Saturday 13 January 2024

SDWAN tloc-list verses local-tloc-list

CASE STUDY - LOCAL-TLOC-LIST ver TLOC-LIST

LOCAL-TLOC-LIST 

Syntax : set local-tloc color {color} [encap {ipsec|gre}] 

where color is any one of the supported TLOC colors. This action directs packets to be forwarded out of the TLOC that is specified in the color argument. If this TLOC is not available (because it is not configured, the tunnel is down, or so on), then the traffic is forwarded out any valid TLOC, as indicated by the routing table. There is also a configuration command called set local-tloc-list that allows for the selection of one or more colors.


local-tloc action selects the preferred egress TLOC on the local WAN Edge router, while the
TLOC-List action mandates the TLOCs on the receiving WAN Edge that the traffic will be forwarded to

CONFIGURATION DIFFERENCE 

Seqence 11 for youtube traffic follow the traffic path biz-internet and when biz-internet down it take path from avalible color - mpls 

sequence 11
  match
    app-list YouTube
     source-ip 0.0.0.0/0
!
 action accept
set
 local-tloc-list
  color biz-internet
  encap ipsec

Sequence 21 is for fackbook traffic during biz-internet UP will follow biz-internet path but when biz-internet down then fackbook traffic drop

sequence 21
    match
      app-list Facebook
      source-ip 0.0.0.0/0
!
    action accept
    set
       vpn 1
       tloc-list DC_INET_TLOCS


Let see when applying above command during avalibilty of  Color biz-internt and when BFD down for biz-internet so traffic for youtube and fackbook follow different way based on given command - local-tloc-list ver tloc-list 

FLOW EXAMPLE

When BFD related with Color- biz-internet - UP 

local-tloc-list 
Branch-vEdge-1# show policy service-path vpn 1 interface ge0/3 source-ip 10.1.102.1 dest-ip 0.0.0.0 protocol 1 app youtube all
!
Number of possible next hops: 1
Next Hop: IPsec
Source: 100.64.102.2 12346 Destination: 100.64.21.2 12386 Color:biz-internet 

tloc-list
Branch-vEdge-1# show policy service-path vpn 1 interface ge0/3 source-ip 10.1.102.1 dest-ip 0.0.0.0 protocol 1 app facebook all
!
Number of possible next hops: 1
Next Hop: IPsec
Source: 100.64.102.2 12346 Destination: 100.64.21.2 12386 Color:biz-internet 

When BFD related with Color- biz-internet - DOWN 

local-tloc-list
BR2-vEdge-1# show policy service-path vpn 1 interface ge0/3 source-ip 10.1.102.1 dest-ip 0.0.0.0 protocol 1 app youtube all
dest-ip 0.0.0.0 protocol 1 app youtube all
Number of possible next hops: 1
Next Hop: IPsec
Source: 172.16.102.2 12346 Destination: 172.16.21.2 Color: mpls

tloc-list
BR2-vEdge-1# show policy service-path vpn 1 interface ge0/3 source-ip 10.1.102.1 dest-ip 0.0.0.0 protocol 1 app facebook all
dest-ip 0.0.0.0 protocol 1 app facebook all
Number of possible next hops: 1
Next Hop: Blackhole  <<<<<<<<<Traffic drop

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)