Configure Branch HA with Internet, MPLS, Layer 2 LAN Switch Topology-2

Let us learn more about on Configure Branch HA with Internet, MPLS, Layer 2 LAN Switch Topology-2 in Prisma SD-WAN.
In this topology, the internet link terminates on one ION device, and the MPLS link terminates on the second ION device. The LAN switches are Layer 2 switches. The following example shows a sample configuration for an ION 2000, but you can use an ION 3000, ION 7000, or ION 9000 if more throughput is required.
  1. Configure physical connections.
    1. Connect the controller port of each ION device to the local LAN.
      Connect both in the same subnet if possible so that you can use the interfaces for HA control communication. In this example, the ION device controller port IP addresses are in VLAN 100 and are 10.10.100.10/24 and 10.10.100.11/24, respectively.
    2. Connect port 1 of each ION device to each of the Layer 2 switches with the same sub-interfaces and IP addresses configured on both ION devices.
    3. Configure the same IP address for port 1 for both the ION devices. Only the Active ION device responds to ARP requests for this IP address.
      To enable this interface to be used for LAN traffic forwarding,
      Enable L3 LAN Forwarding
      when you configure the device.
    4. Connect the internet circuit on the fail-to-wire bypass pair WAN port 4 on the ION 2000 of the active ION device.
    5. Connect port 5 of the active ION device to port 2 of the backup ION device. Port 2 of the backup ION device is an Internet port with the same IP address as the active ION device bypass ports 4/5. The IP address is configured as
      Static
      or
      DHCP
      .
    6. Connect the MPLS circuit on the fail-to-wire bypass pair WAN port 4 on the ION 2000 of the backup ION device.
    7. Connect port 5 of the backup ION device to port 2 of the active ION device. Port 2 of the active ION device is an Internet port with the same IP address as the backup ION device bypass ports 4/5. The IP address is configured as
      Static
      or
      DHCP
      .
  2. Configure interfaces.
    Port-Interface Type
    In Active ION Device Use These Ports For
    In Backup ION Device Use These Ports For
    Port 1-Sub-Interface
    LAN
    LAN
    Port 2-Port
    Private WAN
    Internet
    Port 4, Port 5-Bypass Pair
    Private WAN
    Private WAN
    The following images display the port configuration screens of the active and backup ION devices used in this specific scenario.
    On the ION 3000, the front panel ports are labeled as Internet and Internet Bypass and may need to be configured as a bypass pair. On the ION 7000, ports 5, 6 and 7, 8 have fail-to-wire capability and can be configured as either WAN-side or LAN-side when creating the bypass pair. If BGP peering to the MPLS PE or WAN side static routes are required, this must be done on each device individually and the settings must be the same.
  3. Configure HA Groups.
    1. On the
      Edit HA-Group
      screen, enable
      Preempt
      and set the
      Advertisement Interval
      to one second.
    2. On the
      Spoke HA Configuration
      screen for the active ION device, set
      Priority
      to 150, configure the controller port as the HA control interface and enable tracking for the LAN port with a priority reduction value of 150.
    3. On the
      Spoke HA Configuration
      screen for the backup ION device, set
      Priority
      to 100, configure the controller port as the HA control interface and enable tracking for the LAN port with a priority reduction value of 100.
  4. Add the ION Devices to the HA Groups.

Recommended For You