Connectivity¶
Routing branches via hub / dc
Multiple WAN and tunnel failover
Load balancing / link aggregation DIA
Quality based routing
seamless failover
QoS limiting interface
LTE configuration
This section covers connectivity related use cases.
Routing branches via main site¶
Follow this guide to configure routing all traffic via main site using tunnels. In this case, all spokes will route all traffic through central hub and access the internet using hub external IP. All sites will be connected using hub and spoke topology.
This guide relies on the following flexiWAN components:
Tunnel connectivity between two or more sites
Tunnels established using Path Labels
Path Selection policy
This guide assumes that two or more flexiEdge sites are deployed and running. Lets get started!
Creating and assigning Path Labels¶
Create Path Labels to identify each of the flexiEdge sites WAN links. flexiEdge site can have single or multiple WAN links, guide will still apply. In this case, navigate to Inventory > Path Label and create two tunnel Path Lables named ISP1 and ISP2.
image 1 creation
Upon creating Path Label, confirm both are tunnel based.
image 2 path label confirm
For next step navigate to the branch / spoke settings and click on Interfaces tab. From there, assign Path Labels to WAN interfaces. If using single WAN, only assign ISP1 Path Label.
image assignment
Next, navigate to central hub / DC flexiEdge site and assign one or both Path Labels on its WAN interfaces.
image dc assign
note: In this case, as central hub is hosted in datacenter, single WAN link used is often dedicated and with much higher uptime than branch uplinks, in which case there is no need to have multiple WAN’s in datacenter. Multiple hub scenario is supported and covered in a separate use case.
Configuring Path Selection¶
Follow the below steps to create Path Selection policy which will route all traffic from flexiEdge spokes through central hub site. This policy is intended to be installed on flexiEdge spokes, not central hub / datacenter.
Navigate to Traffic Optimization > Path Selection and click on New policy to create a new policy.
image.
To achieve routing all traffic from LAN clients, using default rule is recommended. From the Rule Actions column, click on settings icon of the default rule.
image
This rule is by default disabled so first change its status to Enabled. Then under Action > Path Label add the previously created Path Labels. In case of single WAN on flexiEdge site, simply add only one Path Label.
image
Optionally, decide whether traffic will be load balanced or failed over multiple WAN links. This only applies in case of multiple WAN’s. In both cases, traffic will be routed through tunnels. Once complete click Update policy.
image
Once on the next screen save the policy.
image
Once the policy is ready, simply navigate to Inventory > Devices, select the spoke devices from which the traffic will route through main hub device.
image
After selecting the devices, simply click on the Actions button and click in Install policy, pick Path Selection and find the previously created policy to install.
image
That’s it, the spoke devices will now route all its LAN originating traffic through the main central hub site, once the tunnels are established. In case the tunnel is not established, traffic will exit using internet breakout.
Creating tunnels between spokes and hub¶
Once all of the above steps are complete, final step is to connect all flexiEdge spokes to the main central hub. To do that, simply select both spoke and hub flexiEdge sites and from the actions button click Create tunnels
image
Next step is to create tunnels using Path Labels. From the dialog window make sure to select Path Labels which are assigned to all of the devices, so Path Selection will route traffic using these Path Labels.
image
Under toplogy, pick hub and spoke topology and select central hub site. Finally click Create to deploy tunnels.
image
That’s it, navigate to Inventory > Devices and after a few moments tunnels should be established.
image
Verifying results¶
If all the steps above were followed correctly, all remote branches / spokes LAN clients should be able to reach / ping resources on the central site and also browser internet using the central site / hub.
From LAN clients try to access internet, verify external IP by typing “My external IP” in browser or from command line type “curl ifconfig.co”. Verify that the external IP shown is from datacenter and not local.
Troubleshooting¶
In some cases, spokes can access local resources from datacenter but cannot browse the internet. In cases like these, tunnel MTU may be modified. Compare MTU on WAN between flexiEdge sites and try lowering tunnel MTU.
Delete existing tunnels and re-created them by following all of the above steps, and in addition to above steps, set MTU 1000 from the Advanced tunnel creation wizard.
Multiple WAN and tunnel failover¶
flexiWAN offers a quick and straightforward process t