Private WAN network integration¶
Private WAN is a sophisticated feature and requires some research and planning to integrate into a partner’s network. This document describes considerations for integrating private WAN (PWAN) into your network.
PWAN router location and addresses¶
PWAN routers must be located where they have Ethernet connectivity to a datacentre core router. Traffic from bonders is sent to and received from the core routers over Ethernet or VLAN Ethernet.
PWAN routers must be assigned an IP address from a subnet that can be used to communicate with a core router. For example, if a core router has an IP of 198.18.0.1/28, a PWAN router could be given an IP of 198.18.0.2/28 and a default gateway of 198.18.0.1. With this configuration, spaces that did not define a specific gateway would use the PWAN router’s own default gateway, 198.18.0.1. The primary IP on the PWAN router’s interface should be specified in the IP field of its record on the management server.
PWAN routers should be integrated into the OSPF of BGP dynamic routing network of the partner’s network.
Spaces can be configured to use a different gateway than the PWAN router’s own default gateway, with or without a VLAN. In this case, the IP to use on the PWAN router and the gateway IP are specified in the space private WAN tab. If using VLANs, the Ethernet network must be configured to allow the proper VLANs, or be configured as a trunk.
Aggregator location and addresses¶
Aggregators can be located anywhere they are able to route to the PWAN router in their routing group, but for best performance should located very close to the PWAN router—even on the same IP subnet and Ethernet segment.
Aggregators need a single public IP on their primary network interface. This is no different compared to non-PWAN environments.
All traffic between bonders and aggregators and between aggregators and PWAN routers goes through the aggregator’s main network interface. Aggregators do not normally use VLANs or secondary interfaces to communicate with PWAN routers or core routers. Routing customer traffic between aggregators and PWAN routers is done with encrypted tunnels.
Example integration¶
The following diagram shows how a PWAN environment could be configured. It has a core router, master and slave PWAN routers, and two aggregators all on the same Ethernet segment and IP subnet. The 198.18.0.4 aggregator communicates with the master PWAN router between its 198.18.0.4 IP on its primary interface and the 198.18.0.2 IP on the PWAN router’s primary interface, with one encrypted tunnel for each PWAN space.
Notes on the above diagram:
The PWAN aggregator primary network interface (the eth0 198.18.0.2 address in the master PWAN router above) is configured via Debian’s
/etc/network/interfacesfile, the same as how aggregators are configured. However, the per-space VLAN interface and IP addresses (the eth0.2 198.18.0.66 address above) are configured automatically from the space configurations. No changes need to be made to/etc/network/interfacesto add or change a per-space VLAN interface or IP address.The design above shows the core router, aggregators, and PWAN routers on a single Ethernet segment using the same IP subnet. This minimizes network latency and maximizes throughput between the hosts, but is not necessary. The aggregators and PWAN routers route traffic between themselves with tunnels, so do not need to be in the same Ethernet segment, IP subnet, or even datacentre.
The following diagram shows how bonders, aggregators, and PWAN routers sent traffic between themselves. The red line between the bonder and aggregator indicates the standard SD-WAN tunnel. The red lines between the aggregators and master PWAN router indicate encrypted GRE tunnels. Notice that one aggregator has two tunnels to the PWAN router, indicating that there are two PWAN spaces on that aggregator. Finally, the two green lines between the master PWAN router and the core router indicate traffic being routed on the non-VLAN Ethernet link for one space, and on the VLAN Ethernet link for another space.
