Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Configuring Unicast Overlay Routing

  1. Last updated
  2. Save as PDF

This article describes how to provision unicast overlay routing and the OSPF and BGP routing protocols.

Configure Service-Side Routing

The Viptela overlay network supports BGP and OSPF unicast routing protocols. You can configure these protocols on vEdge routers to provide reachability to networks at their local sites. Provisioning BGP and OSPF in this way enables routing on the service side of the network.

To set up routing on the vEdge router, you provision one VPN or multiple VPNs if segmentation is required. Within each VPN, you configure the interfaces that participate in that VPN and the routing protocols that operate in that VPN.

Because vSmart controllers never participate in a local site network, you never configure BGP or OSPF on these devices.

Set Up Basic OSPF on a vEdge Router

To configure basic service-side OSPF functionality:

  1. Configure a VPN for the OSPF network:
    vEdge(config)# vpn vpn-id
    vpn-id     can be any VPN number except VPN 0 and VPN512. VPN 0 is the transport VPN and carries only control traffic, and VPN 512 is the management interface.

  2. Configure OSPF area 0 and the interfaces that participate in that area:
    vEdge(config-vpn)# router ospf
    vEdge(config-ospf)# area 0
    vEdge(config-area-0)# interface interface-name
    vEdge(config-interface)# ip-address address
    vEdge(config-interface)# no shutdown
    vEdge (ospf-if)# exit

  3. Redistribute OMP routes into OSPF:
    vEdge(config-ospf)# redistribute omp
    By default, OMP routes are not redistributed into OSPF.
  4. Repeat Steps 1 through 3 for any additional VPNs.
  5. If desired, configure OMP to advertise to the vSmart controller any BGP and OSPF external routes that the vEdge router has learned:
    vEdge(config)# omp
    vEdge(config-omp)# advertise bgp
    vEdge(config-omp)# advertise ospf external

Here is an example of an OSPF routing configuration on the vEdge router. This configuration sets up VPN 10 with two interfaces, ge2/0 and ge3/0. It enables OSPF routing on those interfaces in area 0, and it redistributes the OMP routes from the vSmart controller into OSPF.

vpn 10
  router
    ospf
      redistribute omp
      area 0
        interface ge2/0
        exit
      interface ge3/0
       exit
     exit
    !
  !
  interface ge2/0
    ip address 10.0.5.12/24
    no shutdown
  !     
  interface ge3/0
    ip address 10.0.2.12/24
    no shutdown
  !

Set Up Basic BGP on a vEdge Router

To configure basic service-side BGP functionality:

  1. Configure a VPN:
    vEdge(config)# vpn vpn-id
    vpn-id can be any VPN except VPN and VPN512. VPN 0 is the transport VPN and carries only control traffic, and VPN 512 is the management interface.
  2. Configure BGP to run in the VPN:
    1. Configure the local AS number:​
      vEdge(config-vpn)# router bgp local-as-number
    2. Configure the BGP peer, specifying its address and AS number (the remote AS number):
      vEdge(config-bgp)# neighbor address remote-as remote-as-number
      vEdge(config-bgp)# exit
  3. Redistribute OMP routes into BGP:
    vEdge(config-bgp)# address-family ipv4-unicast redistribute omp
    ​vEdge(config-bgp)# exit
    Be default, OMP routes are not redistributed into BGP.
  4. Repeat Steps 1, 2, and 3 for any additional VPNs.
  5. If desired, configure OMP to advertise to the vSmart controller any BGP routes that the vEdge router has learned:
    vEdge(config)# omp
    ​vEdge(config-omp)# advertise bgp
  6. Configure a system IP address for the vEdge router:
    vEdge(config)# system system-ip address

Here is an example of a BGP configuration on the vEdge router:

vEdge# show running-config system
system
  system-ip 10.1.2.3
!
vEdge# show running-config vpn 1
vpn 1
  router
    bgp 1
      neighbor 11.1.2.3
        no shutdown
        remote-as 2
      !
    !
  !
  ip route 0.0.0.0/0 10.0.16.13
!

Configure Transport-Side Routing

When a vEdge router is not directly connected to the WAN cloud, it cannot communicate with the vSmart controller in the overlay network. To enable communication between the vEdge router and other Viptela devices, you configure OSPF or BGP on a loopback interface in VPN 0. The loopback interface is a virtual transport interface that is the terminus of the DTLS and IPsec tunnel connections required for the vEdge router to participate in the overlay network.

To configure transport-side routing, you configure a loopback interface, the physical interface, and the routing protocol in VPN 0.

Configure BGP Transport-Side Routing

To configure BGP transport-side routing:

  1. Configure a physical interface in VPN 0:
    vEdge(config)# vpn 0 interface geslot/port ip address address
    vedge(config-interface)# no shutdown
  2. Configure a loopback interface in VPN 0:
    vEdge(config)# vpn 0 interface loopbacknumber ip address address
    vEdge(config-interface)# no shutdown
    vEdge(config-interface)# tunnel-interface color color
  3. Configure a BGP instance in VPN 0:
    vEdge(config)# vpn 0 router bgp local-as-number
  4. Create a policy for BGP to advertise the loopback interface address to its neighbors:
    vEdge(config)# policy lists prefix-list prefix-list-name ip-prefix prefix
    prefix is the IP address of the loopback interface.
  5. Configure a route policy that affects the loopback interface's prefix:
    vEdge(config)# policy route-policy policy-name sequence number match address prefix-list-name
    vEdge(config)# policy route-policy policy-name sequence number action accept
    vEdge(config)# policy route-policy policy-name default-action reject
  6. Reference the policy in the BGP instance. To apply the policy such that the loopback address is advertised to all BGP neighbors:
    vEdge(config)# vpn 0 router bgp local-as-number address-family ipv4-unicast redistribute connected route-policy policy-name

    To apply the policy only to a specific neighbor:
    vEdge(config)# vpn 0 router bgp local-as-number neighbor neighbor-address address-family ipv4-unicast redistribute connected route-policy policy-name out
    Specify out in the second command so that BGP advertises the loopback prefix out to the neighbor.

Here is an example of a minimal BGP transport-side routing configuration in which the loopback address is advertised to all the vEdge router's BGP neighbors. Note that even though we did not configure any services on the tunnel interface, these services are associated with the tunnel by default and are included in the configuration. Because services affect only physical interfaces, you can ignore them on loopback interfaces.

vEdge# show running-config vpn 0 
vpn 0
 router
  bgp 2
   router-id 172.16.255.18
   timers
    keepalive 1
    holdtime  3
   !
   address-family ipv4-unicast
    redistribute connected route-policy export_loopback
   !
   neighbor 10.20.25.16
    no shutdown
    remote-as 1
    timers
     connect-retry          2
     advertisement-interval 1
    !
   !
  !
 !
 interface ge0/1
  ip address 10.20.25.18/24
  no shutdown
 !
 interface loopback
  ip address 172.16.255.118/32
  tunnel-interface
   color lte
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service ntp
   no allow-service stun
  !
  no shutdown
 !
!
policy
 lists
  prefix-list loopback_prefix
   ip-prefix 172.16.255.118/32
  !
 !
 route-policy export_loopback
  sequence 10
   match
    address loopback_prefix
   !
   action accept
   !
  !
  default-action reject
 !
!

Configure OSPF Transport-Side Routing

To configure OSPF transport-side routing:

  1. Configure a physical interface in VPN 0:
    vEdge(config)# vpn 0 interface geslot/port ip address address
    vEdge(config-interface)# no shutdown
  2. Configure a loopback interface in VPN 0 as a tunnel interface:
    vEdge(config)# vpn 0 interface loopbacknumber ip address address
    vEdge(config-interface)# no shutdown
    vEdge(config-interface)# tunnel-interface color color
  3. Configure an OSPF instance in VPN 0:
    vEdge(config)# vpn 0 router ospf
  4. Add the physical and loopback interfaces to the OSPF area:
    vEdge(config-ospf)# area number interface geslot/port
    vEdge(config-area)# interface loopbacknumber

Here is any example of a minimal OSPF transport-side routing configuration. Note that even though we did not configure any services on the tunnel interface, these services are associated with the tunnel by default and are included in the configuration. Because services affect only physical interfaces, you can ignore them on loopback interfaces.

vEdge# show running-config vpn 0
vpn 0
 router
  ospf
   router-id 172.16.255.11
   timers spf 200 1000 10000
   area 0
    interface ge0/1
    exit
    interface loopback1
    exit
   exit
  !
 !
 interface ge0/1
  ip address 10.0.26.11/24
  no shutdown
 !
 interface loopback1
  ip address 10.0.101.1/32
  tunnel-interface
   color lte
   allow-service dhcp
   allow-service dns
   allow-service icmp
   no allow-service sshd
   no allow-service ntp
   no allow-service stun
  !
  no shutdown
 !
!
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. bgp 16.2
    2. ospf 16.2
    3. unicast routing 16.2