Configuring the Network Policy
The network policy is a combination of configuration settings that manage the behavior of the whole SD-WAN network. It includes network security, appliance templates, overlay management and application group policy.
This topic guides you through the basic steps to enable ExtremeCloud SD-WAN appliances to provide clients with network access.
Note: ExtremeCloud SD-WAN requires only one network policy for all network appliances.
There are multiple tabs as part of the network policy configuration process:
Create the Network Policy
|
1
|
Start with the Policy Configuration step in the SD-WAN Onboard Wizard (subsequently, select Settings -> Policy Configuration from the left main menu). |
|
2
|
Enter the Policy name and description. |
Advanced Settings
|
3
|
WAN Optimization is enabled by default. You may disable this parameter. |
|
4
|
Enter the NTP Server IP address or check the Auto option to use a default IP address. |
|
5
|
To enable log export of NATted DTI connections by SD-WAN appliances, you must define one (or several) Syslog Server(s) in your network. |
After you have clicked Add Syslog Server, enter the server Name, type its IP Address (preferably in your private network), Protocol (TCP or UDP) and Port. When NAT entries are created, logs are sent to the Syslog Server in syslog format.
Click Add Server.
Warning: log export is not available on VRRP backups (with unmounted tunnels).
|
•
|
Enable Fabric Support to benefit from Fabric Connect functions on ExtremeCloud SD-WAN appliances and facilitate network setup through Zero Touch deployment. |
|
•
|
Fabric Extend IP Network: enter the IPv4 address of the global subnet that will be used to automatically allocate subnets per LAN interface. |
Warning: when you enable Fabric Support, any existing configurations of SD-WAN appliances are deleted.
The following SD-WAN functions cannot be configured with Fabric Support; their related parameters are greyed out in the ExtremeCloud SD-WAN application windows:
|
•
|
Routing Loop Prevention |
|
•
|
SWG, DTI, Internet Backhauling |
Note: with Fabric Support, the WAN Interfaces may be either in Router Mode or in Bridge Mode.
For more information about Fabric Support, refer to the Fabric Engine User Guide and ExtremeCloud IQ Site Engine User Guide
|
•
|
Overlay IP Network: subnet where ExtremeCloud SD-WAN selects the addresses of the appliance internal interfaces. |
|
•
|
AS Number Range: the SD-WAN application uses this range of values to configure Site autonomous systems automatically. |
|
•
|
AS Number Exclusion: values or range of values you want to exclude from the AS Number Range; reserved values. Authorized separators are ",|;" |
Simple values: N where 1<= N <= 65535
Value ranges: N-M where N<M and 1 <= N, M <= 65535
Multi-format example: 65002,65012-65024|65042;65122
|
8
|
Routing Loop Prevention |
To prevent OSPF routing loops from a Hybrid Data Center to a Hybrid Site, define a BGP Community and an OSPF Tag.
|
•
|
BGP Community: four bytes value split in half by '.' |
The first half of the value corresponds to 0001 - FFFE (FFFE is the default). 0000 and FFFF are forbidden.
The second half of the value corresponds to 0000 - FFFF (FF01 is the default).
|
•
|
OSPF Tag: the authorized value range is [1 - 65535]. The default value is 6976. |
|
9
|
Then click Apply at the bottom of the window. |
The Policy Configuration window is refreshed with new data in the Application Group Policy panel.