IPSec Termination Node Conventions and Tag Nomenclature
With the exposure of IPSec Termination
Nodes in Prisma Access for Networks utilizing Aggregate Bandwidth,
previous Prisma SD-WAN CloudBlade 1.0 and 2.0 versions are not compatible.
In order to leverage the Prisma Aggregate Bandwidth
feature, the 2.1.1 CloudBlade needs to be utilized. Within the 2.1.1
CloudBlade, the logic exists for Prisma SD-WAN devices to specify
the IPSec Termination Nodes within a region.
Using the same information gained above from our
nodes for
us-east
, the tagging methodology
for the CloudBlade can now be determined. The tag constructs within
the 2.1.1 CloudBlade would look as follows:
Prisma_region: <<region name>> : <<IPSec Termination
Node Name or Number>>
With this construct, the tags for the interface(s) will look
similar to the following:
prisma_region:us-east-1:us-east-charlock
prisma_region:us-east-1:us-east-banyan
prisma_region:us-east-1:1
prisma_region:us-east-1:2
In 2.1.1, the node name (us-east-charlock) or order that the
node appears in the list (1) can both be used in the naming convention for
the interface tags.
In order to assist with the automation of the scripts/deployment,
the Prisma SD-WAN Tagger utility script can also be used to help create/configure
the tags: