Configuring private WAN¶
Perform these steps to configure PWAN in your environment.
- Verify that external firewalls are configured to allow traffic between aggregators and PWAN routers—see Network integration.
- Provision aggregators if new aggregators are to be used.
- Provision one or two PWAN routers at each routing group. A single PWAN router will provide full functionality, but two PWAN routers will provide high availability for spaces with bonds running at that routing group.
After following these steps, you can proceed to the testing steps below.
Testing private WAN¶
The following test can be performed to verify that private WAN is functional in a new environment.
- Set up a test space with two bonds, configured as follows:
- Bond A with connected IP 192.168.1.1/24, one DHCP leg (or whatever other legs you want; this doesn’t really matter)
- Bond B with connected IP 192.168.2.1/24, one DHCP leg (or whatever), on the same aggregator as Bond A
- Enable private WAN and configure an gateway on the space. The most simple gateway configuration is to specify a single public IP address (it must be available to route to the PWAN router, and needs to be part of an allocation and be delegated to the space) and enable SNAT. This will NAT outbound traffic to the specified IP address.
- Provision the bonds on bonders—either real hardware bonders, or virtualized bonders—even just two VirtualBox or similar guests on your workstation.
- Verify that the two bonders can ping each other when they are on the
same aggregator:
- Test that Bond A can ping Bond B, with this command on Bonder A’s
command line:
ping 192.168.2.1 -I 192.168.1.1 - Test that Bond B can ping Bond A, with this command on Bonder B’s
command line:
ping 192.168.1.1 -I 192.168.2.1
- Test that Bond A can ping Bond B, with this command on Bonder A’s
command line:
- Move Bond B to a different aggregator than Bond A, but in the same routing group, and repeat the tests in 4a and 4b above. This shows that bonders can ping each other when on different aggregators as traffic is being routed through the PWAN router.
- Verify that Bond A gets Internet access via the PWAN router and the
default gateway configured for the space:
wget icanhazip.com -O - -q --bind-address 192.168.1.1This prints the IP address that Internet hosts see traffic from the PWAN hosts coming from—for example, the NAT IP address configured for the gateway. - Move Bond B to an aggregator in a different routing group and repeat the tests in 4a and 4b above. This shows that bonders can ping each other when on different aggregators in different routing groups.
If the above tests are successful, the PWAN environment is working properly.