Uplinks for Branch Gateways

Uplinks connect Branch Gateways to underlay networks. By default, both wired and cellular uplinks are set as active links with load balancing enabled on Branch Gateways. Branch Gateways support a total of five uplinks which include four wired uplinks and one cellular uplink.

Uplink Load Balancing

An uplink can be configured as an active uplink or as standby. The uplink load balancing feature supports both active and standby uplinks, for example, traffic can be load balanced across two wired uplinks, while the backup cellular uplink remains idle and is used when a wired link fails. When a Branch Gateway has multiple active uplinks, uplink load balancing can modify the Internet Key Exchange (IKE Internet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.) parameters for the Branch Gateway to create multiple IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels, one on each uplink. When multiple uplinks and IPsec tunnels are up, the layer 3 traffic can be load-balanced across these uplinks using internal routing ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. and next hop lists.

WAN Bandwidth Optimization

Data compression reduces the size of data frames that are transmitted over a network link. This in turn reduces the time required to transmit the frame across the network. IP payload compression is one of the key features of the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. bandwidth optimization solution, which consists of the following elements:

IP Payload Compression

WAN optimization through IP payload compression is not supported on 7205 Branch Gateway.

Branch Gateways can send traffic to destinations other than the corporate headquarters on the same link; therefore payload compression is enabled on the IPsec tunnel between the Branch Gateway and VPNC. Dynamic compression is used for the IP payload to achieve a high compression ratio. However, compression is not applied to data, for example, an embedded image file that may already be in a compressed format.

Source NAT VLAN

One popular type of WAN configuration across Internet Service Providers (ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet.) implementing broadband services is IPoE. When using this technology, the ISP deliver an IP payload over an Ethernet Ethernet is a network protocol for data transmission over LAN.-based access network without using Asynchronous Transfer Mode (ATM). IPoE encapsulates IP datagrams in Ethernet frames using RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 894 encapsulation.

When this is the case, Branch Gateways share a private network (and often a private IP address assigned through DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  in that subnet Subnet is the logical division of an IP network.) with the ISP router. This subnet is fundamentally used for control-plane communications, like DHCP or routing protocols. Network traffic, however, is sourced from an alternative public interface assigned by the ISP. This interface is advertised to the ISP router by running dynamic routing protocol between the actual physical uplink IP of the Branch Gateway and the ISP router.

Figure 1  Source NAT VLAN

The alternative interface used to source all unicast communications (with the exception of routing protocols) is defined by configuring a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface, which is set to Force operational status UP, and by adding VLAN to an uplink configuration as a Source NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. VLAN.

Tunnel Bandwidth Negotiation

The Gateways at the tunnel endpoints, perform tunnel bandwidth negotiation with each other, to ensure that the Gateways at the tunnel endpoints exchange their respective WAN speed and maximum bandwidth threshold values with each other. This is done to ensure that one Gateway does not send more traffic than the other Gateway can ingest.

During the tunnel bandwidth negotiation, the tunnel endpoints inform each other about the maximum bandwidth they can ingest based on the value configured in the Speed field and the percentage configured in the Tunnel max bandwidth threshold field of the Gateway uplink configuration. For more information, see Configuring an MPLS, Metro-Ethernet, or an INET Uplink.

The VPNC assigns a bandwidth contract with the tunnel to control the tunnel traffic based on traffic priority. Traffic in the high priority queue is handled first, followed by the low priority queue. Therefore, the management-plane traffic or the traffic marked as high in any session-based policy takes precedence over the rest of the traffic.

The following figure illustrates a scenario where the Gateways at both ends of a tunnel negotiate the bandwidth each other can ingest.

Figure 2  Tunnel Bandwidth Negotiation

Configuring Uplink Interfaces on Branch Gateways

For information about how to configure uplink interfaces on Branch Gateways, see Configuring Uplink Interfaces on Branch Gateways.

Configuring Uplink Interfaces on VPNCs

For information about how to configure uplink interfaces on VPNCs, see Configuring Uplink Interfaces for VPNCs

Viewing Uplink Configuration

To view the current configurations of an uplink, use the show uplink command. For more information about the command, see The CLI Bank.