Overlay MP

Overlay Management Protocol (OMP)
Overlay Routing - Unicast
Agenda
• What is overlay routing?
• How is it implemented in the Viptela Overlay Network
• Role of Overlay Management Protocol (OMP)
• Types of routes advertised in OMP
• OMP routes
• TLOC routes
• Network-service routes
• Route redistribution
• Site-local to OMP
• OMP to site-local
• Best path algorithm
• Example configuration
• Lab setup
2 Viptela Confidential
What is Overlay Routing?
Overlay routing enables the

distribution of routing information
across all sites within a VPN
Steps to enable overlay routing

1. Establishes a secure, virtual IP
fabric across the WAN
2. Enables scalable, on-demand VPNs
3. Provide route distribution across
sites within every VPN
Overlay Routing in Viptela SEN
Overlay Management Protocol (OMP) provides the centralized control
OMP plays a key role in:

• Orchestration of
• Routing and secure connectivity between sites
• Service chaining
• VPN topologies
• Distribution of Routes
• Distribution of data-plane security parameters
• Distribution of routing policies
Centralized Policy, Distributed Routing Decisions
Overlay Routing in Viptela SEN
OMP learns and translates routing information across the VPN overlay
Static
Routes
Connected
Routes D2
D1
Overlay Routing
S1
S3
OSPF BGP
Routes Routes
OMP: Details
• Automatically enabled at bring up

• Established over secure connections
between vSmart-vSmart, and,
between vEdge-vSmart
• DTLS, AES-256 key encryption
vSmart-LA
• End-points are System-IP
System IP:
172.1.160.16
DTLS
System IP: System IP:

Transport
172.1.10.1 172.1.30.3
Service
vEdge vEdge
S1 S3
OMP Routes Advertised
Three Major Types of Routes

1. OMP Routes
• Prefixes learnt from site-local (i.e. service side)
• Like prefixes of BGP
2. TLOCs
• Ties OMP route to physical location (i.e. vEdge)
• Like next-hop of BGP
3. Network-Service Routes
• Ties OMP route to an advertised network service
Types of OMP Routes
.1
.2 100.0.100.1
VPN1
D2
Transport TLOC: 172.1.100.6, Color
gold
3. Firewall routes
S1
TLOC: 172.1.10.1 , Color 2. TLOCs
gold
1. OMP Service-side
routes
Transport
S3
TLOC: 172.1.30.3, Color
VPN1 VPN1 gold
OSPF
10.2.50.0/24
1. OMP Routes
Routes learnt from a site-local network

Route Types:
• Connected (Direct)
• Static
• BGP
• OSPF
Some Attributes:
• TLOC: System-IP of route originator + color
• Site-id: Site identifier of route
• VPN-id: VPN identifier of route
• Tag: optional transitive path attribute
• Preference: Degree of preference for a route
• Originator ID: Originator of route
• Origin: Protocol + metric
1. OMP Routes
Step 5: OMP
redistributes
routes to each
VPN1
site if
configured
Transpor
t
S1
WAN IP:
TLOC: 1.1.17.16 Step 2:
vSmart learns
OSPF route
Step 3:
vSmart
S1
applies route
WAN IP:
policies
TLOC: 1.1.7.11
OMP Service-side routes
Step 1: OMP
S3
learns OSPF Step 4:
Transport WAN IP:
route vSmart TLOC: 1.1.12.13
reflects
VPN1 routes to VPN1
other sites
OSPF
10.2.50.0/24
2. TLOC Routes
Routes connecting locations to physical network

Attributes:
• TLOC private
D2
• TLOC public Site-id: 100
System-IP: 172.1.100.6
• Weight
Color: mpls
• Preference Color: gold
• Color TLOC: 1.1.17.16, gold TLOC: 10.1.18.16, mpls
• Tag
• Site-id
• Encap type Internet (VM12)
MPLS(VM14)
3. Network-service routes
Routes of network-services connected to vEdge routers

Attributes:
• VPN id
• Service-id:
• FW, IDS, IDP or generic net-svc
• Label
• Originator-id
• TLOC
• Path-id
Route Redistribution
Service (site-local) routes to OMP

• Automatic redistribution for
• Connected, Static, OSPF inter-area and OSPF intra-area
• But, need explicit configuration for
• BGP and OSPF external routes
S1
WAN IP:
TLOC: 1.1.7.11
Transport Service to OMP Route Redistribution
Service
OSPF
10.2.50.0/24
Route Redistribution
OMP Routes to Service (site-local) redistribution

• Needs to be set locally on each router
• Avoids excessive propagation of routes to local protocols
S1
WAN IP:
TLOC: 1.1.7.11
Transport OMP to Service-side Route Redistribution
Service
OSPF
10.2.50.0/24
vSmart: Best Path Algorithm and Loop-Avoidance
Selecting OMP route learnt from multiple vEdge devices
If learnt from vEdge and

vSmart
•Prefer route learned from vEdge over
vSmart
If learnt from same Viptela

device
•Prefer route with lower admin distance
And so on (see documentation)
Network Segmentation
• Instantly create end to end segments (VPNs)

• Each segment can have a different topology (via policy enforcement)
• Vpn 1 – full mesh
• Vpn 2 – hub & spoke
VPN 1 VPN 2
Transport D2
TLOC: 1.1.17.16,
gold
S1
TLOC: 1.1.7.11 , S3
gold TLOC: 1.1.12.13,
Transport
gold
VPN 1 VPN 2 VPN 1
Network Segmentation
Extranets
• Import export routes between segments

• Example: Business partner connectivity
• Import VPN 2 and VPN 3 OMP routes into VPN 1
• Import select vpn 1 routes into VPN 2 and VPN 3
• No routes imported between vpn 2 and vpn 3
VPN 1
D2
TLOC: 1.1.17.16,
gold
S1
TLOC: 1.1.7.11 ,
gold S3
TLOC: 1.1.12.13,
gold
VPN 2 VPN 3
10.2.50.0/24 10.0.100.0/24
Example 1: Setup Basic OSPF on vEdge Router
Configuration example
vpn 1 • Enable OSPF on service interface

router • Redistributes OMP routes into OSPF
ospf
redistribute omp
area 0
interface ge2/0
S1
exit TLOC: 1.1.7.11 , Color gold
interface ge3/0
exit Transport
exit
Service
!
! OSPF
10.2.50.0/24
Operational Commands for Unicast Routing
Show commands Details
• show omp peers • Shows active OMP peers

• show ip route • Show entries in local routing table
• show omp routes • Show all OMP routing information
• show omp tlocs • Show TLOC routes advertised
• show omp summary • Shows information of OMP sessions
Lab Configuration
Configure
1. Configure OSPF on site-local routers vm9,vm10 and vm11
2. Configure OSPF on vEdge routers
• Configure OSPF on each interface in VPN 1
• Redistribute OMP on S1, S3, D1, D3
OSPF vm9, vm10, vm11 Configuration
OSPF on VM configuration example
interface loopback 0 • Configuring loopback address

ip address 16.0.0.5/32 • Setting the loopback address as
router-id
no shutdown
• Configuring loopback0 as passive-
interface
vpn 1
router ospf
router-id 16.0.0.5
area 0
interface loopback0
passive-interface
exit
exit
Lab Configuration
Show commands
1. Verify Overlay is working and all sites are up
• Show omp summary
• Show omp peers
2. Confirm OSPF routes are learnt and installed
• Show ip routes
• Show omp routes
3. Confirm that S1,S3,D1,D3 are distributing OMP routes
• On routers VM9,VM10,VM11 do, show ip route

Overlay MP

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Overlay MP

Caricato da

Copyright:

Formati disponibili

Overlay Management Protocol (OMP)

Overlay Routing - Unicast

Overlay routing enables the

Steps to enable overlay routing

Overlay Management Protocol (OMP) provides the centralized control

OMP plays a key role in:

Centralized Policy, Distributed Routing Decisions

• Automatically enabled at bring up

System IP: System IP:

Three Major Types of Routes

Routes learnt from a site-local network

Routes connecting locations to physical network

• Color TLOC: 1.1.17.16, gold TLOC: 10.1.18.16, mpls

Routes of network-services connected to vEdge routers

Service (site-local) routes to OMP

Transport Service to OMP Route Redistribution

OMP Routes to Service (site-local) redistribution

Transport OMP to Service-side Route Redistribution

Selecting OMP route learnt from multiple vEdge devices

If learnt from vEdge and

If learnt from same Viptela

And so on (see documentation)

• Instantly create end to end segments (VPNs)

VPN 1 VPN 2 VPN 1

• Import export routes between segments

vpn 1 • Enable OSPF on service interface

Show commands Details

• show omp peers • Shows active OMP peers

OSPF on VM configuration example

interface loopback 0 • Configuring loopback address

Potrebbero piacerti anche