An on-premise spoke represents an endpoint that is part of customer premise equipment (CPE) at some physical location such as branch office or point of sale location. Typically, these points are connected using overlay connections to hub sites. You create an on-premise spoke site from the Sites page. Following are the device templates that supports CPE devices in SD-WAN deployment:
SRX as SD-WAN CPE
NFX150 as SD-WAN CPE
NFX250 as SD-WAN CPE
You can also add an SD-WAN on-premise site using dual CPE devices. The workflow to add a site with dual CPE devices is similar to the single CPE device. When you create a site, select the appropriate connection plan, which supports the dual CPE solution. The device templates that support the dual CPE device solution are as follows:
Dual NFX250 as SD-WAN CPEs
Dual SRX as SD-WAN CPEs
After you select the connection plan, enable the required WAN links (MPLS or Internet). These WAN links are distributed across two NFX250, or SRX300 line of devices.
Note You must enable at least one WAN link per CPE device.
To create an on-premise spoke site:
The Add Site for Tenant page appears.
Table 165: Fields on the Add On-Premise Spoke Site Page
Field | Description |
|---|---|
| General | |
Site Name | Enter a site name for the tenant. You can use alphanumeric characters and hyphen (-). The maximum length is 15 characters. |
Site Type | Displays the site type. This field cannot be modified. |
Tenant Topology | Displays the topology of the tenant that was selected while creating the tenant. This field cannot be modified. |
Site Group | Select a site group to which you want to assign the site. |
Street Address | Enter the street address of the site. |
City | Enter the name of the city where the site is located. |
State/Province | Select the state or province where the site is located. |
ZIP/Postal Code | Enter the postal code for the site. |
Country | Select the country where the site is located. Click the Validate button to verify the address. The site address verification successful message is displayed if the address is correct. You can click the View location on a map link to see the address location. If you enter the wrong address and click the Validate button to verify the address, the Site address could not be validated message is displayed . |
Contact Name | Enter the name of the contact person at the site. |
Enter the e-mail address of the contact person at the site. | |
Phone | Enter the phone number for the site. |
| Connectivity Requirements | |
Connectivity Requirements for the Selected Plan | Click a connection plan to select the plan for WAN connectivity. A connection plan contains information prepopulated from the device template, and includes the device information, a list of SD-WAN features supported, and the number of links supported. |
WAN Underlay Links | |
WAN_0 WAN_1 WAN_2 WAN_3 | Select this check box to enable the WAN link. Depending on the connection plan selected, you can configure up to four WAN links per site that support SD-WAN. You can configure these links as MPLS or Internet links. |
Name | Displays the name of the WAN link. |
Type | Select the underlay network type to connect to the spoke site. The available options are:
|
Access Type | Select the access type that is supported by your service provider to connect to the spoke site.
Note:
|
PPPoE | This field is available only if the access type is ADSL or VDSL. Click the toggle button to enable Point-to-Point Protocol over Ethernet (PPPoE) for a WAN link. By default, PPPoE is disabled. PPPoE connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device. If you have enabled PPPoE, you must specify the PPPoE parameters while configuring a single site. Note:
|
Subscribed Bandwidth | Enter the maximum bandwidth to be allowed for a specific WAN link. The range is 1 through 999999999. Note: If the access type for the WAN link is LTE, then you cannot configure the bandwidth. Note: LTE is not supported when you create an SD-WAN on-premise site with dual CPE devices. |
Provider | Enter the name of the Internet Service Provider (ISP). |
Cost/Month | Enter the cost per month of the subscribed bandwidth in the specified currency. The range is 1 through 999999999. In bandwidth-optimized SD-WAN, this information is used to identify the least-expensive link to route traffic if multiple WAN links meet SLA profile parameters. For more information on link switching based on the cost parameter, see Cost-Based Link Switching. |
WAN Link (Primary or Secondary) | Displays whether it is a primary device WAN link or secondary device WAN link. This field cannot be modified and it is displayed only when you select a SRX or NFX dual CPE connection plan. |
Use for OAM traffic | Click the toggle button to specify whether to use the WAN link for transmitting OAM traffic. By default, this option is enabled for the first two WAN links. |
| Additional Requirements Based on the connectivity requirement, the following fields are populated: | |
Site Type | Displays the site type. This field cannot be modified. |
Default Link | Select the default links that must be used for routing traffic. The site can have multiple default links to the hub site as well as to the Internet. Default links are used primarily for overlay traffic but can be used for local breakout traffic as well. A default link cannot be used exclusively for local breakout traffic. The default link is optional and in case it is not chosen, all links are used through equal-cost multipath (ECMP). |
Backup Link | Select a backup link through which traffic can be routed when the primary links are unavailable. Note that you cannot assign the backup link for exclusive breakout traffic (the Use only for breakout traffic option). If local breakout is enabled for the site, the breakout traffic is also routed through the backup link when the breakout link is not available. The LTE link that is configured for OAM traffic cannot be configured as the backup link. When a primary link comes back online, CSO monitors the performance on the primary link and when the primary link meets the SLA requirements, the traffic is switched back to the primary link. However, note that the SLA data is not monitored for the backup link. |
Enable Local Breakout | Click the toggle button to enable local breakout on the site. If you specify LTE as the access type for a WAN link, by default, the WAN link is selected as the local breakout link. Note: LTE is not supported when you create an SD-WAN on-premise site with dual CPE devices. |
Links for Breakout | Select the WAN links on which you want to enable local breakout. You can also choose to use each WAN link exclusively for local breakout traffic or for both local breakout and WAN traffic. You cannot select previously selected default WAN links to be used exclusively for local breakout traffic. |
Preferred Breakout Link | Select the preferred link for local breakout. If no link is selected, then the breakout link is chosen using ECMP from the available links. If you select LTE as the access type for a WAN link, by default, the WAN link is selected as the local breakout link. Note: LTE is not supported when you create an SD-WAN on-premise site with dual CPE devices. |
Enable Hub Multihoming | Select this option to enable multihoming on the site. Multihoming is the ability of a spoke site to connect to multiple hub sites, thereby providing redundancy. To enable multihoming on a site, you must select the hub-and-spoke topology when you create the tenant. |
Device Redundancy | For an SD-WAN site, displays whether device redundancy is enabled (True) or disabled (False). Device redundancy is enabled only when you select a dual CPE NFX or a dual CPE SRX connection plan. In device redundancy, two CPE devices (either NFX devices or SRX devices) are used to protect the site against device failures. If the primary device fails, the secondary device takes over the traffic processing. This field cannot be modified.
|
| Add LAN Segment Note: You must add at least one LAN segment. | |
Name | Enter a unique string of alphanumeric characters and special characters (. -). No spaces are allowed and the maximum length is 15 characters. |
Port | Select a port number from the list. Depending on the device configured in the connection plan, you can specify up to two port numbers. |
VLAN ID | Enter the VLAN ID that is associated with the MPLS data link in the range 1 through 4094. |
Department | Select a department to which the LAN segment is to be assigned. Click Create Department to create a new department and assign the LAN segment to it. You group LAN segments as departments for ease of management and for applying policies at the department-level. |
DHCP | Enable or disable DHCP. Enable DHCP to assign IP addresses by using a DHCP sever. Disable DHCP to assign static IP addresses. By default, DHCP is disabled. |
IP Address Prefix | Enter one or more IPv4 prefixes for the site management network. |
Subnet | Enter the subnet mask of the DHCP IP address pool. |
Address Range Low | Enter the starting IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment. |
Address Range High | Enter the ending IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment. |
Maximum Lease Time | Specify the maximum duration of time (in seconds) for which a client can request for and hold a lease on a DHCP server. You can enter a value in the range 0 through 4,294,967,295 seconds. |
Name Server | Enter the IPv4 address of the DNS server. DNS servers are used for resolving host names to IP addresses. |
The newly created site is displayed on the Sites page.