Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configuring Unicast Overlay Routing

This article describes how to provision unicast overlay routing and the OSPF and BGP routing protocols.

Configure Service-Side Routing

The Viptela overlay network supports BGP and OSPF unicast routing protocols. You can configure these protocols on vEdge routers to provide reachability to networks at their local sites. Provisioning BGP and OSPF in this way enables routing on the service side of the network.

To set up routing on the vEdge router, you provision one VPN or multiple VPNs if segmentation is required. Within each VPN, you configure the interfaces that participate in that VPN and the routing protocols that operate in that VPN.

Because vSmart controllers never participate in a local site network, you never configure BGP or OSPF on these devices.

Set Up Basic OSPF on a vEdge Router

To configure basic service-side OSPF functionality:

  1. Configure a VPN for the OSPF network:
    vEdge(config)# vpn vpn-id
    vpn-id
    can be any VPN number except VPN 0 and VPN512. VPN 0 is the transport VPN and carries only control traffic, and VPN 512 is the management interface.
  2. Configure OSPF area 0 and the interfaces that participate in that area:
    vEdge(config-vpn)# router ospf
    vEdge(config-ospf)# area 0
    vEdge(config-area-0)# interface interface-name
    vEdge(config-interface)# ip-address address
    vEdge(config-interface)# no shutdown
    vEdge (ospf-if)# exit

  3. Redistribute OMP routes into OSPF:
    vEdge(config-ospf)# redistribute omp
    By default, OMP routes are not redistributed into OSPF.
  4. Repeat Steps 1 through 3 for any additional VPNs.
  5. If desired, configure OMP to advertise to the vSmart controller any BGP and OSPF external routes that the vEdge router has learned:
    vEdge(config)# omp
    vEdge(config-omp)# advertise bgp
    vEdge(config-omp)# advertise ospf external

Here is an example of an OSPF routing configuration on the vEdge router. This configuration sets up VPN 10 with two interfaces, ge2/0 and ge3/0. It enables OSPF routing on those interfaces in area 0, and it redistributes the OMP routes from the vSmart controller into OSPF.

vpn 10
  router
    ospf
      redistribute omp
      area 0
        interface ge2/0
        exit
      interface ge3/0
       exit
     exit
    !
  !
  interface ge2/0
    ip address 10.0.5.12/24
    no shutdown
  !     
  interface ge3/0
    ip address 10.0.2.12/24
    no shutdown
  !     

Set Up Basic BGP on a vEdge Router

To configure basic service-side BGP functionality:

  1. Configure a VPN:
    vEdge(config)# vpn vpn-id
    vpn-id can be any service-side VPN, which is a VPN other than VPN 0 and VPN 512. VPN 0 is the transport VPN and carries only control traffic, and VPN 512 is the management VPN.
  2. Configure BGP to run in the VPN:
    1. Configure the local AS number:​
      vEdge(config-vpn)# router bgp local-as-number
      You can specify the AS number in 2-byte ASDOT notation (1 through 65535) or in 4-byte ASDOT notation (1.0 through 65535.65535).
    2. Configure the BGP peer, specifying its address and AS number (the remote AS number), and enable the connection to the peer:
      vEdge(config-bgp)# neighbor address remote-as remote-as-number
      vEdge(config-bgp)# no shutdown
  3. Configure a system IP address for the vEdge router:
    vEdge(config)# system system-ip address

Here is an example of a BGP configuration on the vEdge router:

vEdge# show running-config system
system
  system-ip 10.1.2.3
!
vEdge# show running-config vpn 1
vpn 1
  router
    bgp 1
      neighbor 11.1.2.3
        no shutdown
        remote-as 2
      !
    !
  !
  ip route 0.0.0.0/0 10.0.16.13
!

Redistribute BGP Routes and AS Path Information

By default, routes from other routing protocols are not redistributed into BGP. It can be useful for BGP to learn OMP routes, because OMP learns routes to destinations throughout the overlay network. BGP on the vEdge router then advertises the OMP routes to all the BGP routers in the service-side of the network. To redistribute OMP routes into BGP so that these routes are advertised to all BGP routers in the service side of the network, configure redistribution in any VPN except VPN 0 or VPN 512:

vEdge(config)# vpn vpn-id router bgp
vEdge(config-bgp)# address-family ipv4-unicast redistribute omp [route-policy policy-name]

You can also redistribute routes learned from other protocols into BGP:

vEdge(config-bgp)# address-family ipv4-unicast redistribute (connected | nat | natpool-outside | ospf | static) [route-policy policy-name]

You can control redistribution of routes on a per-neighbor basis:

vEdge(config-bgp)# neighbor ip-address
vEdge(config-neighbor)# address-family ipv4-unicast redistribute (connected | nat | natpool-outside | omp | ospf | static)
vEdge(config-neighbor)# route-policy policy-name (in | out)

In the BGP route redistribution commands, the optional route policy is applied to the routes that are redistributed into BGP or routes that are redistributed out from BGP.

You can configure the vEdge router to advertise BGP routes that it has learned, through OMP, from the vSmart controller. Doing so allows the vSmart controller to advertise these routes to other vEdge routers in the overlay network. You can advertise BGP routes either globally or for a specific VPN:

vEdge(config)# omp advertise bgp

vEdge(config)# vpn vpn-id omp advertise bgp

By default, when BGP advertises routes into OMP, BGP advertises each prefix's metric. BGP can also advertise the prefix's AS path:

vEdge(config)# vpn vpn-id router bgp
vEdge(config-bgp)# propagate-aspath

When you configure BGP to propagate AS path information, the router sends AS path information to routers that are behind the vEdge router (in the service-side network) that are running BGP, and it receives AS path information from these routers. If you are redistributing BGP routes into OMP or into another protocol, or if you are advertising BGP routes to OMP, the AS path information is included in the advertised BGP routes. If you configure BGP AS path propagation on some but not all vEdge routers in the overlay network, the routers on which it is not configured receive the AS path information but they do not forward it to the BGP routers in their local service-side network. Propagating AS path information can help to avoid BGP routing loops.

In networks that have both overlay and underlay connectivity—for example, when vEdge routers are interconnected by both a Viptela overlay network and an MPLS underlay network—you can assign as AS number to OMP itself. For vEdge routers running BGP, this overlay AS number is included in the AS path of BGP route updates. To configure the overlay AS:

vEdge(config)# omp
vEdge(omp)# overlay-as as-number

You can specify the AS number in 2-byte ASDOT notation (1 through 65535) or in 4-byte ASDOT notation (1.0 through 65535.65535). As a best practice, it is recommended that the overlay AS number be a unique AS number within both the overlay and the underlay networks. That use, select an AS number that is not used elsewhere in the network.

If you configure the same overlay AS number on multiple vEdge routers in the overlay network, all these routers are considered to be part of the same AS, and as a result, they do not forward any routes that contain the overlay AS number. This mechanism is an additional technique for preventing BGP routing loops in the network.

Configure Transport-Side Routing

When a vEdge router is not directly connected to the WAN cloud, it cannot communicate with the vSmart controller in the overlay network. To enable communication between the vEdge router and other Viptela devices, you configure OSPF or BGP on a loopback interface in VPN 0. The loopback interface is a virtual transport interface that is the terminus of the DTLS and IPsec tunnel connections required for the vEdge router to participate in the overlay network.

To configure transport-side routing, you configure a loopback interface, the physical interface, and the routing protocol in VPN 0.

Configure BGP Transport-Side Routing

To configure BGP transport-side routing:

  1. Configure a physical interface in VPN 0:
    vEdge(config)# vpn 0 interface geslot/port ip address address
    vedge(config-interface)# no shutdown
  2. Configure a loopback interface in VPN 0:
    vEdge(config)# vpn 0 interface loopbacknumber ip address address
    vEdge(config-interface)# no shutdown
    vEdge(config-interface)# tunnel-interface color color
  3. Configure a BGP instance in VPN 0:
    vEdge(config)# vpn 0 router bgp local-as-number
  4. Create a policy for BGP to advertise the loopback interface address to its neighbors:
    vEdge(config)# policy lists prefix-list prefix-list-name ip-prefix prefix
    prefix is the IP address of the loopback interface.
  5. Configure a route policy that affects the loopback interface's prefix:
    vEdge(config)# policy route-policy policy-name sequence number match address prefix-list-name
    vEdge(config)# policy route-policy policy-name sequence number action accept
    vEdge(config)# policy route-policy policy-name default-action reject
  6. Reference the policy in the BGP instance. To apply the policy such that the loopback address is advertised to all BGP neighbors:
    vEdge(config)# vpn 0 router bgp local-as-number address-family ipv4-unicast redistribute connected route-policy policy-name

    To apply the policy only to a specific neighbor:
    vEdge(config)# vpn 0 router bgp local-as-number neighbor neighbor-address address-family ipv4-unicast redistribute connected route-policy policy-name out
    Specify out in the second command so that BGP advertises the loopback prefix out to the neighbor.

Here is an example of a minimal BGP transport-side routing configuration in which the loopback address is advertised to all the vEdge router's BGP neighbors. Note that even though we did not configure any services on the tunnel interface, these services are associated with the tunnel by default and are included in the configuration. Because services affect only physical interfaces, you can ignore them on loopback interfaces.

vEdge# show running-config vpn 0 
vpn 0
 router
  bgp 2
   router-id 172.16.255.18
   timers
    keepalive 1
    holdtime  3
   !
   address-family ipv4-unicast
    redistribute connected route-policy export_loopback
   !
   neighbor 10.20.25.16
    no shutdown
    remote-as 1
    timers
     connect-retry          2
     advertisement-interval 1
    !
   !
  !
 !
 interface ge0/1
  ip address 10.20.25.18/24
  no shutdown
 !
 interface loopback
  ip address 172.16.255.118/32
  tunnel-interface
   color lte
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service ntp
   no allow-service stun
  !
  no shutdown
 !
!
policy
 lists
  prefix-list loopback_prefix
   ip-prefix 172.16.255.118/32
  !
 !
 route-policy export_loopback
  sequence 10
   match
    address loopback_prefix
   !
   action accept
   !
  !
  default-action reject
 !
!

Configure OSPF Transport-Side Routing

To configure OSPF transport-side routing:

  1. Configure a physical interface in VPN 0:
    vEdge(config)# vpn 0 interface geslot/port ip address address
    vEdge(config-interface)# no shutdown
  2. Configure a loopback interface in VPN 0 as a tunnel interface:
    vEdge(config)# vpn 0 interface loopbacknumber ip address address
    vEdge(config-interface)# no shutdown
    vEdge(config-interface)# tunnel-interface color color
  3. Configure an OSPF instance in VPN 0:
    vEdge(config)# vpn 0 router ospf
  4. Add the physical and loopback interfaces to the OSPF area:
    vEdge(config-ospf)# area number interface geslot/port
    vEdge(config-area)# interface loopbacknumber

Here is any example of a minimal OSPF transport-side routing configuration. Note that even though we did not configure any services on the tunnel interface, these services are associated with the tunnel by default and are included in the configuration. Because services affect only physical interfaces, you can ignore them on loopback interfaces.

vEdge# show running-config vpn 0
vpn 0
 router
  ospf
   router-id 172.16.255.11
   timers spf 200 1000 10000
   area 0
    interface ge0/1
    exit
    interface loopback1
    exit
   exit
  !
 !
 interface ge0/1
  ip address 10.0.26.11/24
  no shutdown
 !
 interface loopback1
  ip address 10.0.101.1/32
  tunnel-interface
   color lte
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service ntp
   no allow-service stun
  !
  no shutdown
 !
!