Link Search Menu Expand Document
calendar_month 18-Apr-23

Aruba SD-Branch Network Deployment Overview

Aruba SD-Branch provides flexible deployment options for WAN and LAN.

This guide details a hub-and-spoke WAN topology and an L2 LAN topology, with additional comments related to other topologies. This deployment consists of three remote sites and a single headend data center.

Each remote site has redundant branch gateways providing circuit termination and a LAN default gateway. Switches at branch sites provide L2 connectivity for the APs and other client devices. It is best practice to standardize the branch design for all sites to realize the full benefits of Aruba Central configuration. Multiple branch designs can be accommodated, as addressed in the Preparing to Deploy section.

A pair of VPNCs (VPN concentrators) is configured to facilitate connectivity between the campus network and branch sites using IPsec tunnels and route sharing. VPNCs summarize the campus subnets to a single route of 10.0.X.X/13 and prevent advertising point-to-point links to the branches. The VLAN layout and IP information configured on each VPNC in the pair are shown below.

Network_Overview

VPNC VLANSGateway PoolINETMPLSMicroBranchOSPF_Link_1OSPF_Link_2
VLAN ID20852084208610140014002
RSVDC-VPNC1-1Gateway PoolINETMPLSMicroBranchOSPF_Link_1OSPF_Link_2
IP AddressDHCPX.X.X.X100.100.7.510.8.0.2172.18.106.22172.18.106.30
RSVDC-VPNC1-2Gateway PoolINETMPLSMicroBranchOSPF_Link_1OSPF_Link_2
IP AddressDHCPX.X.X.X100.100.7.610.8.0.3172.18.106.18172.18.106.26

Each remote site consists of two branch gateways, two switches, and three access points. Each branch site is assigned a /21 subnet from the superset address space of 10.14.X.X/16. Within the 10.14.X.X/16 address space, two subnets are reserved: 10.14.255.X/24 is reserved for the branch gateway pool, and 10.14.254.X/24 for Microbranch system IPs.

The VPNCs advertise a summary network of 10.14.X.X/16. Branch switches at each site have nine VLANs. Their default gateway is a virtual IP shared among the branch gateways at each site. The other three VLANs (Gateway pool, INET, MPLS) exist only on the branch gateways. Switches and access points receive an IP address on the MGMT VLAN.

BGW VLANSINETMPLSMGMTEMPLOYEEIPTVCAMERAGuestREJECT_QUARANTINE
VLAN ID40854084100101102103104105
Switching VLANsMGMTEMPLOYEEIPTVCAMERAGuestREJECT_QUARANTINE
VLAN ID100101102103104105
MIABRGateway PoolINETMPLSMGMTEMPLOYEEIPTVCAMERAGuestREJECT_QUARANTINE
Subnet10.14.255.X/24DHCP172.17.1.X/3010.14.0.0/2410.14.1.0/2410.14.2.0/2410.14.3.0/2410.14.4.0/2410.14.5.0/24
HOUBRGateway PoolINETMPLSMGMTEMPLOYEEIPTVCAMERAGuestREJECT_QUARANTINE
Subnet10.14.255.X/24DHCP172.17.1.X/3010.14.8.0/2410.14.9.0/2410.14.10.0/2410.14.11.0/2410.14.12.0/2410.14.13.0/24
SANBRGateway PoolINETMPLSMGMTEMPLOYEEIPTVCAMERAGuestREJECT_QUARANTINE
Subnet10.14.255.X/24DHCP172.17.1.X/3010.14.16.0/2410.14.17.0/2410.14.18.0/2410.14.19.0/2410.14.20.0/2410.14.21.0/24

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.