ON THIS PAGE
Gateway Sites Overview
A gateway site is an SD-WAN site that is used to carry site-to-site traffic between on-premise spoke sites and to break out backhaul (central breakout) traffic from on-premise spoke sites. A gateway site typically has a data center department behind it; however, this is not enforced in Contrail Service Orchestration (CSO). You add a gateway site from the Sites page.
A service provider can add one or more gateway sites to act as central breakout (backhaul) nodes and then associate gateway sites with on-premise spoke sites. The gateway site that is associated with a spoke site functions like a data hub and performs the following functions:
Before the creation of site-to-site tunnels, site-to-site traffic to or from a spoke site is sent through the gateway site. This traffic triggers the creation of the site-to-site tunnel based on dynamic VPN thresholds and matching mesh tags that you configure for the spoke site.
If Internet-bound traffic from the spoke site (and all departments associated with the spoke site) is destined for central breakout (backhaul), the traffic first reaches the assigned gateway site and then breaks out from the gateway site.
The cloud hub associated with the spoke site works as a fallback option in case traffic cannot be sent through the gateway site.
Associating a gateway site with a spoke site is optional; if you do not designate a gateway site, the spoke site uses the associated cloud hub.
If a tenant has more than one gateway site configured, CSO statically meshes these sites with overlay tunnels so that the gateway sites can exchange routing information for the on-premise spoke sites with which they are associated. This enables the site-to-site communication between the spoke sites that are associated with different gateways.
The creation of static tunnels between one gateway site and another and between a gateway site and a spoke site depends on matching mesh tags. These static tunnels are created during the Zero Touch Provisioning (ZTP) workflow. For more information about mesh tags, see Mesh Tags Overview.
Gateway sites can have their own departments similar to other sites. If a gateway site does not have directly connected LAN segments in the departments used by the associated spoke sites, then CSO automatically pushes the appropriate department virtual routing and forwarding (VRF) instances to the gateway for connectivity.
Benefits of Gateway Sites
Because gateway sites can be used to carry backhaul (central breakout) traffic and are used as an anchor for site-to-site traffic, the volume of traffic sent to the cloud hub (controlled by the service provider) is reduced.