Configure Topology 4

Lets learn more about Branch HA configuring topology 4 in Prisma SD-WAN.
One internet circuit terminates on the active ion device in this topology, while the other internet circuit terminates on the backup ION device.
The LAN switches in this topology are Layer 2 switches. The following example shows a sample configuration for an ION 3000, but you can use an ION 2000, ION 7000, or ION 9000 based on the throughput required.
  1. Configure physical connections.
    1. Connect the controller port of each ION device to the local LAN.
      Connect both in the same subnet if possible so that you can use the interfaces for HA control communication. In this example, the ION device controller port IP addresses are in VLAN 100 and are 10.10.100.10/24 and 10.10.100.11/24, respectively.
    2. Connect the LAN 1 port of each ION device to each of the Layer 2 switches.
      To configure the LAN 1 port individually, you may first decouple the bypass pair and make it an interface-type port. To enable this interface to be used for LAN traffic forwarding,
      Enable L3 LAN Forwarding
      when you configure the device.
    3. Configure both ION devices with the same sub-interfaces and IP addresses.
      Only the Active ION device responds to ARP requests for these IP addresses.
    4. Configure global or local scope on an interface.
      It depends on whether you want to advertise the subnet configured. No changes are required on the clients assuming that the IP address configured on each sub-interface is the same HSRP/VRRP address previously used by the 2 WAN routers.
    5. Connect the Internet 1 port of the Active ION device to the Internet 1 circuit.
    6. Connect the corresponding Internet Bypass Port 1 of the active ION device to the Internet 1 port of the backup ION device.
      You must configure the same IP address for these ports on both the active and backup ION devices. You can configure static IP addresses or configure IP addresses through DHCP.
      On the ION 7000, ports 5,6, and 7,8 have fail-to-wire capability and can be configured as either WAN or LAN side when creating the bypass pair. On the ION 2000, ports 4 and 5 have fail-to-wire capability, port 4 is the WAN side port and 5 is the LAN side.
    7. Connect the internet 2 port of the backup ION device to the internet 2 circuit.
    8. Connect the corresponding internet Bypass Port 2 of the backup ION device to the internet 2 port of the active ION device.
      You must configure the same IP address for these ports on both the active and backup ION devices. You can configure static IP addresses or configure IP addresses through DHCP.
  2. Configure interfaces.
    Configure the interfaces as shown in the following table.
    Port-Interface Type
    In Active ION Device Use These Ports For
    In Backup ION Device Use These Ports For
    LAN 1 Port
    LAN
    LAN
    Internet 1
    Internet-1
    Internet (Connected to Internet Bypass 1 of the active ION device)
    Internet 2
    Internet (Connected to Internet Bypass 2 of the backup ION device)
    Internet-2
    Below are the sample screenshots of the device sub-interface configuration for the reference topology.

Recommended For You