intelligent wan configuration files guide (cvd) – october 2016

CISCO VALIDATED DESIGN

REFERENCENETWORK

ARCHITECTURE

Intelligent WAN Configuration Files Guide

October 2016

http://www.cisco.com/go/designzone

Table of Contents

Cisco Validated Design

Table of ContentsIntroduction ..................................................................................................................................... 1

Product List ..................................................................................................................................... 6

IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation ....................................... 10

Configuration Files ....................................................................................................................................................... 13

IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites .............................................. 14

Configuration Files......................................................................................................................................................... 15

IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation .......................................... 16


IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites ................................................. 20


IWAN Dual Internet Design Model for EIGRP—WAN Aggregation .................................................... 22


IWAN Dual Internet Design Model for EIGRP—Remote Sites ........................................................... 25


Appendix A: Changes .................................................................................................................... 27


Introduction

IntroductionThe Cisco Intelligent WAN (IWAN) solution provides design and implementation guidance for organizations looking to deploy wide area network (WAN) transport with a transport-independent design (TID), intelligent path control, application optimization, and secure encrypted communications between branch locations while reducing the operating cost of the WAN. IWAN takes full advantage of cost-effective transport services in order to increase bandwidth capacity without compromising performance, reliability, or security of collaboration or cloud-based ap-plications.

This document provides the available configuration files for the products used in the Intelligent WAN Deployment Guide. It is a companion document to the deployment guide as a reference for engineers who are evaluating or deploying the CVD.

This guide describes two base IWAN design models and three advanced IWAN design models.

The first design model is the IWAN Hybrid, which uses MPLS paired with Internet as WAN transports. In this design model, the MPLS WAN can provide more bandwidth for the critical classes of services needed for key ap-plications and can provide SLA guarantees for these applications.

The second design model is the IWAN Dual Internet, which uses a pair of Internet service providers to further reduce cost while maintaining a high level of resiliency for the WAN.

Figure 1 IWAN hybrid model—WAN aggregation site overview

1248

FWAN Distribution

Layer

Core Layer

DMVPN 2DMVPN 1

Internet Edge

INET

Hub BorderRouters

Hub MasterController

DMVPN HubRouters

MPLS

http://cvddocs.com/fw/200i-16b

http://cvddocs.com/fw/200i-16b


Introduction

Figure 2 IWAN dual Internet model—WAN aggregation site overview

12

40

F

Hub MasterController

WAN DistributionLayer

Core Layer

DMVPN 12DMVPN 11

Internet EdgeHub Border

RoutersDMVPN HubRouters

INET

ISP A / ISP B

Figure 3 IWAN—Remote-site overview

1241

FBranchBorderRouter

Branch MasterController/

Branch BorderRouter

Branch Master Controller/

Branch BorderRouter

Single Router Location Dual Router Location


Introduction

The first advanced design builds on previous design models by adding hub borders routers for horizontal scaling at a single data center. This design also has an option to add a second hub MC at a single data center for high availability.

Figure 4 IWAN dual Internet Model—Hub MC high availability


Core Layer

DMVPN 12

23

07

F

DMVPN 11

Internet EdgeHub Border

Routers (BR)

INET

ISP A / ISP BINET1 INET2

Hub MasterController (MC)Lo1: 10.6.32.252/32

Hub MasterController (MC-HA)Lo1: 10.6.32.252/31

Figure 5 IWAN dual Internet model—Hub BR scalability

DMVPN 12

23

08

F

DMVPN 11

WAN Distribution Layer

Hub Master Controller (MC)

Multiple pathsto the same

DMVPN

Hub MasterController (MC-HA)

DMVPN 12DMVPN 11

Hub BorderRouters (BR)

Core Layer

Internet Edge

ISP A / ISP B

INET1PATH-ID 1

INET1PATH-ID 3

INET2PATH-ID 4 INET

INET2PATH-ID 2


Introduction

The second advanced design builds on previous design models with data center redundancy. The multi-data center or the transit site support feature enables organizations to scale their network infrastructure and load-balance the traffic when required.

Figure 6 IWAN hybrid model—Second data center as a transit site

DMVPN 2

23

09

FDMVPN 1

Hub MCPOP-ID 0

10.4.0.0/1610.6.0.0/16

Hub Site

MPLS1PATH-ID 1

INET1PATH-ID 2

Hub BRs

DMVPN 2DMVPN 1

Transit MCPOP-ID 1

10.4.0.0/1610.8.0.0/16

Transit Site

MPLS1PATH-ID 1

INET1PATH-ID 2

Transit BRs

DCIWAN Core

DC110.4.0.0/1610.6.0.0/16

DC210.4.0.0/1610.8.0.0/16


Introduction

The third advanced design model is a multiple transport option called IWAN Dual Hybrid with Path of Last Resort (PLR). This model has two MPLS transports, two Internet transports, and a fifth transport used as the final option when the other four are not available. The model is not limited to two MPLS, two Internet and one PLR transport, but this specific design is used to show the underlying principles for multiple transports. The multiple transport design can be used with any of the previous design models.

Figure 7 IWAN dual hybrid with PLR design model—WAN aggregation site overview

Hub MasterController (MC)


Core Layer

60

40

F

Internet Edge

INET

ISP A / ISP B /ISP CDMVPN 2 DMVPN 4

INET 1

DMVPN 3DMVPN 1

MPLS 2 INET 2

DMVPN 5

INETPLRMPLS 1

HubBorderRouters

(BRs)

Figure 8 IWAN dual hybrid with PLR design model—Remote site options6

04

6F

Link resiliencywith dual routers

with up to fiveWAN transports

Link resiliencywith up to threeWAN transports

MPLS 1 INET 1 MPLS 2 INET 2

INET PLR

MPLS 1 INET 1

INET PLR

IWAN DualHybrid with PLR


Product List

Product ListTo view the full list of IWAN-supported routers for this version of the CVD, see Supported Cisco Platforms and Software Releases.

WAN AGGREGATIONPlace In Network Product Description Part Number SW Version Feature Set

WAN-aggregation Router

Aggregation Services 1002X Router ASR1002X-5G-VPNK9 IOS XE 03.16.04b.S Advanced Enterprise

Aggregation Services 1001X Router ASR1001X-5G-VPN IOS XE 03.16.04b.S Advanced Enterprise

Cisco ISR 4451-X Security Bundle with SEC License

ISR4451-X-SEC/K9 IOS XE 03.16.04b.S securityk9

Hub or Transit MC Cloud Services Router 1000v CSR1000v IOS XE 03.16.04b.S AX

WAN REMOTE SITEPlace In Network Product Desccription Part Number SW Version Feature Set

Modular WAN Remote-site Router

Cisco ISR 4451 AX Bundle with APP and SEC License

ISR4451-X-AX/K9 IOS XE 03.16.04b.S securityk9, appxk9


ISR4431-AX/K9 IOS XE 03.16.04b.S securityk9, appxk9








C3945-AX/K9 15.5(3)M4a securityk9, datak9, uck9



Unified Communications Paper PAK for Cisco 3900 Series

SL-39-UC-K9







Unified Communications Paper PAK for Cisco 2900 Series

SL-29-UC-K9


C1941-AX/K9 15.5(3)M4a securityk9, datak9


Product List

INTERNET EDGEPlace In Network Product Description Part Number SW Version Feature Set

Firewall Cisco ASA 5545-X ASA5545-K9 ASA 9.4(3)

Cisco ASA 5525-X ASA5525-K9 ASA 9.4(3)



Cisco ASA 5512-X Security Plus license ASA5512-SEC-PL

Firewall Management ASDM 7.6(2)

INTERNET EDGE LANPlace In Network Product Description Part Number SW Version Feature Set

DMZ Switch Cisco Catalyst 2960-X Series 24 10/100/1000 PoE and 2 SFP+ Uplink

WS-C2960X-24PS 15.2(3)E1 LAN Base

Cisco Catalyst 2960-X FlexStack-Plus Hot-Swap-pable Stacking Module

C2960X-STACK

LAN ACCESS LAYERPlace In Network Product Description Part Number SW Version Feature Set

Modular Access Layer Switch

Cisco Catalyst 4500E Series 4507R+E 7-slot Chas-sis with 48Gbps per slot

WS-C4507R+E 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 4500E Supervisor Engine 8-E, Uni-fied Access, 928Gbps

WS-X45-SUP8-E 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 4500E 12-port 10GbE SFP+ Fiber Module

WS-X4712-SFP+E

Cisco Catalyst 4500E 48-Port 802.3at PoE+ 10/100/1000 (RJ-45)

WS-X4748-RJ45V+E


WS-C4507R+E 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 4500E Supervisor Engine 7L-E, 520Gbps

WS-X45-SUP7L-E 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 4500E 48 Ethernet 10/100/1000 (RJ45) PoE+,UPoE ports

WS-X4748-UPOE+E

Cisco Catalyst 4500E 48 Ethernet 10/100/1000 (RJ45) PoE+ ports

WS-X4648-RJ45V+E


Product List

Place In Network Product Description Part Number SW Version Feature Set

Stackable Access Layer Switch

Cisco Catalyst 3850 Series Stackable 48 Ethernet 10/100/1000 PoE+ ports

WS-C3850-48F 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 3850 Series Stackable 24 Ethernet 10/100/1000 PoE+ Ports

WS-C3850-24P 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 3850 Series 2 x 10GE Network Module

C3850-NM-2-10G


C3850-NM-4-1G

Cisco Catalyst 3650 Series 24 Ethernet 10/100/1000 PoE+ and 2x10GE or 4x1GE Uplink

WS-C3650-24PD 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 3650 Series 24 Ethernet 10/100/1000 PoE+ and 4x1GE Uplink

WS-C3650-24PS 3.7.1E(15.2.3E1) IP Base

Cisco Catalyst 3650 Series Stack Module C3650-STACK

Cisco Catalyst 2960-X Series 24 10/100/1000 Ethernet and 2 SFP+ Uplink

WS-C2960X-24PD 15.2(3)E1 LAN Base

Standalone Access Layer Switch

Cisco Catalyst 3650 Series 24 Ethernet 10/100/1000 PoE+ and 4x1GE Uplink

WS-C3650-24PS 3.7.1E(15.2.3E1) IP Base

LAN DISTRIBUTION LAYERPlace In Network Product Description Part Number SW Version Feature Set

Modular Distribution Layer Virtual Switch Pair

Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4

VS-S2T-10G 15.2(1)SY1 IP Services

Cisco Catalyst 6800 Series 6807-XL 7-Slot Modu-lar Chassis

C6807-XL 15.2(1)SY1 IP Services

Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4

WS-X6904-40G-2T

Cisco Catalyst 6500 4-port 10GbE SFP+ adapter for WX-X6904-40G module

CVR-CFP-4SFP10G

Cisco Catalyst 6500 CEF720 48 port 10/100/1000mb Ethernet

WS-X6748-GE-TX

Cisco Catalyst 6500 Distributed Forwarding Card 4 WS-F6K-DFC4-A

Cisco Catalyst 6500 Series 6506-E 6-Slot Chassis WS-C6506-E 15.2(1)SY1 IP services

Cisco Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE and PFC4

VS-S2T-10G 15.2(1)SY1 IP services

Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE Fiber Module w/DFC4

WS-X6904-40G-2T

Cisco Catalyst 6500 4-port 10GbE SFP+ adapter for WX-X6904-40G module

CVR-CFP-4SFP10G

Cisco Catalyst 6500 48-port GigE Mod (SFP) WS-X6748-SFP


Cisco Catalyst 6500 24-port GigE Mod (SFP) WS-X6724-SFP



Product List

Place in Network Product Description Part Number SW Version Feature Set

Extensible Fixed Distribution Layer Virtual Switch Pair

Cisco Catalyst 6800 Series 6880-X Extensible Fixed Aggregation Switch (Standard Tables)

C6880-X-LE 15.2(1)SY1 IP Services

Cisco Catalyst 6800 Series 6880-X Multi Rate Port Card (Standard Tables)

C6880-X-LE-16P10G

Modular Distribution Layer Virtual Switch Pair


WS-C4507R+E 3.7.1E(15.2.3E1) Enterprise Services

Cisco Catalyst 4500E Supervisor Engine 7-E, 848Gbps

WS-X45-SUP7-E 3.7.1E(15.2.3E1) Enterprise Services

Cisco Catalyst 4500E 12-port 10GbE SFP+ Fiber Module

WS-X4712-SFP+E

Cisco Catalyst 4500E 48-Port 802.3at PoE+ 10/100/1000 (RJ-45)

WS-X4748-RJ45V+E

Fixed Distribution Layer Virtual Switch Pair

Cisco Catalyst 4500-X Series 32 Port 10GbE IP Base Front-to-Back Cooling WS-C4500X-32SFP+ 3.5.3E(15.2.1E3) Enterprise Services

Stackable Distribution Layer Switch

Cisco Catalyst 3850 Series Stackable Switch with 12 SFP Ethernet

WS-C3850-12S 3.7.1E(15.2.3E1) IP Services


C3850-NM-4-1G


C3850-NM-2-10G


IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation

IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN AggregationPerformance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-figured to learn and control traffic classes on the network.

There are two different roles a device can play at the WAN aggregation site of a PfRv3 configuration:

• Hub Master Controller—The hub MC is the MC at the primary WAN aggregation site. This is the MC device where all PfRv3 policies are configured. It also acts as MC for that site and makes path-optimization decision. There is only one hub MC per IWAN domain.

• Hub Border Router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3 must be configured with:

◦ The address of the local MC.

◦ The path name on external interfaces.

This section also shows a second data center acting as a transit site with a transit MC and transit BRs.

• Transit Master Controller—The transit MC is the MC at the transit site. There is no policy configuration on this device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization decisions. The configuration includes the IP address of the hub MC.

• Transit Border Router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate. There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit BRs, PfRv3 must be configured with:

◦ The address of the transit MC.


◦ The path ID on external interfaces.



Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using EIGRP, as referenced in the figure below.

Figure 9 IWAN dual hybrid model w/ PLR model for EIGRP

32.17

32.18

60

49

F

WAN-D3750X

Po13842.41To Core

Po38 42.42 32.9 32.10

IE-D3750X

HY-MPLS1-ASR1002X-1

IW-DMZ-A2960X

Po13642.33

To Core

Po3642.34 24.1 24.30

32.2

32.1

32.5

32.6

To IE-D3750X

Po2

Po332.13

32.14

Po4

Po5

32.129

32.151

Po21

Po1

Tu1136.1

Tu1034.1

Tu1238.1

Tu1340.1

Tu1444.1

INET1: 172.16.140.1 and 140.2

INET2: 172.17.140.1 and 140.2

INET4G: 172.18.140.1 and 140.2

146.1

VLAN300

Po33

42

.38

42

.37

Lo042.251

Lo032.241

MPLS16.1

HY-INET1-ASR1002X-2

Lo032.242

INET1146.10

HY-MPLS2-ASR1002X-3

Lo032.243

MPLS27.1

HY-INET2-ASR1002X-4

Lo032.244

INET2146.11

HY-INET4G-ASR1002X-5

Lo032.245 INET4G

146.12

HY-MC-CSR1000v-1

Lo032.251

Lo032.240

Internal10.6.X.X

IE DMZ192.168.146.X

IE Outside

INET4G172.18.X.X

ISP-C

MPLS1192.168.6.X

INET1172.16.X.X

ISP-A

MPLS2192.168.7.X

INET2172.17.X.X

ISP-B

INET4G172.17.X.X

ISP-B

MPLS2192.168.7.X

INET2172.19.X.X

ISP-D

MPLS1192.168.6.X

INET1172.18.X.X

ISP-C

Tunnel1010.6.34.X

Tunnel1210.6.38.X

EIGRP AS:400

Tunnel1110.6.36.X

Tunnel1310.6.40.X

Tunnel1410.6.42.X

Loopback10.255.X.X

Netblock10.7.X.X

Internal10.8.X.X

Hub Site

32.17

32.18

WAN-D3750X-T

Po14042.41To Core

Po40 42.42 32.9 32.10

HY-MPLS1-ASR1002X-T1

32.2

32.1

32.5

32.6

Po2

Po332.13

32.14

Po4

Po5

32.129

32.151

Po21

Po1Tu1136.2

Tu1034.2

Tu1238.2

Tu1340.2

Tu1444.2

Po35

42

.38

42

.37

Lo032.241

MPLS16.41

HY-INET1-ASR1002X-T2

Lo032.242

INET1146.13


Lo032.243

MPLS17.41


Lo032.244

INET2146.14

HY-INET4G-ASR1002X-T5

Lo032.245

INET4G146.15

HY-MC-ASR1002X-T1

Lo032.251

Lo032.240

Transit Site

IE-ASA5545-1

INET1Tunnel 11

MPLS1Tunnel 10

INET2Tunnel 13

MPLS2Tunnel 12

INET4GTunnel 14

RS11-2921 RS11-A2960

Lo0241.11INET1

98.91

MPLS16.5

Netblock0.0 - 7.255

RS11Single ISR G2

Access 2K

Tu1136.11

Tu1034.11

RS12-2911-1

RS12-A2960

Lo0241.12

INET198.100

MPLS16.9

Netblock16.0 - 23.255

RS12Dual ISR G2Access 2K

Tu1136.12

Tu1034.12

MPLS16.25

Tu1034.32

MPLS16.29

Tu1034.41

RS12-2911-2

Lo0243.12

RS31-4451 RS31-A2960

Lo0243.31

Netblock128.0 - 135.255

RS31Single ISR 4K

Access 2K

RS32-4451-1

RS32-A3850

Lo0241.32

Netblock144.0 - 151.255

RS32Dual ISR 4KAccess 3K

RS32-4451-2

Lo0243.32

RS41-2921 RS41-D3750

Lo0241.41

Netblock192.0 - 199.255

RS41Single ISR G2

Dist/Acc 3K/2K

RS42-4451-1

RS42-D3850

RS41-A2960

RS42-A3650

Lo0241.42

Netblock208.0 - 215.255

RS42Dual ISR 4K

Dist/Acc 3K/3K

RS42-4451-2

Lo0243.42

INET298.100

MPLS27.9

Tu1238.12

Tu1340.12

INET298.204

INET298.252

MPLS27.21

MPLS27.25

Tu1238.31

Tu1238.32

MPLS27.33

Tu1238.42

Tu1340.31

Tu1340.32

INET299.84

Tu1340.42

Tu1136.32

INET4G98.204

INET198.252

Tu1136.41

INET199.44

MPLS16.33

Tu1034.42

Tu1136.42

INET199.84

Tu1444.31

INET4G98.252

Tu1444.31

Po2

Po1

Po1



The following tables provide the loopback and port-channel IP addresses for the WAN aggregation devices in the IWAN dual hybrid with PLR design model.

Table 1 IWAN dual hybrid with PLR model—Hub router IP addresses

IWAN function Host nameLoopback IP address

Port channel IP address

Hub MC HY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26

Hub BR (MPLS1) HY-MPLS1-ASR1002X-1 10.6.32.241/32 10.6.32.2/30

Hub BR (INET1) HY-INET1-ASR1002X-2 10.6.32.242/32 10.6.32.6/30



Hub BR (PLR) HY-INET4G-ASR1002X-5 10.6.32.245/32 10.6.32.18/30

Table 2 IWAN dual hybrid with PLR model—Transit router IP addresses



Transit MC HY-MC-ASR1002X-T1 10.8.32.251/32 10.8.32.151/26

Transit BR (MPLS1) HY-MPLS1-ASR1002X-T1 10.8.32.241/32 10.8.32.2/30

Transit BR (INET1) HY-INET1-ASR1002X-T2 10.8.32.242/32 10.8.32.6/30



Transit BR (PLR) HY-INET4G-ASR1002X-T5 10.8.32.245/32 10.8.32.18/30



CONFIGURATION FILES Below are links to the configuration files for all hybrid hub and transit site WAN aggregation devices using EIGRP:

• The entire set

• HY-MC-CSR1000V-1: Hub MC

• HY-MPLS1-ASR1002X-1: Hub BR (MPLS1)

• HY-INET1-ASR1002X-2: Hub BR (INET1)

• HY-MPLS2-ASR1002X-3: Hub BR (MPLS2)

• HY-INET2-ASR1002X-4: Hub BR (INET2)

• HY-INET4G-ASR1002X-5: Hub BR (PLR)

• HY-MC-ASR1002X-T1: Transit MC

• HY-MPLS1-ASR1002X-T1: Transit BR (MPLS1)

• HY-INET1-ASR1002X-T2: Transit BR (INET1)

• HY-MPLS2-ASR1002X-T3: Transit BR (MPLS2)

• HY-INET2-ASR1002X-T4: Transit BR (INET2)

• HY-INET4G-ASR1002X-T5: Transit BR (PLR)

• IW-IE-ASA5545X: Firewall

http://cvddocs.com/fw/cfg-a1















IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites

IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote SitesPerformance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-figured to learn and control traffic classes on the network.

There are two different roles a device can play at the remote site of a PfRv3 configuration:

• Branch Master Controller—The Branch MC is the MC at the branch-site. There is no policy configuration on this device. It receives policy from the Hub MC. This device acts as MC for that site for making path-optimi-zation decision. The configuration includes the IP address of the hub MC.

• Branch Border Router—This is a BR at the branch-site. The configuration on this device enables BR func-tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is detected automatically.

The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with PLR design model.

Table 3 IWAN dual hybrid with PLR model—Remote site router IP addresses

IWAN function Host name Loopback IP address

Branch MC/BR (MPLS1/INET1) RS11-2921 10.255.241.11/32

Branch MC/BR (MPLS1/INET1) RS12-2911-1 10.255.241.12/32

Branch BR (MPLS2/INET2) RS12-2911-2 10.255.243.12/32

Branch MC/BR (MPLS2/INET2/PLR) RS31-4451 10.255.243.31/32

Branch MC/BR (MPLS1/INET1/PLR) RS32-4451-1 10.255.241.32/32





Branch MC/BR (MPLS1/INET1/4G) RS51-2921 10.255.241.51/32


IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites

CONFIGURATION FILESBelow are links to the configuration files for all hybrid remote site devices using EIGRP:

• The entire set

• RS11—Single-Router, Two-Link, Access (MPLS1 and INET1):

◦ RS11-2921: MPLS1 and INET1 WAN links

• RS12—Dual-Router, Four-Link, Access (MPLS1, MPLS2, INET1 and INET2):

◦ RS12-2911-1: MPLS1 and INET1 WAN links


• RS31—Single-Router, Three-Link, Access (MPLS2, INET2 and PLR):

◦ RS31-4451: MPLS2, INET2 and PLR WAN links

• RS32—Dual-Router, Five-Link, Access (MPLS1, MPLS2, INET1, INET2 and PLR):

◦ RS32-4451-1: MPLS1, INET1 and PLR WAN links


• RS41—Single-Router, Two-Link, Distribution (MPLS1 and INET1):


• RS42—Dual-Router, Four-Link, Distribution (MPLS1, MPLS2, INET1 and INET2):



• RS51—Single-Router, Three-Link, Access (MPLS1 and INET1 with LTE Fallback):


http://cvddocs.com/fw/cfg-b1












IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation

IWAN Dual Hybrid with PLR Design Model for BGP—WAN AggregationPerformance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-figured to learn and control traffic classes on the network.






This section also shows a second data center acting as a transit site with a transit MC and transit BRs.

• Transit Master Controller—The transit MC is the MC at the transit site. There is no policy configuration on this device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization decisions. The configuration includes the IP address of the hub MC.

• Transit Border Router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate. There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit BRs, PfRv3 must be configured with:

◦ The address of the transit MC.


◦ The path ID on external interfaces.



Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using BGP on the WAN and OSPF on the LAN, as referenced in the figure below.

Figure 10 IWAN dual hybrid with PLR model for BGP and OSPF

32.17

32.18

60

50

F

WAN-D3750X

32.9 32.10

IE-D3750X

HY-MPLS1-ASR1002X-1

Po13642.33

To Core

Po3642.34 24.1 24.30

32.2

32.1

32.5

32.6

To IE-D3750X

Po2

Po332.13

32.14

Po4

Po5

32.129

32.151

Po21

Po1

Tu1034.1

Tu1238.1

Tu1340.1

VLAN300

Po33

42

.38

42

.37

Lo042.251

Lo032.241

65100:100

HY-INET1-ASR1002X-2

Lo032.242

HY-MPLS2-ASR1002X-3

Lo032.243

HY-INET2-ASR1002X-4

Lo032.244

HY-INET4G-ASR1002X-5

Lo032.245

HY-MC-CSR1000v-1

Lo032.251

Lo032.240

Lo032.240

Internal10.6.X.X

Tunnel1010.6.34.X

Tunnel1210.6.38.X

Tunnel1110.6.36.X

Tunnel1310.6.40.X

Tunnel1410.6.42.X

Loopback10.255.X.X

Netblock10.7.X.X

BGPCommunity

Attribute

BGP AS:65100in WAN Overlay

OSPF 100Area 0

OSPF 100Area 0

OSPF 100Area 0

OSPF 100Area 0

OSPF 100Area 0

BGPCommunity

Attribute

Internal10.8.X.X

Hub Site(POP1)

MPLS1=65100:100INET1=65100:200

MPLS2=65100:300INET2=65100:400

INET4G=65100:500

Transit Site(POP2)

MPLS1=65100:101INET1=65100:201

MPLS2=65100:301INET2=65100:401

INET4G=65100:501

PreferPOP2

65100:20

32.17

32.18

WAN-D3750X-T

32.9 32.10


32.2

32.1

32.5

32.6

Po2

Po332.13

32.14

Po4

Po5

32.129

32.151

Po21

Po1

Tu1136.2

Tu1034.2

Tu1238.2

Tu1340.2

Tu1444.2

Po35

42

.38

42

.37

Lo032.241


Lo032.242


Lo032.243


Lo032.244

HY-INET4G-ASR1002X-T5

Lo032.245

HY-MC-ASR1002X

Lo032.251

IE-ASA5545-1

INET1Tunnel 11

MPLS1Tunnel 10

INET2Tunnel 13

MPLS2Tunnel 12

INET4GTunnel 14

RS11-2921 RS11-A2960

Lo0241.11

Netblock0.0 - 7.255

RS11Single ISR G2

Access 2K


PreferPOP1

65100:10

RS31Single ISR 4K

Access 2K


PreferPOP1

65100:10

RS41Single ISR G2

Dist/Acc 3K/2K

PreferPOP1

65100:20

RS42Dual ISR 4K

Dist/Acc 3K/3K

Tu1136.11

Tu1034.11

RS12-2911-1

RS12-A2960

Lo0241.12

Netblock16.0 - 23.255

Tu1136.12

Tu1034.12

Tu1034.32

Tu1034.41

RS12-2911-2

Lo0243.12

RS31-4451 RS31-A2960

Lo0243.31

Netblock128.0 - 135.255

RS32-4451-1

RS32-A3850

Lo0241.32

Netblock144.0 - 151.255

RS32-4451-2

Lo0243.32

RS41-2921 RS41-D3750

Lo0241.41

Netblock192.0 - 199.255

RS42-4451-1

RS42-D3850

RS41-A2960

RS42-A3650

Lo0241.42

Netblock208.0 - 215.255

RS42-4451-2

Lo0243.42

Tu1238.12

Tu1340.12

Tu1238.31

Tu1238.32

Tu1238.42

Tu1340.31

Tu1340.32

Tu1340.42

Tu1136.32

Tu1136.41

Tu1034.42

Tu1136.42

Tu1444.31

Tu1444.31

Tu1136.1

Tu1444.1

Po1

Po1

Po2

65100:20

65100:20

65100:10

65100:10

65100:10

65100:10

65100:20

65100:20

65100:20

65100:300

65100:400

65100:50065100:101

65100:201

65100:301

65100:401

65100:501

65100:200



The following table provides the loopback and port-channel IP addresses for the WAN aggregation devices in the IWAN hybrid design model.

Table 4 IWAN dual hybrid with PLR model—Hub router IP addresses



Hub MC HY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26





Hub BR (PLR) HY-INET4G-ASR1002X-5 10.6.32.245/32 10.6.32.18/30

Table 5 IWAN dual hybrid with PLR model—Transit router IP addresses



Transit MC HY-MC-ASR1002X-T1 10.8.32.251/32 10.8.32.151/26





Transit BR (PLR) HY-INET4G-ASR1002X-T5 10.8.32.245/32 10.8.32.18/30



CONFIGURATION FILESBelow are links to the configuration files for all hybrid hub and transit site WAN aggregation devices using BGP and OSPF:

• The entire set

• HY-MC-CSR1000V-1: Hub MC, BGP

• HY-MPLS1-ASR1002X-1: Hub BR, BGP (MPLS1)

• HY-INET1-ASR1002X-2: Hub BR, BGP (INET1)

• HY-MPLS2-ASR1002X-3: Hub BR, BGP (MPLS2)

• HY-INET2-ASR1002X-4: Hub BR, BGP (INET2)

• HY-INET4G-ASR1002X-5: Hub BR, BGP (PLR)

• HY-MC-ASR1002X-T1: Transit MC, BGP

• HY-MPLS1-ASR1002X-T1: Transit BR, BGP (MPLS1)

• HY-INET1-ASR1002X-T2: Transit BR, BGP (INET1)

• HY-MPLS2-ASR1002X-T3: Transit BR, BGP (MPLS2)

• HY-INET2-ASR1002X-T4: Transit BR, BGP (INET2)

• HY-INET4G-ASR1002X-T5: Transit BR, BGP (PLR)


http://cvddocs.com/fw/cfg-c1















IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites

IWAN Dual Hybrid with PLR Design Model for BGP—Remote SitesPerformance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-figured to learn and control traffic classes on the network.




The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with PLR design model.

Table 6 IWAN dual hybrid with PLR model—Remote site router IP addresses





Branch MC/BR (MPLS2/INET2/PLR) RS31-4451 10.255.243.31/32

Branch MC/BR (MPLS1/INET1/PLR) RS32-4451-1 10.255.241.32/32





Branch MC/BR (MPLS1/INET1/4G) RS51-2921 10.255.241.51/32


IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites

CONFIGURATION FILESBelow are links to the configuration files for all hybrid remote site devices using BGP and OSPF:

• The entire set

• RS11—Single-Router, Two-Link, Access, BGP (MPLS1 and INET1):


• RS12—Dual-Router, Four-Link, Access, BGP (MPLS1, MPLS2, INET1 and INET2):



• RS31—Single-Router, Three-Link, Access, BGP (MPLS2, INET2 and PLR):


• RS32—Dual-Router, Five-Link, Access, BGP (MPLS1, MPLS2, INET1, INET2 and PLR):

◦ RS32-4451-1: MPLS1, INET1 and PLR WAN links


• RS41—Single-Router, Two-Link, Distribution, BGP (MPLS1 and INET1):


• RS42—Dual-Router, Four-Link, Distribution, BGP (MPLS1, MPLS2, INET1 and INET2):



• RS51—Single-Router, Three-Link, Access, BGP (MPLS1 and INET1 with LTE Fallback):


http://cvddocs.com/fw/cfg-d1












IWAN Dual Internet Design Model for EIGRP—WAN Aggregation

IWAN Dual Internet Design Model for EIGRP—WAN AggregationPerformance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-figured to learn and control traffic classes on the network.






This version of the guide also has hub MC HA and hub BR scaling.



This section includes configuration files corresponding to the IWAN dual Internet design model WAN aggregation site for EIGRP, as referenced in the figure below.

Figure 11 IWAN dual Internet model for EIGRP—Hub MC HA, hub BR scaling and IOS CA

32.45

32.46

60

51

F

WAN-D3750X

Po13842.41To Core

Po38 42.42 32.161 32.164

IE-D3750X

IW-DMZ-D3750X

Po13642.33

To Core

Po3642.34 24.1 24.30

24.1

1

24.1

32.161

32.163

Po22

Po2332.41

32.42

Po11

Po12

32.49

32.50

Po13

Tu2166.1

Tu2064.1

Tu2064.13

Tu2064.14

Tu2064.33

Tu2166.13

Tu2166.14

Tu2166.34

Tu2166.43

Tu2166.44

Tu2166.33

INET1: 172.16.140.11 and 140.12

INET2: 172.17.140.11 and 140.12

146.1

146.20

Tu2064.2

146.22

146.23

146.21

VLAN300

Po33

42

.38

42

.37

Lo042.251

DI-MCASR1004-1

Lo032.253

DI-MCASR1004-2

Lo032.254

DI-INET1-ASR1002X-11

Lo032.246

DI-INET2-ASR1002X-12

Lo032.247

DI-INET1-ASR1002X-11b

Lo032.248

32.53

32.54

Po14

DI-INET2-ASR1002X-12b

Lo032.249

Lo032.240

Internal10.6.X.X

INET1172.16.X.X

INET2172.17.X.X

IE Outside

INET1172.18.X.X

INET2172.19.X.X

Tunnel2010.6.64.X

Tunnel2110.6.66.X

EIGRP AS:400

Loopback10.255.X.X

Netblock10.7.X.X

Hub Site

IE-ASA5545-1

Tunnel 20

INET2Tunnel 21

RS13-2911

IWAN-IOS-CA

RS13-A2960

Lo0246.13

INET1DHCP98.110

INET1DHCP98.116

INET1DHCP99.19

INET2DHCP99.20

INET2DHCP98.115

INET2DHCP98.109

INET1DHCP99.11

INET2DHCP99.11

INET1DHCP99.92

INET2DHCP99.99

INET1DHCP99.76

INET2DHCP99.91

Netblock32.0 - 39.255

RS13Single ISR G2

Access 2K

RS14-2921-1

RS14-A2960

Lo0246.14

Netblock48.0 - 55.255


RS14-2921-2

Lo0247.14

RS33-4451 RS33-A2960

Lo0246.33

Netblock160.0 - 167.255

RS33Single ISR 4K

Access 2K

RS34-4451-1

RS34-A3650

Lo0246.34

Netblock176.0 - 183.255


RS34-4451-2

Lo0247.34

RS43-4451 RS43-D3750

Lo0246.43

Netblock224.0 - 231.255

RS43Single ISR 4K

Dist/Acc 3K/2K

RS44-3945-1

RS44-D3750

RS43-A2960

RS44-A2960

Lo0246.42

Netblock240.0 - 247.255

RS44Dual ISR G2

Dist/Acc 3K/2K

RS44-3945-2

Lo0247.44

IE DMZ192.168.146.X

Tu2166.2

PfR Lo132.252

PfR Lo132.252/31

Tu2064.34

Tu2064.43

Po1

Po1

Po2

Tu2064.44



The following table provides the loopback addresses for the WAN aggregation devices in the IWAN dual Internet model.

Table 7 IWAN dual Internet model—Hub router IP addresses

IWAN function Host nameLoopback0 IP address (Mgmt)

Loopback1 IP address (PfR) Port channel IP address

Hub MC DI-MC-ASR1004-1 10.6.32.253/32 10.6.32.252/32 10.6.32.163/26

Hub MC HA DI-MC-ASR1004-2 10.6.32.254/32 10.6.32.252/31 10.6.32.164/26

Hub BR (INET1) DI-INET1-ASR1002X-11 10.6.32.246/32 N/A 10.6.32.42/30

Hub BR (INET2) DI-INET1-ASR1002X-12 10.6.32.247/32 N/A 10.6.32.46/30

Hub BR2 (INET1) DI-INET1-ASR1002X-11b 10.6.32.248/32 N/A 10.6.32.50/30

Hub BR2 (INET2) DI-INET1-ASR1002X-12b 10.6.32.249/32 N/A 10.6.32.54/30

CONFIGURATION FILESBelow are links to the configuration files for all dual Internet hub site WAN aggregation devices using EIGRP:

• The entire set

• DI-MC-ASR1004-1: Hub MC

• DI-MC-ASR1004-2: Hub MC HA

• DI-INET1-ASR1002X-11: Hub BR (INET1)

• DI-INET1-ASR1002X-12: Hub BR (INET2)

• DI-INET1-ASR1002X-11b: Hub BR2 (INET1)

• DI-INET1-ASR1002X-12b: Hub BR2 (INET2)

• IWAN-IOS-CA: IOS Certificate Authority


http://cvddocs.com/fw/cfg-e1










IWAN Dual Internet Design Model for EIGRP—Remote Sites

IWAN Dual Internet Design Model for EIGRP—Remote SitesPerformance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-figured to learn and control traffic classes on the network.




The following table provides the loopback addresses for the remote site devices in the IWAN dual Internet design model.

Table 8 IWAN dual Internet model—Remote site router IP addresses


Branch MC/BR (INET1/INET2) RS13-2911 10.255.246.13/32

Branch MC/BR (INET1) RS14-2921-1 10.255.246.14/32

Branch BR (INET2) RS14-2921-2 10.255.247.14/32



Branch BR (INET2) RS34-4451-2 10.255.247.34/32



Branch BR (INET2) RS44-3945-2 10.255.247.44/32


IWAN Dual Internet Design Model for EIGRP—Remote Sites

CONFIGURATION FILESBelow are links to the configuration files for all dual Internet remote site devices using EIGRP:

• The entire set

• RS13—Single-Router, Two-Link, Access (INET1 and INET2):

◦ RS13-2911: INET1 and INET2 WAN links

• RS14—Dual-Router, Two-Link, Access (INET1 and INET2):

◦ RS14-2921-1: INET1 WAN link


• RS33—Single-Router, Two-Link, Access (INET1 and INET2):


• RS34—Dual-Router, Two-Link, Access (INET1 and INET2):



• RS43—Single-Router, Two-Link, Distribution (INET1 and INET2):


• RS44—Dual-Router, Two-Link, Distribution (INET1 and INET2):



http://cvddocs.com/fw/cfg-f1











Appendix A: Changes

Appendix A: ChangesThis appendix summarizes the changes Cisco made to this guide since its last edition.

• Routing updates

◦ Added iBGP in WAN overlay with OSPF on LAN as an option

◦ Added EIGRP stub-site and removed remote site tagging

◦ Added EIGRP summary metrics

◦ Added EIGRP delay parameters on LAN and transit networks

• PfR updates

◦ Added load-balance exclusion

◦ Added path preference hierarchy

◦ Added path of last resort (PLR)

• Multiple WAN transports

◦ Added dual Hybrid with PLR design model (2 MPLS, 2 INET and 1 INET PLR)

◦ Added five hub BRs and five transit BRs with DC Interconnect

◦ Added single router remote site with three WAN transports

◦ Added dual router remote site with five WAN transports

◦ Added EIGRP and BGP/OSPF configurations

• AVC updates

◦ Prime 3.1 and LiveAction Live NX 5.3 for NetFlow collection

• IKEV2 updates

◦ Added NGE/Suite-B AES-GCM-256 encryption proposal

◦ Simplified the crypto configurations with “match fvrf any” for portability between design models

◦ Added local identity for PSK design to address Carrier Grade NAT issues

• Hub MC HA updates

◦ Configured a second loopback interface for managing the hub MCs

Americas HeadquartersCisco Systems, Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems International BV Amsterdam,The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, “DESIGNS”) IN THIS MANUAL ARE PRESENTED “AS IS,” WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2016 Cisco Systems, Inc. All rights reserved.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)


Please use the feedback form to send comments and suggestions about this guide.

B-000201i-1 10/16

http://cvddocs.com/fw/201i-16b-feedback

intelligent wan configuration files guide (cvd) – october 2016

Documents