Understand SD-WAN Interface Numbering
For supported software information, click here.
In SD-WAN networks, Versa Operating SystemTM (VOSTM) devices use point-to-multipoint tunnel interfaces to create dynamic tunnel interfaces for data plane communication. This article describes types of dynamic and static tunnel interfaces, how they are used for control and data plane communication, and how they are numbered.
Control Plane and Data Plane Interface Numbering
VOS devices support multitenancy by using multiple virtual routers (VRs) per node. A branch node can use three types of virtual routers:
- Control virtual router—Tied to an organization (also called a tenant or a customer). It typically runs MP-BGP and exchanges IPv4 VPN, IPv6 VPN, EVPN, or multicast routes with SD-WAN Controller nodes. SD-WAN Controller nodes act as a route reflectors in the SD-WAN construct. Control plane tunnels to Controller nodes are static, and the data plane tunnels to branches, hubs, and gateway nodes are created dynamically.
- LAN virtual router—Tied to an organization (either a tenant or a customer) and is responsible for the LAN interfaces in the node.
- Transport virtual router—Responsible for one or more WAN links.
For the control virtual routers, the dynamically created virtual router interfaces are named in the following format :
tenant-name-Control-VR
For example, if the tenant name is Matthew, the control VR is named Matthew-Control-VR.
TVI Interface Numbering
VOS SD-WAN uses tunnel virtual interfaces (tvi) interfaces. They are point-to-multipoint interfaces, so they can be used to establish multiple dynamic and static tunnels that are sourced from them. Tvi interfaces are used to establish static control plane tunnels toward Controller nodes and dynamic data plane tunnels toward other branches.
For each tenant on an SD-WAN device or Controller node, the VOS software generates two tvi interfaces, numbering them using the following formulas:
- Clear-text tunnel—tenant-id-number x 2
- IPsec tunnel—(tenant-id-number x 2) + 1
For example, let's say an SD-WAN device has two tenants, Tenant-1 and Tenant-2, with tenant IDs of 166 and 167, respectively. Here, the VOS software generates the following tvi interfaces names and numbers:
- Tenant-1
- Tenant ID—166
- Clear-text tunnel—(166 x 2) = 332, so the interface name is tvi-0/332
- IPsec tunnel—(166 x 2) + 1 = 333, so the interface name is tvi-0/333
- Tenant-2
- Tenant ID—167
- Clear-text tunnel—(167 x 2) = 334, so the interface name is tvi-0/334
- IPsec tunnel—(167 x 2) + 1 = 335, so the interface name is tvi-0/335
To display the interface names, issue the show interfaces brief command. For example:
admin@Branch21-A-cli> show interfaces brief NAME MAC OPER ADMIN TENANT VRF IP --------------------------------------------------------------------------------------- ... tvi-0/332 n/a up up - - tvi-0/332.0 n/a up up 3 Tenant-1-Control-VR 10.0.4.213/32 tvi-0/333 n/a up up - - tvi-0/333.0 n/a up up 3 Tenant-1-Control-VR 10.0.4.212/32 tvi-0/334 n/a up up - - tvi-0/334.0 n/a up up 4 Tenant-2-Control-VR 10.0.4.213/32 tvi-0/335 n/a up up - - tvi-0/335.0 n/a up up 4 Tenant-2-Control-VR 10.0.4.212/32
To display the dynamic data plane tunnels that are created from the tvi interfaces, issue the show interfaces dynamic-tunnels command from the CLI of the branch or Controller node. The names of tunnels that are created dynamically based on information received from the Controller nodes are prefixed with dtvi, for dynamic tunnel virtual interface. For example:
admin@Branch21-A-cli> show interfaces dynamic-tunnels | tab
REMOTE
LOCAL SITE TUNNEL REMOTE SITE
NAME INTERFACE TENANT VRF LOCAL IP REMOTE IP OPER ADMIN ID TYPE NAME
---------------------------------------------------------------------------------------------------------------------------
dtvi-0/43 tvi-0/332.0 Tenant-1 Tenant-1-Control-VR 10.0.4.213 10.0.0.1xx up up 1 cleartext Controller-1
dtvi-0/46 tvi-0/334.0 Tenant-2 Tenant-2-Control-VR 10.0.4.213 10.0.0.1xx up up 1 cleartext Controller-1
dtvi-0/51 tvi-0/332.0 Tenant-1 Tenant-1-Control-VR 10.0.4.213 10.0.4.13x up up 293 cleartext Branch11-A
dtvi-0/52 tvi-0/333.0 Tenant-1 Tenant-1-Control-VR 10.0.4.212 10.0.4.12x up up 293 secure Branch11-A
dtvi-0/53 tvi-0/332.0 Tenant-1 Tenant-1-Control-VR 10.0.4.213 10.0.4.225 up up 339 cleartext Branch31-A
dtvi-0/54 tvi-0/333.0 Tenant-1 Tenant-1-Control-VR 10.0.4.212 10.0.4.224 up up 339 secure Branch31-A
dtvi-0/55 tvi-0/334.0 Tenant-2 Tenant-2-Control-VR 10.0.4.213 10.0.4.225 up up 339 cleartext Branch31-A
dtvi-0/56 tvi-0/335.0 Tenant-2 Tenant-2-Control-VR 10.0.4.212 10.0.4.224 up up 339 secure Branch31-A
dtvi-0/57 tvi-0/334.0 Tenant-2 Tenant-2-Control-VR 10.0.4.213 10.0.4.13x up up 293 cleartext Branch11-A
dtvi-0/58 tvi-0/335.0 Tenant-2 Tenant-2-Control-VR 10.0.4.212 10.0.4.12x up up 293 secure Branch11-A
dtvi-0/63 tvi-0/334.0 Tenant-2 Tenant-2-Control-VR 10.0.4.213 10.0.4.227 up up 340 cleartext Branch32-A
dtvi-0/64 tvi-0/335.0 Tenant-2 Tenant-2-Control-VR 10.0.4.212 10.0.4.226 up up 340 secure Branch32-A
dtvi-0/67 tvi-0/332.0 Tenant-1 Tenant-1-Control-VR 10.0.4.213 10.0.4.227 up up 340 cleartext Branch32-A
dtvi-0/68 tvi-0/333.0 Tenant-1 Tenant-1-Control-VR 10.0.4.212 10.0.4.226 up up 340 secure Branch32-A
ptvi678 tvi-0/333.0 Tenant-1 Tenant-1-Control-VR 10.0.4.212 10.0.0.0xx up up 1 secure Controller-1
ptvi679 tvi-0/335.0 Tenant-2 Tenant-2-Control-VR 10.0.4.212 10.0.0.0xx up up 1 secure Controller-1
PTVI Interface Numbering
Pseudo tunnel virtual interfaces (ptvi), which are present on every SD-WAN branch, are statically created tunnels sourced from tvi interfaces. By default, ptvi interfaces are created by the Director node when templates are created. Note that the tunnels toward Controller nodes and toward other branches are the same type of tunnels; however, the ptvi interfaces are used for control plane connections and the dtvi interfaces are used for data plane connections. Because branches need to know how to build initial tunnels toward Controller nodes to establish a control plane BGP connection and to obtain information about how to build dynamic tunnels for the data plane, ptvi interfaces are statically configured on every branch and are present even if the branch is not connected yet.
To display the interface names, issue the show interfaces brief command. For example:
admin@Branch21-A-cli> show interfaces brief NAME MAC OPER ADMIN TENANT VRF IP --------------------------------------------------------------------------------------- ptvi678 n/a up up 3 Tenant-1-Control-VR 10.0.0.0/32 ptvi679 n/a up up 4 Tenant-2-Control-VR 10.0.0.0/32
For Releases 21.2.1 and later, the VOS software generates ptvi interface numbers using the following formula:
(global-controller-id-number x 512) + tenant-id-number
Note that this formula is used for the two types of Controller nodes:
- Basic Controller node—Participates only in control plane operation.
- Hub Controller node—Can participate in both control plane and data plane operations. A Hub Controller node often provides connectivity for disjointed branches, which are branches that have access only to private MPLS networks.
To locate the global Controller ID, in Director view, select the Workflows tab in the top menu bar, and then select Infrastructure > Controllers in the left menu bar:
To locate the tenant ID, in Director view, select the Workflows tab in the top menu bar, and then select Infrastructure > Organizations in the left menu bar:
These screenshots show a global Controller ID of 1 and a tenant ID of 167, so the ptvi interface number is calculated as follows:
(1 x 512) + 167 = 679, or ptvi679
To display the interface names, issue the show interfaces brief command. For example:
admin@Branch21-A-cli> show interfaces brief NAME MAC OPER ADMIN TENANT VRF IP --------------------------------------------------------------------------------------- ptvi678 n/a up up 3 Tenant-1-Control-VR 10.0.0.0/32 ptvi679 n/a up up 4 Tenant-2-Control-VR 10.0.0.0/32
For a deployment with more than 1951 sites, when you use a Hub Controller node, the number for the ptvi interface on a spoke device is calculated using a different formula. In this type of deployment, for each Hub Controller node, the global Controller ID is 101 for the first Controller node, 102 for the second, and so on. The following formula is used to calculate the ptvi interface number:
(global-controller-id-number x 512) + tenant-id-number
As an example, let's say we have two Hub Controller nodes whose IDs are 2501 and 3872. Regardless of the global Controller ID, the first Hub Controller node has ID 101 and the second has ID 102. For a tenant ID is 50, the ptvi interface numbers are calculated as followed:
- For the first Hub Controller—(101 x 512) + 50 = 51762, or ptvi51762
- For the second Hub Controller—(102 x 512) + 50 = 52274, or ptvi52274
For software releases prior to Release 21.2.1, the VOS software generates ptvi interface numbers using the following formula:
(tenant-id-number x number-of-configured-controllers) + controller's-number
- For an SD-WAN device configured with one Controller node (that is, Controller number is 0) and with tenant ID of 5
- (5 x 1) + 0 = 5, so the interface name is ptvi5
- For an SD-WAN device configured with two Controller nodes (that is, Controller numbers 0 and) and with tenant ID of 5
- (5 x 2) + 0 = 10, so the interface to the first Controller node is ptvi10
- (5 x 2) + 1 = 11, so the interface to the second Controller node is ptvi11
Supported Software Information
Releases 20.2 and later support all content described in this article, except:
- Releases 21.2.1 and later use a different formula for calculated the ptvi interface number.