The traffic will go down when enabled "Non SD-WAN Destination (NSD) via Edge" and set site subnets
search cancel

The traffic will go down when enabled "Non SD-WAN Destination (NSD) via Edge" and set site subnets

book

Article ID: 380965

calendar_today

Updated On:

Products

VMware VeloCloud SD-WAN

Issue/Introduction

If a customer enabled "Non SD-WAN Destination (NSD) via Edge" and set site subnets, there is a possibility that other Edges's traffic to the subnets will go down.

Environment

Velocloud SDWAN, VMware SDWAN, Non SD-WAN Destination (NSD) via Edge

Cause

This is because the site subnet is installed as the highest priority route in the route table.
The conditions under which the issue occurs are follows

  • Affected Edges are communicating with the destination IP address the site subnet includes.
  • Affected Edges are connecting VCMP path to the Edge with "NSD via Edge" being enabled.
    i.e. If the Edge with "NSD via Edge" is a HUB, Branches are affected.
          If the Edge with "NSD via Edge" is a Branch, HUB of the Edge and a Branch with Dynamic Branch to Branch VPN being enabled are affected.

Reasons for the impact

For example, in the case of setting the site subnet to 0.0.0.0/0, we explain here.
Phase 1. b1-edge1 was sending internet traffic through the gateway (VCG).

   

Phase 2. b2-edge1 enabled "NSD via Edge" and set the site subnet to 0.0.0.0/0. This action resulted in b2-edge1 advertising the 0.0.0.0/0 route via overlay.
*Advertising site subnets via overlay is SD-WAN Edge specification, so this cannot be stopped.

   


Phase 3. On b1-edge1, the 0.0.0.0/0 route with "Type: Edge and Destination Name: b2-edge1" has been added to the route table as the highest priority route.

   

Phase 4. b1-edge1 sends the internet traffic through b2-edge1 to NSD

   

At this time, b1-edge1 traffic to the internet will go down. This is due to the fact that the internet traffic that was previously transferred via the Gateway will now be transferred via the NSD, the source global IP address will change. As a result of this change, the internet traffic such as a file transfer will be temporarily suspended. Furthermore, if the customer is filtering by the source global IP address on cloud service, the traffic from a new source global IP address will be filtered.

 

Resolution

When setting site subnets, please consider the potential impact on traffic and implement the change to the change a configuration during the maintenance window.

If you wish to avoid affecting other Edges, you can disable site subnets and utilize Business Policy on the Edge with "NSD via Edge" being enabled.
In such case, please select Action -> Network Service -> Internet Backhaul -> Non SD-WAN Destination via Edge in Business Policy .