Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Creating On-Premise Spoke Sites for SD-WAN Deployment

 

An on-premise spoke represents an endpoint that is part of customer premise equipment (CPE) at some physical location such as branch office or point of sale location. Typically, these points are connected using overlay connections to hub sites. You create an on-premise spoke site from the Sites page. Following are the device templates that supports CPE devices in SD-WAN deployment:

  • SRX as SD-WAN CPE

  • NFX150 as SD-WAN CPE

  • NFX250 as SD-WAN CPE

You can also add an SD-WAN on-premise site using dual CPE devices. The workflow to add a site with dual CPE devices is similar to the single CPE device. When you create a site, select the appropriate connection plan, which supports the dual CPE solution. The device templates that support the dual CPE device solution are as follows:

  • Dual NFX250 as SD-WAN CPEs

  • Dual SRX as SD-WAN CPEs

After you select the connection plan, enable the required WAN links (MPLS or Internet). These WAN links are distributed across two NFX250, or SRX300 line of devices.

Note

You must enable at least one WAN link per CPE device.

To create an on-premise spoke site:

  1. Click Add and select On-Premise Spoke.

    The Add Site for Tenant page appears.

  2. Complete the configuration settings according to the guidelines provided inTable 1.

    Table 1: Fields on the Add On-Premise Spoke Site Page

    Field

    Description

    General

    Site Name

    Enter a site name for the tenant. You can use alphanumeric characters and hyphen (-). The maximum length is 15 characters.

    Site Type

    Displays the site type. This field cannot be modified.

    Tenant Topology

    Displays the topology of the tenant that was selected while creating the tenant. This field cannot be modified.

    Site Group

    Select a site group to which you want to assign the site.

    Street Address

    Enter the street address of the site.

    City

    Enter the name of the city where the site is located.

    State/Province

    Select the state or province where the site is located.

    ZIP/Postal Code

    Enter the postal code for the site.

    Country

    Select the country where the site is located. Click the Validate button to verify the address. The site address verification successful message is displayed if the address is correct. You can click the View location on a map link to see the address location.

    If you enter the wrong address and click the Validate button to verify the address, the Site address could not be validated message is displayed .

    Contact Name

    Enter the name of the contact person at the site.

    Email

    Enter the e-mail address of the contact person at the site.

    Phone

    Enter the phone number for the site.

    Connectivity Requirements

    Connectivity Requirements for the Selected Plan

    Click a connection plan to select the plan for WAN connectivity.

    A connection plan contains information prepopulated from the device template, and includes the device information, a list of SD-WAN features supported, and the number of links supported.

    WAN Underlay Links

    WAN_0

    WAN_1

    WAN_2

    WAN_3

    Select this check box to enable the WAN link.

    Depending on the connection plan selected, you can configure up to four WAN links per site that support SD-WAN. You can configure these links as MPLS or Internet links.

    Name

    Displays the name of the WAN link.

    Type

    Select the underlay network type to connect to the spoke site. The available options are:

    • MPLS

    • Internet

    Access Type

    Select the access type that is supported by your service provider to connect to the spoke site.

    • Ethernet—Supports Ethernet port for WAN connectivity through .

    • LTE—Supports Long-Term Evolution (LTE) USB dongle for WAN connectivity.

    • ADSL—Supports asymmetric digital subscriber line (ADSL) for WAN connectivity.

    • VDSL—Supports very-high-bit-rate digital subscriber line (VDSL) for WAN connectivity

    Note:

    • The LTE, ADSL, or VDSL access type is supported only for Internet link.

    • The LTE, ADSL, or VDSL access type is supported only on NFX150 and NFX250 devices.

    • The LTE, ADSL, and VDSL access type is not supported when you create an SD-WAN on-premise site with dual CPE devices.

    • You can select only one WAN link with LTE, ADSL, or VDSL access type.

    PPPoE

    This field is available only if the access type is ADSL or VDSL.

    Click the toggle button to enable Point-to-Point Protocol over Ethernet (PPPoE) for a WAN link. By default, PPPoE is disabled.

    PPPoE connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device.

    If you have enabled PPPoE, you must specify the PPPoE parameters while configuring a single site.

    Note:

    • PPPoE is not supported on an SD-WAN on-premise site with dual CPE devices.

    Subscribed Bandwidth

    Enter the maximum bandwidth to be allowed for a specific WAN link. The range is 1 through 999999999.

    Note: If the access type for the WAN link is LTE, then you cannot configure the bandwidth.

    Note: LTE is not supported when you create an SD-WAN on-premise site with dual CPE devices.

    Provider

    Enter the name of the Internet Service Provider (ISP).

    Cost/Month

    Enter the cost per month of the subscribed bandwidth in the specified currency. The range is 1 through 999999999.

    In bandwidth-optimized SD-WAN, this information is used to identify the least-expensive link to route traffic if multiple WAN links meet SLA profile parameters. For more information on link switching based on the cost parameter, see Cost-Based Link Switching.

    WAN Link (Primary or Secondary)

    Displays whether it is a primary device WAN link or secondary device WAN link. This field cannot be modified and it is displayed only when you select a SRX or NFX dual CPE connection plan.

    Use for OAM traffic

    Click the toggle button to specify whether to use the WAN link for transmitting OAM traffic. By default, this option is enabled for the first two WAN links.

    Additional Requirements

    Based on the connectivity requirement, the following fields are populated:

    Site Type

    Displays the site type. This field cannot be modified.

    Default Link

    Select the default links that must be used for routing traffic. The site can have multiple default links to the hub site as well as to the Internet.

    Default links are used primarily for overlay traffic but can be used for local breakout traffic as well. A default link cannot be used exclusively for local breakout traffic. The default link is optional and in case it is not chosen, all links are used through equal-cost multipath (ECMP).

    Backup Link

    Select a backup link through which traffic can be routed when the primary links are unavailable. Note that you cannot assign the backup link for exclusive breakout traffic (the Use only for breakout traffic option). If local breakout is enabled for the site, the breakout traffic is also routed through the backup link when the breakout link is not available. The LTE link that is configured for OAM traffic cannot be configured as the backup link.

    When a primary link comes back online, CSO monitors the performance on the primary link and when the primary link meets the SLA requirements, the traffic is switched back to the primary link. However, note that the SLA data is not monitored for the backup link.

    Enable Local Breakout

    Click the toggle button to enable local breakout on the site. If you specify LTE as the access type for a WAN link, by default, the WAN link is selected as the local breakout link.

    Note: LTE is not supported when you create an SD-WAN on-premise site with dual CPE devices.

    Links for Breakout

    Select the WAN links on which you want to enable local breakout. You can also choose to use each WAN link exclusively for local breakout traffic or for both local breakout and WAN traffic. You cannot select previously selected default WAN links to be used exclusively for local breakout traffic.

    Preferred Breakout Link

    Select the preferred link for local breakout. If no link is selected, then the breakout link is chosen using ECMP from the available links.

    If you select LTE as the access type for a WAN link, by default, the WAN link is selected as the local breakout link.

    Note: LTE is not supported when you create an SD-WAN on-premise site with dual CPE devices.

    Enable Hub Multihoming

    Select this option to enable multihoming on the site. Multihoming is the ability of a spoke site to connect to multiple hub sites, thereby providing redundancy. To enable multihoming on a site, you must select the hub-and-spoke topology when you create the tenant.

    Device Redundancy

    For an SD-WAN site, displays whether device redundancy is enabled (True) or disabled (False). Device redundancy is enabled only when you select a dual CPE NFX or a dual CPE SRX connection plan. In device redundancy, two CPE devices (either NFX devices or SRX devices) are used to protect the site against device failures. If the primary device fails, the secondary device takes over the traffic processing. This field cannot be modified.

    • true—Supports dual CPE devices on an SD-WAN on-premise spoke site.

    • false—Does not support dual CPE devices on an SD-WAN on-premise spoke site.

    Add LAN Segment

    Note: You must add at least one LAN segment.

    Name

    Enter a unique string of alphanumeric characters and special characters (. -). No spaces are allowed and the maximum length is 15 characters.

    Port

    Select a port number from the list. Depending on the device configured in the connection plan, you can specify up to two port numbers.

    VLAN ID

    Enter the VLAN ID that is associated with the MPLS data link in the range 1 through 4094.

    Department

    Select a department to which the LAN segment is to be assigned. Click Create Department to create a new department and assign the LAN segment to it. You group LAN segments as departments for ease of management and for applying policies at the department-level.

    DHCP

    Enable or disable DHCP.

    Enable DHCP to assign IP addresses by using a DHCP sever. Disable DHCP to assign static IP addresses. By default, DHCP is disabled.

    IP Address Prefix

    Enter one or more IPv4 prefixes for the site management network.

    Subnet

    Enter the subnet mask of the DHCP IP address pool.

    Address Range Low

    Enter the starting IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment.

    Address Range High

    Enter the ending IP address in the range of IP addresses that can be allocated by the DHCP server to the LAN segment.

    Maximum Lease Time

    Specify the maximum duration of time (in seconds) for which a client can request for and hold a lease on a DHCP server. You can enter a value in the range 0 through 4,294,967,295 seconds.

    Name Server

    Enter the IPv4 address of the DNS server. DNS servers are used for resolving host names to IP addresses.

  3. (Optional) You can review the configuration in the Summary tab and modify the settings, if required.
  4. Click OK.

    The newly created site is displayed on the Sites page.

Related Documentation