Skip to main content
Versa Networks

Configure SD-WAN Topology and LAN Routing Protocols

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

You define the SD-WAN topology and LAN routing protocols for a Versa Operating SystemTM (VOSTM) device using a configuration workflow. You can create the configuration through the main template workflow or you can create it separately and then add it to the main template. When the main template is published to the VOS device, it uses the topology and routing protocols that you defined in the configuration workflow.

 

Note: In Releases 12.2.2 and earlier, you configure topologies in topology subprofiles and LAN routing in device interface policies for profile elements. For information about configuring subprofiles in Releases 12.2.2 and earlier, see Configure Profiles. For information about configuring policies for profile elements in Releases 12.2.2 and earlier, see Configure Profile Elements.

You can configure the following topologies:

  • Full mesh—Traffic does not need to transit through a hub or centralized site. Used for any-to-any communication. 
  • Spoke to hub only—Spoke devices can send traffic only to networks located behind a hub.
  • Spoke-to-spoke through a hub—Spokes can send traffic to other spokes, but all traffic must first pass through the hub.

You can also configure static routes and the following routing protocols:

  • BGP
  • OSPFv2
  • OSPFv3
  • RIPv2​​​​

This article describes how to configure and manage topology and LAN routing protocols in Concerto.

Note: LAN interface physical properties, such as data transmission speed, are configured separately from the routing protocols that run on the interface. For information about configuring LAN interface physical properties, see Configure LAN Interfaces.

Create a Topology and LAN Routing Protocols Configuration

You can create a topology and LAN routing protocols configuration as part of a main template, or you can create it separately and then associate it with a main template. For more information about main templates, see Configure Main Templates.

  • To create a topology and LAN routing protocols configuration using the main template workflow:
    1. In Tenant view, select Configure > Secure SD-WAN > Main Templates.
    2. Click + Add, or select an existing main template for which you want to configure the topology.
    3. Select workflow step 3, Topologies & Routing Protocols, in the top menu bar. The following screen displays.

      Main_templates_step_3_LAN.png
       
    4. Select the LAN tab, and then click Add New Topology & LAN Routing Protocol. The Add Topology & LAN Routing Protocol workflow screen displays.
    5. Continue to Configure Topology and LAN Routing Protocols, below.
  • To create a topology and LAN routing protocol configuration separately from a main template:
    1. In Tenant view, select Configure > Secure SD-WAN > Topologies & Routing Protocols.

      Menu_select_configure_Topologiy_and_Routing.png

      The following screen displays.

      LAN_policy_table.png
    2. Select the LAN tab, and then click +Add. The Add Topology & LAN Routing Protocol workflow screen displays.
    3. Continue to Configure Topology and LAN Routing Protocols, below.

Configure Topology and LAN Routing Protocols

  1. In the Add Topology & LAN Routing Protocol workflow, select step 1, Routing Instances.

    Add_topology_starting_screen.png
     
  2. In the Tenant field, select a tenant. In the Routing Instance field, select a routing instance.
  3. Click Next or select workflow step 2, Topology.

    Topology_LAN_Workflow_Topology_Step.png
     
    1. In the Topology field, select one of the following options.
      • Full Mesh
      • Spoke to Spoke Only
      • Spoke to Spoke via Hub
    2. If you selected Full Mesh in the Topology field, the following screen displays. Enter information for the following fields.

      Full_mesh_screen.png
       
      Field Description

      Full Mesh Scope 

      Select the full mesh scope:

      • Enterprise
      • Region

      Spoke Community

      Enter the spoke community. For information about communities, see Versa SD-WAN Topology Constructs Based on BGP Attributes.

      Other Region Hub LAN Routes

      (For use when Full Mesh Scope is set to Region)

      Select the route for other regions:

      • Reach Directly
      • Reach via Local Hubs
      • Reject

      Reject Other Region Routes Enabled/Disable

      		 Click the toggle to enable or disable the rejection of other region routes. This parameter is applicable for hubs and hub controllers.
    3. If you selected Spoke to Spoke Only or Spoke to Spoke via Hub in the Topology field, the following screen displays. Enter information for the following fields.

      Spoke_screen.png
       
      Field Description

      Other Region Hub LAN Routes 

      Select the route for other regions:

      • Reach Directly
      • Reach via Local Hubs
      • Reject

      Spoke Community

      Enter the spoke community. For information about communities, see Versa SD-WAN Topology Constructs Based on BGP Attributes.

      Reject Other Region Routes Enabled/Disable

      		 Click the toggle to enable or disable the rejection of other region routes. This parameter is applicable for hubs and hub controllers.
  4. Click Next or select workflow step 3, Split Tunnel (DIA). Enter information for the following fields.

    Step2_split_tunnel.png
     
    Field Description
    Director Internet Access (DIA) Enabled/Disabled

    Click the toggle to enable or disable direct internet access. Direct Internet Access (DIA) split tunnels enable internet access for traffic from the LAN routing instance by performing source network address translation (NAT) to the IP address of the selected WAN circuit. If you select Enable, enter information for the three fields listed below.
    • Connection Name
    		 Select the exit connection for DIA traffic.
    • Priority

    Select the priority for DIA traffic.

    Range: 1 to 15
    • Internet Gateway Capability Enabled/Disabled

    Click the toggle to enable or disable internet gateway capabilities. This feature provides centralized internet access at hub sites. The hub site advertises a default route to all spoke sites, redirecting internet-bound traffic from spokes to the hub. This option must be configured on devices designated as hubs.
    Director Underlay Access Enabled/Disabled

    Click the toggle to enable or disable direct underlay access. Direct underlay access split tunnels enable traffic routing between the LAN routing instance and the WAN domain without applying source NAT. These tunnels are typically created with MPLS circuits to route traffic to non-SD-WAN devices within the MPLS underlay network.
    • Connection Name
    		 Select the exit connection for direct underlay access traffic.
    • Priority

    Select the priority for direct underlay access traffic.

    Range: 1 to 15
    • Gateway to Enterprise Network Enabled/Disabled

    Click the toggle to enable or disable internet gateway capabilities. This feature provides centralized access to non-SD-WAN sites in the enterprise from all other SD-WAN sites. When this option is enabled, routes in the MPLS domain are advertised to remote spoke SD-WAN sites on the SD-WAN overlay.
  5. Click Next or select workflow step 4, Routing Protocols.

    Step4_routing_protocols.png
     
  6. To add static routes to your topology, select the Static Routes tab, and then select the IPv4 or IPv6 tab. Enter information for the following fields.

    static_routes_2.png
     
    Field Description
    Route Prefix Enter the IPv4 or IPv6 subnet.
    Interface Select an interface.
    Nexthop Enter the IP address for the next hop.
    Monitor Enabled/Disabled Click the toggle to enable or disable monitoring. 
    • Monitor Type
    		 Select the monitor type, Gateway or Custom.
    • IP SLA Monitor
    		 (For Custom monitor types.) Select an IP SLA monitor or monitor group. To add a new IP SLA monitor, click +Add IP SLA Monitors. To add a new IP SLA monitor group, see IP SLA Monitor Groups in Configure Reusable Objects.
    Advanced Settings Click to display the fields listed below.

    Preference

    Enter the preference for the traffic route. A lower preference value indicates a higher preference for using the route.

    Range: 1 through 255

    Redistribute Enabled/Disabled

    Click the toggle to enable or disable route redistribution. Route redistribution enables the exchange of routing information between different routing protocols. Concerto route redistribution is based on the personality of the device, such as hub, spoke, or Controller.

    Traffic Handling

    Select one of the following traffic handling options:

    • Discard—Drop packets marked for the destination. Do not send ICMP unreachable message.
    • Reject—Drop packets marked for the destination. Send an ICMP unreachable message.
    No Install

    Click the toggle to enable or disable the no-install option. When enabled, this option prohibits the installation of received routes in the forwarding table.
    Tags

    Enter a route tag. Route tags can be used in static routing to avoid routing loops.
    Bidirectional Forwarding Detection (BFD)

    Click the toggle to enable or disable bidirectional forwarding detection (BFD). BFD detects liveness for BGP peers, OSPF neighbors, and static route next hops.
    • Minimum Receive Interval

    Enter the minimum time interval to receive routes, in milliseconds.

    Range: 1 through 255000 milliseconds

    Default: 1000 milliseconds
    • Minimum Transmit Interval

    Enter the time after which routes can be retransmitted, in milliseconds.
    Range: 1 through 255000 milliseconds

    Versa recommended value: 500 ms or more
    • Multiplier

    Enter the multiplier value used to calculate the final minimum receive interval and minimum transmit interval.

    Range: 1 through 255

    Default: 3

     
  7. To configure the BGP routing protocol, select the BGP tab. The following screen displays.

    BGP_screen3.png
     
  8. Select the EBGP or IBGP tab to configure external BGP or internal BPG respectively.
  9. Enter information for the following fields.
     
    Field Description
    Local ASN Enter the local AS number.
    Range: 0 through 4294967295
    Bidirectional Forwarding Enabled/Disabled Click the toggle to enable or disable BFD.
    • Minimum Receive Interval

    Enter the minimum time interval to receive routes, in milliseconds.

    Range: 1 through 255000 milliseconds

    Default: 1000 milliseconds
    • Minimum Transmit Interval

    Enter the time after which routes can be retransmitted, in milliseconds.
    Range: 1 through 255000 milliseconds

    Versa recommended value: 500 ms or more
    • Multiplier

    Enter the multiplier value used to calculate the final minimum receive interval and minimum transmit interval.

    Range: 1 through 255

    Default: 3
    Neighbor (Group of Fields)  
    • Enabled
    		 Click the toggle to enable or disable the neighbor.
    • Local Interface or Local Address
    		 Click either Local Interface or Local Address, and then select a value from the drop-down list.
    • Neighbor Address
    		 Neighbor IPv4 or IPv6 address.
    • Peer ASN

    Enter the remote peer's AS number. 

    Range: 0 through 4294967295
    • Password
    		 Enter the password to authenticate the BGP instance.
    • Import BGP Peer Policy

    Select a BGP import policy. BGP import policies are applied to routes imported from external BGP peers and determine which routes are accepted into the routing table. To create a new BGP peer policy, see procedure step 10, below.
    • Export BGP Peer Policy

    Select a BGP export policy. BGP export policies are applied to routes exported from the routing table to external BGP peers and control the routes are advertised to other peers. To create a new BGP peer policy, see procedure step 10, below.
    • Advanced Settings (Group of Fields)
    		 Click to configure the following three fields.
    • Suppress Peer ASN
    		 Click to enable or disable suppression of advertised routes received from an EBGP neighbor to another neighbor that is in the same AS as originating neighbor.
    • Hold Time

    Enter the hold time, in seconds, to negotiate with a peer.

    Range: 3 through 65535 seconds
    • TTL
    		 Enter the time-to-live value, which is the number of hops that a packet can travel in a network before the packet expires.
    Range: 1 through 255
    Default for EBGP: 64 (Note that you do not need to enable EBGP multihop.)
    Default for IBGP: 64
    + Add Another Click to add another neighbor.

     
  10. To configure BGP peer policies, select + Create New in the Import BGP Peer Policy or Export BGP Peer Policy drop-down list. The Add BGP Peer Policy workflow displays.

    Add_Peer_policy.png

    For information about adding a BGP peer policy, see Add a BGP Peer Policy in Configure Reusable Objects.
     
  11. To configure OSPFv2, select the OSPFv2 tab.

    Topology_workflow_routing_step_OSPfv2_tab.png
     
    1. In the Router ID field, enter an IPv4 address. In the Domain VPN Tag field, enter a Domain VPN tag.
    2. Click + Add. In the Add OSPFv2 Network popup window, enter information for the following fields.

      Add_ospfv2.png

      Field Description
      Network Name (Required) Select a network name from the drop-down list.
      Area ID (Required) Enter an ID for the area. A backbone area has an area ID of 0.0.0.0. Areas with non-zero IDs are non-backbone areas.
      Network Type

      Enter the network type:

      • Broadcast
      • Loopback
      • Point to Point
      Priority (Required)

      Enter a priority value to use in the election of the designated router (DR) and the backup designated router (BDR). On a multiaccess network, the OSPF router with the highest priority becomes the designated router, and the OSPF router with the second-highest priority becomes the backup router. If you set the priority to 0, the device does not participate in designated router and backup designated router election process.

      Default: 1
      Metric (Required) Enter a value for the OSPF interface cost, which is used to calculate the total cost to reach a destination.
      Range: 1 through 65535
      Default: 1
      Passive Click to mark the router as a passive listener. A passive router sends no advertisement messages.
      Timers (Group of Fields)  
      • Hello Interval

      Enter the interval, in seconds after which router sends advertisement messages.

      Range: 1-255
      • Dead Interval

      Enter the time to wait, in seconds, before the router declares a neighbor to be dead because it has received no advertisements within that amount of time.

      Range: 1-65,535
      • Retransmit Interval

      Enter the retransmit interval, in seconds, after which the router can retransmit a message.

      Range: 1-3600
      • Transit Delay

      Enter the delay, in seconds, for retransmitting a message.

      Range: 1-3600
      Authentication (Group of Fields)  
      • Type

      Select how to authenticate OSPF router traffic:

      • None
      • MD5—Use encrypted authentication
      • Simple Password—Use simple password-based authentication.
      • Key ID (Required)

      For MD5, enter the key ID.

      Range: 0-255
      • MD5 Auth Key (Required)

      For MD5, enter the authorization key.

      Range: 4-16 characters
      • Simple Password Auth Key
      		 For Simple Password, enter the password.
      Bidirectional Forwarding Enabled/Disabled Click the toggle to enable or disable BFD. 
      • Minimum Receive Interval

      Enter the minimum time interval to receive routes, in milliseconds.

      Range: 1-255000
      • Minimum Transmit Interval

      Enter the time after which routes can be retransmitted, in milliseconds.

      Range: 1-255
      • Multiplier

      Enter the multiplier value used to calculate the final minimum receive interval and minimum transmit interval.

      Range: 1-255000

    3. Click Add OSPFv2 Network.

  12. To enable OSPFv3 ,select the OSPFv3 tab.

    OSPFv3_tab.png
     
    1. In the Router ID field, enter an IPv4 address. 
    2. Click + Add. In the Add OSPFv3 Network popup window, enter information for the following fields.

      Add_ospfv3_network.png
       
      Field Description
      Network Name Select a network name from the drop-down list.
      Area ID Enter an ID for the area. A backbone area has an area ID of 0.0.0.0. Areas with non-zero IDs are non-backbone areas.
      Network Type

      Enter the network type:

      • Broadcast
      • Loopback
      • Point to Point
      Priority

      Enter a priority value to use in the election of the designated router (DR) and the backup designated router (BDR). On a multiaccess network, the OSPF router with the highest priority becomes the designated router, and the OSPF router with the second-highest priority becomes the backup router. If you set the priority to 0, the device does not participate in designated router and backup designated router election process.

      Default: 1
      Metric Enter a value for the OSPF interface cost, which is used to calculate the total cost to reach a destination.
      Range: 1 through 65535
      Default: 1
      Passive Click to mark the router as a passive listener. A passive router sends no advertisement messages.
      Timers (Group of Fields)  
      • Hello Interval
      		 Enter the interval, in seconds after which router sends advertisement messages.
      • Dead Interval
      		 Enter the time to wait, in seconds, before the router declares a neighbor to be dead because it has received no advertisements within that amount of time.
      • Retransmit Interval
      		 Enter the retransmit interval, in seconds, after which the router can retransmit a message.
      • Transmit Delay
      		 Enter the delay, in seconds, for retransmitting a message.
    3. Click Add OSPFv3 Network.
       
  13. To enable RIPv2, select the RIPv2 tab.

    RIPv2_tab.png
    1. Click Add RIPv2 Network. The Add RIPv2 Network popup window displays. 

      Add_RIPv2_network_popup.png
      ​​​​​​
    2. Enter information for the following fields.
       
      Field Description
      Network Name Select a network name from the drop-down list.

      Type

      Select how to authenticate router traffic:

      • None
      • MD5—Use encrypted authentication
      • Simple Password—Use simple password-based authentication.

      Key ID

      		 For MD5, enter the key ID.

      MD5 Auth Key

      		 For MD5, enter the authorization key.

      Simple Password Auth Key

      		 For Simple Password, enter the password.
      Send

      Selection how to send request messages:

      • None
      • Version 2
      Receive

      Select how to receive response message from neighboring routers:

      • Multicast
      • None
      Bidirectional Forwarding Enabled/Disabled Click the toggle to enable or disable BFD. 
      • Minimum Receive Interval
      		 Enter the minimum time interval to receive routes, in milliseconds.
      • Multiplier
      		 Enter the multiplier value used to calculate the final minimum receive interval and minimum transmit interval.
      • Minimum Transmit Interval
      		 Enter the time after which routes can be retransmitted, in milliseconds.
    3. Click Add RIPv2 Network.
       
  14. Click Next or select workflow step 5, Permissions. 

    permissions.png
  15. To change the permissions for a role, select Create, Read, Update, or Delete in the Permissions column; see Object Permissions in Versa Concerto for SD-WAN.
  16. Click Next or select workflow step 6, Review & Submit.
  17. In the General section, enter information for the following fields.

    General_pane_with reusable on other templates option.png
     
    Field Description
    Name Enter a name for the topology and LAN routing protocols configuration instance. 
    Description Enter a text description.
    Tags Enter a tag, and then press the Enter key. You can enter multiple tags. A tag is an alphanumeric text descriptor with no spaces or special characters. The tags are used for searching the objects. 
    Reuse Options (For configurations added through the Main Templates workflow.) Click Reusable on Other Templates to make the configuration usable in other main templates. Otherwise, click Not Reusable. 
  18. Review the settings you have selected. Click the pencil-icon-blue-on-white-22.png Edit icon to change a setting, as needed.
  19. Click Submit.

Manage SD-WAN Topology and LAN Routing Configurations

You can perform the following actions on SD-WAN topology and LAN routing configurations:

  • Edit
  • Clone
  • Delete
  • View references
  • Propagate
  • Compare versions
  • View the audit log
  • Enable and disable auto delete

For information about these actions, see Manage SD-WAN Policies and Profiles.

Supported Software Information 

Releases 13.1.1 and later support all content described in this article.