Configure Branch HA with Internet, MPLS, and a Layer 3 LAN Switch Topology-1

Learn how to Configure Branch HA with Internet, MPLS, and a Layer 3 LAN Switch Topology-1 in Prisma SD-WAN.
In this topology, the internet link terminates on one ION device, and the MPLS link ends the second ION device. The following example shows a sample configuration for an ION 2000, but you can use an ION 3000, ION 7000, or ION 9000 if more throughput is required.
  1. Configure physical connections.
    1. Connect the controller port of each ION device to the local LAN.
      Connect both in the same subnet if possible so that you can use the interfaces for HA control communication. In this example, the ION device controller port IP addresses are in VLAN 100 and are 10.10.100.10/24 and 10.10.100.11/24, respectively.
    2. Connect port 1 of each ION device to each of the Layer 3 switches.
    3. Configure the same IP address for port 1 for both the ION devices.
      Only the Active ION device responds to ARP requests for this IP address.
      To enable this interface to be used for LAN traffic forwarding, Enable L3 LAN Forwarding when you configure the device.
    4. Connect the internet circuit on the fail-to-wire bypass pair WAN port (port 4 on the ION 2000) of the active ION device.
    5. Connect port 5 of the active ION device to port 2 of the backup ION device.
      Port 2 of the backup ION device is an Internet port with the same IP address as the active ION device bypass ports 4/5. The IP address is configured as Static or DHCP.
    6. Connect the MPLS circuit on the fail-to-wire bypass pair WAN port 4 on the ION 2000 of the backup ION device.
    7. Connect port 5 of the backup ION device to port 2 of the active ION device.
      Port 2 of the active ION device is an Internet port with the same IP address as the backup ION device bypass ports 4/5. The IP address is configured as Static or DHCP.
  2. Configure interfaces.
    Configure the interfaces as shown in the following table.
    Port-Interface Type
    Active ION Device-Use These Ports For
    Backup ION Device-Use These Ports For
    Port 4 and Port 5-Bypass Pair
    Internet
    Private WAN
    Port 2-Port
    Private WAN
    Internet
    The following images display the port configuration screens of the active and backup ION devices used in this specific scenario.
    If BGP peering to the MPLS PE or WAN side static routes is required, this must be done on each device individually and the settings must be the same.
  3. Configure the next hop in the static route.
    1. Select
      Map > Claimed Devices > Select a Device > Configure the device > Routing > Static > Edit Static Route
      .
    2. Configure the IP address of the Layer 3 switches as the next hop on both the ION devices.
      Port 1 IP address is configured as the default route on both Layer 3 switches. In our reference topology, both switch uplink ports are in VLAN 255 and have an SVI configured for VLAN 255 with a configured VRRP address of 10.10.255.1. This IP address is configured on each ION device individually as the next hop for each LAN subnet static route(s).
    3. Select the scope as
      Global
      or
      Local
      to advertise the subnet into the Prisma SD-WAN fabric.
  4. Configure HA Groups with the following settings.
    1. On the
      Edit HA-Group
      screen, enable
      Preempt
      and set the
      Advertisement Interval
      to
      one
      second.
    2. On the
      Spoke HA Configuration
      screen for the active ION device:
      • Set
        Priority
        to 150.
      • Configure the controller port as the HA control interface.
      • Enable tracking for the LAN port with a priority reduction value of 150.
    3. On the
      Spoke HA Configuration
      screen for the backup ION device:
      • Set
        Priority
        to 100.
      • Configure the controller port as the HA control interface.
      • Enable tracking for the LAN port with a priority reduction value of 100.

Recommended For You