|---|---|
| 1 |
Add routers and VGVAs (VPN Gateway Virtual Appliances) to the VHM. |
|
| 2 |
Create a network policy with routing enabled. |
Network Policies |
| 3 |
Configure device, port, and routing policy settings for the VGVA by navigating to Manage > Devices > vgva_name and editing the Device Configuration, Port Configuration, and Routing Policy sections. |
|
| 4 |
In the network policy, create a device template for the router. |
|
| 5 |
Create a VPN service for the network policy. |
VPN Service |
| 6 |
Configure network allocation with new subnetworks and corresponding VLANs for routers to use at branch sites. |
|
| 7 |
Use a predefined Layer 7 application set, or create and use a custom application set when configuring SD-WAN routing policy rules. |
Application Sets |
| 8 |
Enable SD-WAN and configure an SD-WAN route group. This group sets a priority of your WAN links when using a VPN service to connect to a specified VPN gateway, and also allows you to configure aggressive, normal, or moderate responses to operational faults, including jitter, packet loss, and latency. |
|
| 9 |
Create a routing policy that routes traffic from the router subnets through the WAN interface to the public network or through a VPN tunnel to the corporate network or data center based on Layer 7 applications, incoming LAN interfaces, source and destination addresses, and user profiles. |
Routing Policy |
| 10 |
Put the VGVAs online and upload the configuration from ExtremeCloud IQ to them. |
Upload a Configuration |
| 11 |
Add the network policy (with routing and SD-WAN enabled) to an auto provisioning profile for the routers so that when they connect to ExtremeCloud IQ, they automatically receive their configuration. Distribute the devices to the branch sites with instructions to put them on the network. After the devices connect to ExtremeCloud IQ and automatically receive their configuration, they will reboot and then reconnect to ExtremeCloud IQ and become operational. |
Auto Provisioning Settings |
Copyright © 2020 Extreme Networks. All rights reserved. Published March 2020.