This section provides an overview of configuring VeloCloud Edge in a two-arm configuration.
To configure the VeloCloud Edge in a two-arm configuration:
- Configure and activate Hub 1
- Configure and activate the Silver 1 site
- Enable branch-to-hub tunnel (Silver 1 to Hub 1)
- Configure and activate Bronze 1 site
- Configure and activate Hub 2
- Configure and activate Silver 2 site
The following sections describe the steps in more detail.
Configure and Activate Hub 1
This step helps you understand the typical workflow of how to bring up VeloCloud Edge at the hub location. VeloCloud Edge is deployed with two interfaces (one interface for each WAN link).
You will use the Virtual Edge as a hub. Below is an example of the wiring and IP address information.
Configure and Activate Hub 1 VeloCloud Edge to Reach the Internet
Because this is the data center/hub site, it is unlikely that the VeloCloud Edge can get its WAN IP using DHCP. Thus, you will need to first enable the VeloCloud Edge to connect to the Internet through the data center firewall so that VeloCloud Edge can be activated.
- Configure a PC with a static IP 192.168.2.100/24 and gateway 192.168.2.1 which is the default LAN setting for accessing a VeloCloud Edge. Connect the PC to the VeloCloud Edge LAN interface.
- From the PC, browse to http://192.168.2.1 (the local Web interface of the VeloCloud Edge). Click the link review the configuration.
- Configure the GE2 static WAN IP and default gateway of the VeloCloud Edge so that it can reach the Internet.
Click Save and provide login/password of admin/admin.
Typically at the data center/hub site, the static IP address will be assigned to you and the enterprise IT admin will configure the firewall to translate the VeloCloud Edge WAN IP to a Public IP and also filter the appropriate traffic (outbound: TCP/443, inbound: UDP/2426, UDP/500, UDP/4500).
- At this point, the Internet status should show Connected.
After configuration of the VeloCloud Edge static WAN IP address and associated firewall configuration is complete, the VeloCloud Edge Internet status shows "Connected".
Enable the Virtual VeloCloud Edge in Default Profile
- Login to the VeloCloud Orchestrator.
- The default VPN profile allows the activation of the VeloCloud Edge 500.
Activate Hub 1 VeloCloud Edge
- Go to Configure > Edges and add a new VeloCloud Edge. Specify the correct model and the profile (we use the Quick Start VPN Profile).
- Go to the hub VeloCloud Edge (DC1-VCE) and follow the normal activation process. If you already have the email feature set up, an activation email will be sent to that email address. Otherwise, you can go to the device setting page to get the activation URL.
- Copy the activation URL and paste that to the browser on the PC connected to the VeloCloud Edge or just click on the activation URL from the PC browser.
- Click on Activate button.
- Now the DC1-VCE data center hub should be up. Go to Monitor > Edges. Click the Edge Overview tab. The public WAN link capacity is detected along with the correct public IP 126.96.36.199 and ISP.
- Go to Configure > Edges and select DC1-VCE. Go to the Device tab and scroll down to the Interface Settings.
You will see that the registration process notifies the VeloCloud Orchestrator of the static WAN IP address and gateway that was configured through the local UI. The configuration on the VeloCloud will be updated accordingly.
- Scroll down to the WAN Settings section. The Link Type should be automatically identified as Public Wired.
Configure the Private WAN Link on Hub 1 VeloCloud Edge
- Configure the private MPLS Edge WAN interface directly from the VeloCloud Orchestrator. Go to Configure -> Edges and choose DC1-VCE. Go to the Device tab and scroll down to the Interface Settings section. Configure static IP on GE3 as 172.31.2.1/24 and default gateway of 172.31.2.2. Under WAN Overlay, select User Defined Overlay. This will allow us to define a WAN link manually in the next step.
- Under WAN Settings, click the Add User Defined WAN Overlay button (see the following screen capture).
- Define the WAN overlay for the MPLS path. Select the Link Type as Private and specify the next-hop IP (172.31.2.2) of the WAN link in the IP Address field. Choose the GE3 as the interface. Click the Advanced button.
Tip: The hub site normally has more bandwidth than the branches. If we choose the bandwidth to be auto-discovered, the hub site will run a bandwidth test with its first peer, e.g. the first branch that comes up, and will end up discovering an incorrect WAN bandwidth. For the hub site, you should always define the WAN bandwidth manually, and that is done in the advanced settings.
- The private WAN bandwidth is specified in advanced settings. The screen shot below shows an example of 5 Mbps upstream and downstream bandwidth for a symmetric MPLS link at the hub.
- Validate that the WAN link is configured and save the changes.
You are done with configuring the VeloCloud Edge on the hub. You will not see the User Defined MPLS overlay that you just added until you enable a branch VeloCloud Edge.
(Optional) Configure the LAN Interface with Management IP
- Go to Configure > Edges and select DC1-VCE.
- Navigate to the Device tab and scroll down to the VLAN Settings section.
- Click Edit and configure the IP address of the interface.
Configure Static Route to LAN Network Behind L3 Switch
Add a static route to the 172.30.0.0/24 subnet through the L3 switch. You need to specify the interface GE3 to use for routing to the next hop. Make sure you enable the Advertise checkbox so other VCEs can learn about this subnet behind L3 switch (see the following screen capture).
Configure and Activate Silver 1 Site
This step helps you understand the typical workflow of how to insert the VeloCloud Edge at a Silver site. The VeloCloud Edge is inserted off-path and relies on the L3 switch to redirect traffic to it. Below is an example of the wiring and IP address information.
Activate the Silver 1 Site Branch VeloCloud Edge
In this example, we assume that the VeloCloud Edge gets its public IP address using DHCP, so there is no configuration required. VeloCloud Edge ships with default configuration to use DHCP on all routed interfaces.
- Create a new Edge SILVER1-DCEand select the appropriate Model and configuration profile (see image below).
- Activate this VeloCloud Edge by connecting a PC to its LAN or Wi-Fi.
- The VeloCloud Edge should now be active in the VeloCloud Orchestrator with one public link. We can now configure the private WAN link.
Configure the Private WAN Link on the Silver 1 Site VeloCloud Edge
At this point, we need to build the IP connectivity from the VeloCloud Edge towards the L3 switch.
- Go to Configure > Edges, select the SILVER1-VCE and go to the Device tab and scroll down to the Interface Settings section. Configure static IP on GE3 as 10.12.1.1/24 and default gateway of 10.12.1.2. Under WAN Overlay, select User Defined Overlay. This will allow us to define a WAN link manually in the next step.
- Under the WAN Settings section, click Add User Defined WAN Overlay.
- Define the WAN overlay for the MPLS path. Select the Link Type as Private. Specify the next-hop IP (10.12.1.2) of the WAN link in the IP Address field. Choose the GE3 as the Interface. Click the Advanced button. Tip: Since the hub has already been set up, it is OK to auto-discover the bandwidth. This branch will run a bandwidth test with the hub to discover its link bandwidth.
- Set the Bandwidth Measurement to Measure Bandwidth. This will cause the branch VeloCloud Edge to run a bandwidth test with the hub VeloCloud Edge just like what happens when it connects to the VeloCloud Gateway.
- Validate that the WAN link is configured and save the changes (see the following screen capture).
(Optional) Configure the LAN Interface with Management IP
- Go to Configure > Edges, select SILVER1-VCE. Navigate to the Device tab and scroll down to the VLAN Settings section. Click Edit. Configure the IP address of the LAN and Management interfaces.
Configure Static Route to LAN Network Behind L3 Switch
Enable Branch to Hub Tunnel (Silver 1 to Hub 1)
This step helps you build the overlay tunnel from the branch into hub. Note that at this point, you may see that the link is up but this is the tunnel to the VeloCloud Gateway over the Internet path and not the tunnel to the hub. We will need to enable Cloud VPN to enable the tunnel from the branch to the hub to be established.
You are now ready to build the tunnel from the branch into the hub.
Enable Cloud VPN and Edge to VeloCloud Hub tunnel
- Step 1:Go to the Configure > Profiles, select Quick Start VPN Profile and go to the Device tab. Enable the Cloud VPN and do the following.
- Under Branch VeloCloud Hubs, check the Enable checkbox.
- Under Branch to Branch VPN, check the Enable checkbox.
- Under Branch to Branch VPN, uncheck the Use Cloud Gateways checkbox. Doing this will disable the data plane through the VeloCloud Gateway for Branch to Branch VPN. The Branch to Branch traffic will first go through one of the hubs (in the ordered list which you will specify next) while the direct Branch to Branch tunnel is being established.
- At this point, the direct tunnel between the branch and the hub VCEs should come up.The debug command will now also show the direct tunnel between the branch and the hub. The below example is from the SILVER1-VCE. Note that the additional tunnels to 188.8.131.52 and 172.31.2.1. These are the direct tunnels to the hub VeloCloud Edge (GE2 over public Internet and GE3 over private link).
Configure and Activate Bronze 1 Site
This step helps create a Bronze site--a dual Internet site with one DIA and one broadband. Below is an example of the wiring and IP address information. The BRONZE1-VCE VeloCloud Edge LAN and activate the VeloCloud Edge. There is no configuration required on the WAN because it uses DHCP for both WAN interfaces.
Configure and Activate Hub 2
Configure the Hub 2 VeloCloud Edge to Reach the Internet
- Connect a PC to the VeloCloud Edge and use the browser to point to http://192.168.2.1.
- Configure the hub VeloCloud Edge to reach the Internet by configuring the first WAN interface, GE2.
Add the Hub 2 VeloCloud Edge to the VeloCloud Orchestrator and Activate
In this step, you will create the second hub VeloCloud Edge, called DC2.VCE.
- On the VeloCloud Orchestrator, go to Configure > Edges, select New Edge to add a new VeloCloud Edge.
- Go to Configure > Edges, select the VeloCloud Edge that you just created, then go to the Device tab to configure the same Interface and IP you configured in previous step.
Important: Since we are deploying the VeloCloud Edge in one-arm mode (same physical interface but there will be multiple over tunnels from this interface), it is important to specify the WAN Overlay to be User Defined.
- At this point, you need to create the overlay. Under WAN Settings, click Add User Defined WAN Overlay.
- Create an overlay across the public link. In our example, we will use the next-hop IP of 172.29.0.4 to reach the Internet through the firewall. The firewall is already configured to NAT the traffic to 184.108.40.206.
- Add the second overlay across the private network. In this example, we specify the next-hop router 172.29.0.1 and also specify the bandwidth since this is the MPLS leg and DC2-VCE is a hub. Add a static route to the LAN side subnet, 172.30.128.0/24 through GE2 (see the following screen capture).
- Activate the VeloCloud Edge. After the activation is successful, come back to the Device tab under the edge level configuration. Note the Public IP field is now populated.You should now see the links in the Monitor > Edges, under the Overview tab. (Optional) Configure the LAN Interface with Management IPGo to Configure > Edges, select DC2-VCE. Navigate to the Device tab and scroll down to the VLAN Settings section. Click Edit. Configure the IP address of the LAN and Management interfaces.
Add the Hub 2 VeloCloud Edge to the Hub List in the Quick Start VPN Profile
- Go to Configure > Profiles and select the profile Quick Start VPN.
- Go to the Device tab and add this new VeloCloud Edge to a list of hubs.