In the Viptela each interface can be associated with a specific VPN. An interface can only be present inside a single VPN. By default all the interfaces are in transport VPN 0 and are kept shutdown. If you want to enable an interface in any other VPN remove the interface from VPN 0 and configure that interface under required VPN, give an IP address and un-shut the interface. You can configure up to 512 interfaces on Viptela devices including physical & loopback interfaces and sub-interfaces.
In this post we will discuss how to configure the interfaces in different VPNs and how to configure different types of interfaces on the Viptela devices.
1. Configuring interfaces in the transport VPN 0
By default all the interfaces on Viptela devices are in transport VPN 0 and are disabled. VPN 0 handles only the control plane traffic and for a Viptela device to participate in Overlay network at least one interface must be included in the transport VPN and this interface acts a tunnel interface.
Tunnel interface on vSmart and vManage Controller:
Configure IP address static or enable DHCP for dynamic IP address allocation, enable the interface to act as tunnel and no shut the interface.
On vSmart and vManage you can have only VPN 0 as they only participate in control plane
vmanage# show interface vpn 0
Tunnel interface on vEdge router:
Configure IP address static or receive via DHCP, enable tunnel interface, color and encapsulation type. Encapsulation can wither be GRE, IPsec or both on an interface.
Color in Viptela software identifies the transport tunnel. It can be 3g, biz-internet, blue, bronze,custom1, custom2, custom3, default, gold, green, lte, metro-ethernet, mpls, private1 through private6, public-internet, red, and silver. The colors metro-ethernet, mpls, and private1 through private6 are referred to as private colors, because they use private addresses to connect to the remote side vEdge router in a private network. You can use these colors in a public network provided that there is no NAT device between the local and remote vEdge routers.
On vManage and vSmart you can have only one transport interface and on vEdge devices you can have up to 7 transport interface.
Allow-service command is used to explicitly allow the required services on the interface i.e. bgp, dns, dhcp, ospf etc. Or you can use ‘allow-service all’ command to enable all the services on an interface.
To check the interface and its details in VPN 0 use the command:
Viptela# Show interface vpn 0.
vedge# sh interface vpn 0
Transport indicates the port ge0/0 is in transport VPN to carry control plane traffic and ge0/1 & ge0/2 are service interface to carry the data plane traffic.
By default all Viptela devices send keep-alive every second to far end of the tunnel to monitor reachability. Viptela devices also have a hello tolerance timer of 12 seconds. With these default values, if no Hello packet is received within 11 seconds, the tunnel is declared down at 12 seconds.
If these value differ at tunnel end-points then:
- Between controllers the lower hello time and higher hello tolerance timer is selected.
- Between vEdge and Controller the values configured on the vEdge router will be selected.
2. Configuring interfaces in the transport VPN 512.
On the Viptela devices the VPN 512 is the default used for the management purpose.
You can configure a management interface as below:
Viptela# show running-config vpn 512
vedge# show interface vpn 512
3 – Configuring service-side interfaces in VPN other than VPN 0 and VPN 512:
The default speed for the Viptela device interfaces is 10MBPS as seen in screenshot below:
To override the speed negotiated by the two devices on the interface, disable auto negotiation and configure the desired speed:
Also seen in the screenshot above the interface MTU by default is 1500 which can be changed as below:
MTU can be any value between 576 to 2000 bytes.
On vEdge routers, the Viptela BFD software automatically performs PMTU discovery on each transport connection. BFD PMTU discovery is enabled by default, and it is recommended that you use it and not disable it. BFD is a data plane protocol and so does not run on vBond, vManage, and vSmart devices. To explicitly configure BFD to perform PMTU discovery, use the bfd color pmtu-discovery configuration command. However, you can choose to instead use ICMP to perform PMTU discovery:
Few other types of interfaces that can be created on vEdge routers are as below:
- GRE interfaces