SD-WAN Local Breakout NEW!

Auto-sense SD-WAN Local Breakout automatically provides connectivity to devices attached to a data VRF, through the SD-WAN VRF, towards the Internet. Use a Local Breakout (LBO) configuration for the following use cases:

Send Internet-destined traffic directly to the Internet at the branch, through the SD-WAN Appliance and not through the Fabric.
Provide the SD-WAN Appliance management access to a Fabric service for management and for NTP server reachability.

Table 1. SD-WAN Local Breakout product support
Feature	Product	Release introduced
ExtremeCloud SD-WAN Local Breakout configuration applied through Auto-sense	5320 Series	Fabric Engine 9.1 Supported on 5320-48P-8XE and 5320-48T-8XE only
	5420 Series	Fabric Engine 9.1
	5520 Series	Fabric Engine 9.1
	5720 Series	Fabric Engine 9.1
	7520 Series	Fabric Engine 9.1
	7720 Series	Fabric Engine 9.1
	VSP 4900 Series	VOSS 9.1
	VSP 7400 Series	VOSS 9.1

If you use SD-WAN Orchestrator to enable an LBO branch, Auto-sense on the switch can apply the LBO configuration to select VRFs. The switch configuration creates a BGP peering relationship with the SD-WAN Appliance in the dynamic VRF (SD-WAN), and then redistributes BGP routes it receives into the selected user-created VRFs.

This feature applies only to VRFs that exist on the same Fabric Extend switch that connects to the SD-WAN Appliance, and only for local or direct subnets on the same VRF. IS-IS does not advertise the LBO-injected routes further than the local switch. If you require LBO in the branch, make the directly-attached switch the default gateway with LBO enabled, and operate the other nodes in the branch as Layer 2 BEBs.

Manual Switch Configuration

You must identify which user-created VRFs accept the LBO routes. Auto-sense automatically configures BGP and RIP redistribution policies between the selected VRFs and the dynamic SD-WAN VRF. For more information about how to identify a VRF, see Select a VRF for Local Breakout Configuration.

Automatic Configuration Using Auto-sense

The switch uses Auto-sense to read BGP Autonomous System Number (ASN) and neighbor information from the LLDP FE TLV, and apply a dynamic configuration. Auto-sense configures BGP and RIP for route redistribution purposes for ports with Auto-sense enabled and an ExtremeCloud SD-WAN neighbor, and also enables traffic routing from user-created VRFs through the BGP router.

Auto-sense performs the following dynamic configuration:

router bgp as-4-byte enable
router bgp sw_as enable
router vrf sd-wan
   ip bgp
   ip bgp router-id <local_ip>  #local_ip is received through LLDP
   ip bgp vrf-as <local_asn>    #local_asn is received through LLDP
   no ip bgp synchronization
   no ip bgp auto-summary
   no ip bgp aggregation
   ip bgp neighbor <vrouter_1>  #vrouter_1,2,3 are IP addresses received through LLDP
   ip bgp neighbor <vrouter_1> remote-as <remote_asn> #remote_asn is received through LLDP
   ip bgp neighbor <vrouter_1> enable
exit

router vrf WORD<1-16> 
   ip rip
   ip rip enable
   ip rip redistribute bgp vrf-src sd-wan
   ip rip redistribute bgp enable vrf-src sd-wan
   sd-wan-local-breakout 
exit
ip rip apply redistribute bgp vrf WORD<1-16> vrf-src sd-wan
 
router vrf sd-wan
   ip bgp redistribute direct vrf-src WORD<1-16>
   ip bgp redistribute direct enable vrf-src WORD<1-16>
exit
ip bgp apply redistribute direct vrf sd-wan vrf-src WORD<1-16>
ip more-specific-non-local-route

High Availability

For dual SD-WAN Appliance and switch pairings in High Availability deployments, you must manually configure BGP peering and a routed segment between the two switches. Auto-sense does not configure this deployment.

Restrictions

You cannot configure LBO in the GRT.
If you configure the SD-WAN VRF to use the GRT (auto-sense sd-wan vrf GlobalRouter), this configuration can interfere with BGP global configuration.
If you convert the Auto-sense VRF origin from DYNAMIC to CONFIG (auto-sense sd-wan vrf sd-wan), the BGP configuration remains dynamic and is not saved to the running configuration.