Creating Appliance Templates
A template allows you to configure default settings for several SD-WAN appliances. After you configure a template, you can apply this appliance template and its configuration settings to large numbers of appliances of the same type, and apply different templates to other appliances in the network policy.
Warning: you will need to create a template for every appliance deployment type that will be used in your network. An appliance is always associated with a template.
Note: some template parameters can be overwritten when you configure the appliance.
Before creating a template, remember that there are two types of network:
A hybrid network includes SD-WAN appliances deployed in three different modes:
|
•
|
Bridge mode deployment when all the WAN interfaces are configured in Bridge mode (L2). A WAN interface is in Bridge mode when all the traffic crossing this interface is bridged between this WAN interface and the LAN interface, or the other WAN interfaces in Bridge mode. |
|
•
|
Bridge-Router mode deployment when some WAN interfaces are configured in Bridge mode (L2) and some others are in Router mode (L3). |
|
•
|
Router mode deployment when all the WAN interfaces are configured in Router mode (L3). A WAN interface is in Router Mode when all the traffic crossing this interface is routed between : |
|
•
|
hosts/routers connected to the LAN interface and hosts/routers connected to this WAN interface |
|
•
|
hosts/routers connected to a Bridge mode WAN interface and hosts/routers connected to this WAN interface |
|
•
|
hosts/routers connected to a Router mode WAN interface and hosts/routers connected to this WAN interface |
A full Router Mode network includes SD-WAN appliances with WAN interfaces deployed in Router mode only. The ExtremeCloud SD-WAN application enables you to build an overlay network of site connections through IPsec tunnels.
Note: if Fabric Support is enabled, many of the following parameters are greyed out because they are not compatible with this specific deployment mode.
Description of Parameters
Overview
|
•
|
Template Name: always enter a consistent template name. |
|
•
|
Description: this description will help you identify the template in a significant list of appliance templates. |
Setup
Interface Configuration
|
•
|
LAN Setup: select both LAN1 and LAN2 to enable the MultiPath mode. It implements two traffic paths: from LAN1 to WAN1 and from LAN2 to WAN2. |
|
•
|
Path Mode: the available options for this parameter are: |
|
•
|
Wire: traffic is automatically forwarded from LAN1 to WAN1 and from LAN2 to WAN2 |
|
•
|
Switch: traffic is forwarded to the gateway physical address |
|
•
|
Dynamic: dynamic wan selection is applied |
|
•
|
WAN Setup: : define each interface, WAN1, WAN2 and WAN3, in either Bridge or Router mode. |
Advanced Settings
|
•
|
Role in Hub & Spoke: define the appliance as a Spoke (Branch Office) or a Hub (Data Center). Tunnels (generated on Router interfaces) are always built from the spokes to the hub. |
|
•
|
Bypass (LAN1 <-> WAN1 and LAN2 <-> WAN2 if you selected the multipath mode) : when this option is activated, the system will bypass the traffic in case of failure (e.g. power failure). When bypass is executed, services such as Visibility, Control, Optimization etc. are of course disabled. |
Warning: To configure a hybrid appliance template, always start configuring WAN1 in bridge mode because of the Bypass function.
|
•
|
Link State Propagation: |
|
•
|
LAN -> WAN: this function copies the state of the LAN to its related WAN. The LAN1/WAN1 or LAN2/WAN2 state synchronization is useful when the LAN interface breaks down. |
|
•
|
Time Synchronization Server: using a Time Server located inside the Customer private network is recommended. Then, you can select up to 5 hub appliances to be used as Synchronization Servers. These appliances are synchronized with the Time Server; they are used as synchronization references for all the other appliances of the Customer network. |
Check this option to define a hub appliance as Time Synchronization Server. Appliance synchronization is used for correlation, hence for Delay/Jitter/Loss measurement.
|
•
|
WAN Optimization: end-to-end quality of application flows depends on the capacity of the links and on the end-to-end delays. WAN Optimization helps improving quality by accelerating delay sensitive applications and by reducing bandwidth consumption. |
WAN Optimization is activated by default on this appliance if the matching license is available.
|
•
|
Internet Backhauling: select this option to identify the appliance as a Backhauling Site. The traffic is routed to the hub appliance (through underlay or overlay according to the deployment) which must be able to route it to a firewall or proxy. |
Backhauling can be activated on hub appliances (in Router or Bridge-Router mode) and on appliances in Bridge mode.
|
•
|
with an MPLS L2 interface, the traffic is sent via the underlay and routed by the MPLS network |
|
•
|
with an MPLS L3 or Internet L3 interface, the traffic is sent via the overlay to the Data Center appliance |
Note: if Fabric Support is enabled, LAN2 is deactivated, Path Mode is set to Dynamic, Bypass is only available for LAN1 <-> WAN1 , Link State Propagation, WAN Optimization, Internet Backhauling are deactivated.
Note: Bypass is not supported on the SD-WAN 2200ax appliance.
Configuration
LAN
VLAN - Add VLAN
|
•
|
To create a New VLAN, enter its Name, Description and ID. You can define it as the Main VLAN. |
|
•
|
To Add a DHCP Service, define the following parameters: |
|
•
|
Service: either select DHCP Server or DHCP Relay Agent (the appliance needs to relay host requests). |
DHCP Server
Note: this feature only applies to deployments with appliance interfaces in router mode.
|
•
|
DNS Server List (opt.6): ordered list of IPv4 addresses used for DNS Server(s). IPv4 addresses are separated by commas. |
|
•
|
DNS Domain Name (opt. 15): character string containing a DNS default suffix |
|
•
|
Lease Time (opt. 51): period of validity of IPv4 addresses expressed in seconds (default 3600, type integer, max 31622400) |
|
•
|
Click Add DHCP Service to validate. |
DHCP Custom Options
|
•
|
In addition to DHCP standard options, you may create customized options by clicking Add DHCP Option. Then define the following parameters: |
Identifier: integer from 1 to 254
Type: Boolean, IPv4 IP address, string, uint8, uint16 or uint32
Value: simple value or ordered list of values
Non-exhaustive list of supported custom options:
|
•
|
option 42 (NTP Servers), 44 (Netbios Name Servers), 46 (Netbios Node type) , 58 (Renewal time), 59 (Rebinding time) and any option code between 128 and 254 (site local options) with a type integer, boolean, string, text, IPv4 address, boolean array or array of IPv4 addresses |
|
•
|
option 26 (interface MTU), 41 (Network Information Services), 69 (SMTP Servers), 70 (POP3 Servers), 66 (TFTP Server name), 67 (Bootfile name), 52 (overload) |
|
•
|
Click Add DHCP Option to validate. |
DHCP Relay Agent
Note: this feature applies to deployments with appliance interfaces in router, bridge-router and bridge modes.
|
•
|
Primary DHCP Server: enter the server IP address. |
|
•
|
Secondary DHCP Server: enter the server IP address. |
|
•
|
Click Add DHCP Service to validate. |
Additional Settings
|
•
|
LAN Interface Speed: this parameter is set to Auto by default to let the system define the speed of the LAN interfaces, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second. |
|
•
|
None: there is no additional subnet or sub-interface to define for configuring BGP peering or OSPF adjacencies |
|
•
|
BGP: select this option for configuring BGP |
|
•
|
OSPF: select this option for configuring OSPF |
|
•
|
High Availability: select this option for configuring High Availability. |
Note: if Fabric Support is enabled, Add VLAN, Dynamic LAN Routing and High Availability are deactivated.
WAN1, WAN2, WAN3
Bridge Mode
|
•
|
Bandwidth Up and Bandwidth Down: define the up and down bandwidth (in megabits per second) allocated to the WAN. |
|
•
|
WAN Service: select either MPLS or a WAN Service you created. |
|
•
|
Interface Speed: this parameter is set to Auto by default to let the system define the speed of the WAN interfaces, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second. |
|
•
|
Min Bandwidth Up, Min Bandwidth Down (Mbps) |
|
•
|
Default BGP Local Preference |
Router Mode
|
•
|
Bandwidth Up and Bandwidth Down: define the up and down bandwidth (in megabits per second) allocated to the WAN. |
|
•
|
WAN Service: select either Internet or a WAN Service you created. |
|
•
|
DTI: when you activate this option, this interface is eligible to DTI. |
|
•
|
NAT: directly derived from the activated Eligible DTI option, keep the NAT mode activated. This is a source-NAT where the LAN IP addresses are replaced with the WAN IP address. This NAT only applies to the traffic sent over the Internet. The traffic to the Branch Offices/Sites is transferred through the IPsec tunnels. |
If you deactivate the NAT mode which controls the firewall, incoming connections from the WAN are allowed to go to the LAN.
|
•
|
Overlay (optional): you may select an Overlay you previously created and apply it to the interface. You can also create an overlay from this panel instead of returning to the Policy Configuration window. Refer to "Configuring Overlays". |
|
•
|
Interface Speed: this parameter is set to Auto by default to let the system define the speed of the LAN interfaces, or you can force the speed to 100FD or 1000FD. The full duplex speed is expressed in megabits per second. |
|
•
|
Min Bandwidth Up, Min Bandwidth Down (Mbps) |
|
•
|
Default BGP Local Preference: enter the same Preference value as the local Preference value of the CE router. |
|
•
|
MTU: enter the MTU value which corresponds to the maximum number of bytes loaded in the Payload. The default value is 1500. |
Note: if Fabric Support is enabled, DTI, NAT and Secure Gateway are deactivated.
Create a template for a Hybrid SD-WAN Spoke appliance - first example
To configure the template of a hybrid SD-WAN spoke appliance with 2 MPLS links and 1 Internet Access link, proceed as follows:
|
1
|
Click Add Template in the Template panel of the Policy Configuration window. |
The Template Wizard displays the main steps of the procedure. Click Continue.
Overview
|
2
|
Enter the Template Name. |
|
3
|
Type a description that will help you identify the template in a significant list of appliance templates. Click Next - Setup Interface. |
Setup
|
4
|
On the displayed Setup graph: |
|
•
|
select Dynamic as Path Mode |
|
•
|
enable WAN1 and WAN2 in Bridge mode, WAN3 in Router mode |
|
5
|
Select the role of the appliance as a Spoke. |
|
6
|
Check LAN -> WAN as Link State Propagation: this function copies the state of the LAN to its related WAN. LAN1/WAN1 state synchronization is useful when the LAN interface breaks down. |
|
7
|
Leave the other parameters to their default values. |
|
8
|
Click Next - Configure Interface in the lower right corner of the wizard. |
Configuration
LAN
|
9
|
In the LAN panel, leave all the parameters to their default values. |
|
10
|
Click Next - WAN Settings in the lower right corner of the wizard or select the WAN tab next to the Configure Interface title. |
WAN1, WAN2, WAN3
|
11
|
Configure the WAN1 interface: |
|
•
|
Enter a Bandwidth Up value and a Bandwidth Down value. |
|
•
|
Either select MPLS as the Transport Network or create a Transport Network. Then, you can select the new Transport Network you have created. |
|
•
|
Leave Additional Settings to their default values. |
|
12
|
Configure the WAN2 interface by using the same procedure as for WAN1. |
|
13
|
Configure the WAN3 interface: |
|
•
|
Enter a Bandwidth Up value and a Bandwidth Down value. |
|
•
|
Either select Internet as the Transport Network or create a Transport Network. Then, you can select the new Transport Network you have created. |
|
•
|
Activate the DTI and NAT options. |
|
•
|
Leave Additional Settings to their default values. |
|
14
|
Click Next - Summary in the lower right corner of the template wizard. |
|
15
|
Click Create Template. |
The new template is displayed in the Template panel of the Policy Cofiguration window.
Create a template for a Hybrid SD-WAN Hub appliance - second example
|
1
|
Configure another template for a hybrid SD-WAN hub appliance. Compared to the previous spoke appliance template, the following parameters are specific to a hub template: |
|
•
|
Time Synchronization Server: check this option to define the hub appliance as Time Synchronization Server. Appliance synchronization is used for correlation, hence for Delay/Jitter/Loss measurement. |
|
•
|
Select the role of the appliance as a Hub. |