The following chapter provides guidance for onboarding and configuring hub appliances. This chapter focuses on deployment of on-premise hub gateways, but also provides guidance for cloud hubs.
Aruba SD-WAN supports the deployment of EdgeConnect virtual gateways into various cloud providers. Automation is provided within Orchestrator to simplify deployments. Configuration guidance can be found within the EC-V Cloud Deployment Guides.
While various deployment models are supported, the Cloud Integration section in the VSG outlines the most common options.
The remainder of this chapter outlines the steps for deployment of on-premise hub gateways.
Table of contents
The hub gateways are placed in a data center with direct internet handoff. This internet uplink is statically addressed, as is common in datacenter internet handoffs.
To onboard the hub gateways, use the following procedure to log into the web interface and configure the Internet interface.
Step 1 Cable Mgmt0 to a management network
Step 1 Cable LAN and WAN connections.
Step 1 Connect to the web interface of Mgmt0.
Note: Mgmt0 will attempt to receive an IP address via DHCP. If a DHCP provided IP address is not obtained the gateway will default to the IP address 169.254.0.1. In this example the gateway is provided a DHCP address of 172.16.107.27 from the management network.
Step 2 Log into the Web interface using
- Username: admin
- Password: admin
Step 3 Enter the Hostname: RSVDC-ECE1.
Step 4 Click Save.
Step 5 Click Configuration, then click Deployment.
Step 6 Configure the WAN0 interface. In the IP/Mask field, enter in the Public IP address and mask in the following format.
- IP Address/Mask : X.X.X.X/X
Step 7 In the interface Next Hop field for WAN0, enter the default gateway for the Internet link.
Step 8 Set the FW Mode to Stateful + SNAT.
Step 9 Configure the MPLS IP address for WAN1. In the IP/Mask field, enter the following.
- IP Address/Mask: 100.100.7.3/28
Step 10 Set the FW Mode to Allow All.
Step 11 In the interface Next Hop field for WAN0 enter in the default gateway for the MPLS link.
- Next Hop: 100.100.7.1
Step 12 Enter the Bandwidth for both WAN interfaces.
- WAN0: 100,000 down/ 25,000 up
- WAN1: 10,000 down/ 5,000 up
Step 13 Configure the LAN0 Side Point to point interface.
- IP/Mask: 172.18.106.50/31
Step 14 Click the +Add next to LAN Interfaces.
Step 15 Configure the LAN1 Point-to-Point interface.
- IP/Mask: 172.18.106.54/31
Step 16 Click Apply.
Step 17 Repeat steps 1 to 16 for the second hub gateway with appropriate naming and IP addresses.
Hub gateways will connect to the Orchestrator after the previous procedure.
Log into Orchestrator and use the following procedure to complete the hub gateway configuration.
Step 1 Click the Appliances Discovered button.
Step 2 Click the Approve Button on the RSVDC-ECE1 appliance.
Step 3 Click Software Version and change it to the desired software. This example uses: 18.104.22.168_94322.
Step 4 Repeat this process for RSVDC-ECE2.
The following steps will walk through the configuration wizard used to onboard the hub gateway.
Step 1 Click Approve for the RSVDC-ECE1 appliance.
Step 2 Click Skip.
Step 3 For the first step of the appliance, enter the following information.
- Admin Password: < Password >
- Group: HUB
- Site Name: Roseville Datacenter
- Contact Name: Aruba TME
- Contact Email: < Company Email >
- Address: 8000 Foothills BLVD
- City: Roseville
- State: CA
- Zip Code: 95747
Step 4 Check the Hub Site box.
Step 5 Click Next.
Step 6 Change the FW Zone for the LAN interfaces to LAN.
Step 7 Change the Label for the WAN0 to INET1.
Step 8 Change the Label for the WAN1 to MPLS1.
Step 9 Change the FW Zone for both WAN interfaces to WAN.
Step 10 Click the Calc button to set the license.
Step 11 Click Next.
Note: The Loopback interface will be configured automatically by Loopback Orchestration.
Step 12 Click Add.
Step 13 Enter the Summary Address for the campus: 10.0.0.0/13. for ECE1, set metric to 10 for ECE2, set metric to 100.
Step 14 Click Next.
Step 15 Verify the BIO overlays configured in the initial setup.
Step 16 Click Next.
Step 17 Click Apply.
Step 18 Repeat Steps 1 to 23 for the second hub gateway.
Note: Ensure the metric for ECE-2 is higher than ECE-1 to avoid asymmetric flows.
Step 1 Click Configuration. In the Networking column, click OSPF.
Step 2 On the default segment row for RSVDC-ECE1, click the edit (pencil) icon.
Step 3 Select the Enable OSPF toggle.
Step 4 Enter the Router ID: 10.14.254.101
Step 5 Below the Area table, click the Add button.
Step 6 In the window, click Add.
Step 7 Below the interface table, click the Add button.
Step 8 In the window, set the interface to LAN0, then click Add.
Step 9 Repeat step 8 for LAN1.
Step 10 Click Save.
Step 11 Repeat steps 1 to 8 for RSVDC-ECE2 with a Router ID of 10.14.254.102.
Step 12 Configure the defualt_rtmap_to_ospf with a metric higher metric on RSVDC-ECE2. This is to prevent asymmetric routing.
Step 13 Ensure that OSPF is up by clicking the Neighbors tab
In the Preparing to Deploy section, the template was set to advertise local LAN subnets automatically for the guest and quarantine segments. The hubs do not have interfaces configured with the guest or quarantine segment so they do not advertise any prefixes for branch networks. To ensure that the guest and quarantine segments can reach internal services, they must be assigned a route on the hub. The summary route for 10.0.0.0/13 must be configured and advertised on each segment. Use the following steps to configure the segment route.
Step 1 On the OSPF page, click Routes on the top left.
Step 2 Scroll down and find the guest segment. Click the (pencil) Icon.
Step 3 In the popup window, un-check the Automatically Advertise local LAN subnets
Step 4 Click the Add Route button.
Step 5 Enter the summary route: 10.0.0.0/13
Step 6 Repeat steps 2 to 5 for the quarantine segment.
Step 7 Repeat steps 2 to 6 for RSVDC-ECE2.