================================
Private WAN network integration
================================

Private WAN is a sophisticated feature and requires some research and
planning to integrate into a partner's network. This document describes
considerations for integrating private WAN (PWAN) into your network.

PWAN router location and addresses
------------------------------------

PWAN routers must be located where they have Ethernet connectivity to a
datacentre core router. Traffic from bonders is sent to and received
from the core routers over Ethernet or VLAN Ethernet.

PWAN routers must be assigned an IP address from a subnet that can be
used to communicate with a core router. For example, if a core router
has an IP of 198.18.0.1/28, a PWAN router could be given an IP of
198.18.0.2/28 and a default gateway of 198.18.0.1. With this
configuration, spaces that did not define a specific gateway would use
the PWAN router's own default gateway, 198.18.0.1. The primary IP on the
PWAN router's interface should be specified in the IP field of its
record on the management server.

PWAN routers should be integrated into the OSPF of BGP dynamic routing
network of the partner's network.

Spaces can be configured to use a different gateway than the PWAN
router's own default gateway, with or without a VLAN. In this case, the
IP to use on the PWAN router and the gateway IP are specified in the
`space private WAN tab <../../spaces/space-private-wan.html>`__. If using
VLANs, the Ethernet network must be configured to allow the proper
VLANs, or be configured as a trunk.

Aggregator location and addresses
-----------------------------------

Aggregators can be located anywhere they are able to route to the PWAN
router in their routing group, but for best performance should located
very close to the PWAN router—even on the same IP subnet and Ethernet
segment.

Aggregators need a single public IP on their primary network interface.
This is no different compared to non-PWAN environments.

All traffic between bonders and aggregators and between aggregators and
PWAN routers goes through the aggregator's main network interface.
Aggregators do not normally use VLANs or secondary interfaces to
communicate with PWAN routers or core routers. Routing customer traffic
between aggregators and PWAN routers is done with encrypted tunnels.

Example integration
--------------------

The following diagram shows how a PWAN environment could be configured.
It has a core router, master and slave PWAN routers, and two aggregators
all on the same Ethernet segment and IP subnet. The 198.18.0.4
aggregator communicates with the master PWAN router between its
198.18.0.4 IP on its primary interface and the 198.18.0.2 IP on the PWAN
router's primary interface, with one encrypted tunnel for each PWAN
space.

|image0|

Notes on the above diagram:

#. The PWAN aggregator primary network interface (the eth0 198.18.0.2
   address in the master PWAN router above) is configured via Debian's
   ``/etc/network/interfaces`` file, the same as how aggregators are
   configured. However, the per-space VLAN interface and IP addresses
   (the eth0.2 198.18.0.66 address above) are configured automatically
   from the space configurations. No changes need to be made to
   ``/etc/network/interfaces`` to add or change a per-space VLAN
   interface or IP address.
#. The design above shows the core router, aggregators, and PWAN routers
   on a single Ethernet segment using the same IP subnet. This minimizes
   network latency and maximizes throughput between the hosts, but is
   not necessary. The aggregators and PWAN routers route traffic between
   themselves with tunnels, so do not need to be in the same Ethernet
   segment, IP subnet, or even datacentre.

The following diagram shows how bonders, aggregators, and PWAN routers
sent traffic between themselves. The red line between the bonder and
aggregator indicates the standard Bonded Internet tunnel. The red lines
between the aggregators and master PWAN router indicate encrypted GRE
tunnels. Notice that one aggregator has two tunnels to the PWAN router,
indicating that there are two PWAN spaces on that aggregator. Finally,
the two green lines between the master PWAN router and the core router
indicate traffic being routed on the non-VLAN Ethernet link for one
space, and on the VLAN Ethernet link for another space.

|image1|


.. |image0| image:: /attachments/11668054/11668047.png
.. |image1| image:: /attachments/11668054/11668069.png
