Configure Topology 3

Lets learn more about Configure Topology 3 in Prisma SD-WAN.
In this topology, one internet link terminates on one ION device and the second internet link terminates on the second ION device. The following example shows a sample configuration for an ION 3000, but you can use an ION 7000, or ION 9000 if more throughput is required.
  1. Configure physical connections.
    1. Connect the controller port of each ION device to the local LAN.
      Connect both in the same subnet if possible so that you can use the interfaces for HA control communication. In this example, the ION device controller port IP addresses are in VLAN 100 and are 10.10.100.10/24 and 10.10.100.11/24, respectively.
    2. Connect port 1 (LAN) of each ION device to each of the Layer 3 switches, with the same IP address configured on both devices.
      In order to configure Port 1 as LAN individually, you may have to first decouple the bypass pair and make it an interface-type port.
    3. Configure the same IP address for port 1 for both the ION devices. Only the Active ION device responds to ARP requests for this IP address.
      To enable this interface to be used for LAN traffic forwarding,
      Enable L3 LAN Forwarding
      when you configure the device.
  2. Configure interfaces.
    Configure the interfaces as shown in the following table.
    Port-Interface Type
    In Active ION Device Use These Ports For
    In Backup ION Device Use These Ports For
    Port 1, Internet 1-Bypass Pair
    Internet
    Internet
    Port 1-Internet Port
    Internet
    Internet
    Port 2, Internet 2-Bypass Pair
    Internet
    Internet
    Port 2-Internet Port
    Internet
    Internet
    In this example, the Active ION device terminates the Internet 1 circuit on the fail-to-wire bypass pair Internet 1 port. The corresponding Internet Bypass Port 1 of the ION device connects to Internet 1 of the Backup ION device. Both the active and backup ION devices will have the same IP address configured for these ports. The IP address can be configured as Static or DHCP.
    On the ION 7000, ports 5,6 and 7,8 have fail-to-wire capability and can be configured as either WAN or LAN side when creating the bypass pair. On the ION 2000, ports 4 and 5 have fail-to-wire capability, port 4 is the WAN side port and 5 is the LAN side.
    Finally, the second Internet circuit terminates on the Backup ION device, on the fail-to-wire bypass pair Internet 2 port. The corresponding Internet Bypass Port 2 of the ION device connects to Internet 2 of the Active ION device. Both the active and backup ION devices have the same IP address configured for these ports. The IP address can be configured as Static or DHCP.
  3. Configure the
    Next-Hop
    in the
    Static Route
    . Select the Scope as
    Global
    or
    Local
    to advertise the subnet into the Prisma SD-WAN fabric.
  4. Configure HA Groups.
    1. In the
      Edit HA-Group
      screen, enable
      Preempt
      and set the
      Advertisement Interval
      to one second.
    2. In the
      Active ION device Spoke HA configuration
      screen, set the priority to 150. Leverage the controller port as the HA control interface, and enable tracking for the LAN port with a priority reduction value of 150.
    3. In the
      Backup ION device Spoke HA configuration
      screen, set the priority to 100. Leverage the controller port as the HA control interface, and enable tracking for the LAN port with a priority reduction value of 100.
  5. Add the ION Devices to the HA Groups.

Recommended For You