Silver Peak EC-V and Microsoft Azure Deployment Guide

Similar documents
EdgeConnect for Amazon Web Services (AWS)

Silver Peak. AWS EC-V for Multi- Instance Inbound Load Balancing

Or chestrator VM Nutanix Acr opolis Hyper visor (AHV) Deploym ent Guide

VELOCITY. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Router Mode (Out-of-Path Deployment) Before You Begin

If you re not using VMware vsphere Client 5.1, your screens may vary.

Quick Start Guide. Microsoft Hyper-V Hypervisor. Router Mode (Out-of-Path Deployment) Before You Begin SUMMARY OF TASKS

Pexip Infinity and Amazon Web Services Deployment Guide

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

If you re not using VMware vsphere Client 4.1, your screens may vary. ITEM Example s Values Your Values

Quick Start Guide. Citrix XenServer Hypervisor. Router Mode (Out-of-Path Deployment) Before You Begin SUMMARY OF TASKS

If you re not using Citrix XenCenter 6.0, your screens may vary.

If you re not using Microsoft Hyper-V 2012, your screens may vary.

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

GMS. 1 Create and configure the virtual machine 2 Configure the virtual GMS server. Quick Start Guide. KVM Hypervisor.

VRX VIRTUAL REPLICATION ACCELERATOR

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Compact PC. Server Mode (Single-Interface Deployment) 4th Generation.

Pexip Infinity and Amazon Web Services Deployment Guide

XenServer Agility Plug-in

Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

From Zero Touch Provisioning to Secure Business Intent

If you re not using Microsoft Hyper-V 2012, your screens may vary.

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

SonicWall SonicOS 5.9

Dell SonicWALL SonicOS 5.9 Upgrade Guide

VRX VIRTUAL REPLICATION ACCELERATOR

Quick Start Guide. VMware vsphere / vsphere Hypervisor. Compact PC. Server Mode (Single-Interface Deployment) 4th Generation.

AltaVault Cloud Integrated Storage Installation and Service Guide for Cloud Appliances

Bare Metal. Quick Start Guide. Compact PC. Server Mode (Single-Interface Deployment) Before You Begin

July SonicWall SonicOS 6.2 Upgrade Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Quick Start Guide. KVM Hypervisor. Router Mode (Out-of-Path Deployment) Before You Begin SUMMARY OF TASKS VIRTUAL APPLIANCE

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

VPN Solutions for Zerto Virtual Replication to Azure. SoftEther Installation Guide

Quick Start Guide. KVM Hypervisor. Bridge Mode (In-Line Deployment) Before You Begin SUMMARY OF TASKS VIRTUAL APPLIANCE

GX-V. Quick Start Guide. Citrix Xen Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

Moxa Remote Connect Server Software User s Manual

Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

FusionHub. SpeedFusion Virtual Appliance. Installation Guide Version Peplink

NetApp Cloud Volumes Service for AWS

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

DOCUMENTATION. UVM Appliance Azure. Quick Start Guide

Polycom RealPresence Resource Manager System, Virtual Edition

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Quick Start Guide. KVM Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS VIRTUAL APPLIANCE

HySecure Quick Start Guide. HySecure 5.0

SonicWall Global VPN Client Getting Started Guide

Cisco VDS Service Broker Software Installation Guide for UCS Platforms

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

Oracle Corente Cloud Services Exchange. Corente Services Gateway Deployment Guide for Release 9.4.3

Wave 5.0. Wave OpenVPN Server Guide for Wave 5.0

MarkLogic Server. MarkLogic Server on Microsoft Azure Guide. MarkLogic 9 January, 2018

Proxy Protocol Support for Sophos UTM on AWS. Sophos XG Firewall How to Configure VPN Connections for Azure

Lab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501

LoadMaster for Azure Resource Manager. Feature Description

Polycom RealPresence Access Director System, Virtual Edition

Azure Compute. Azure Virtual Machines

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

How to Configure VNET peering with the F-Series Firewall

NGF0502 AWS Student Slides

FortiMail AWS Deployment Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

HYCU SCOM Management Pack for F5 BIG-IP

VPN Quick Configuration Guide. D-Link

SonicWall SMA 8200v. Getting Started Guide

VPN Solutions for Zerto Virtual Replication to Azure. IPSec Configuration Guide

FusionHub. Evaluation Guide. SpeedFusion Virtual Appliance. Version Peplink

Deploy the Firepower Management Center Virtual On the AWS Cloud

StarWind Virtual SAN AWS EC2 Deployment Guide

Installing the Nasuni Filer on the EC2 Platform. Version 7.9 July 2017 Last modified: July 10, Nasuni Corporation All Rights Reserved

Pexip Infinity and Google Cloud Platform Deployment Guide

Aviatrix Virtual Appliance

VPN Configuration Guide SonicWALL

Blue Coat ProxySG First Steps Transparent Proxy Deployments SGOS 6.7

BIG-IP TMOS : Implementations. Version

Deployment Overview. Logging via SiteManager EasyTunnel Client

VPN Configuration Guide. Cisco ASA 5500 Series

vanalytics Endpoint Monitoring Technical Deployment Guide for Real Time Endpoint Monitoring and Alerts

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Rapid Recovery License Portal Version User Guide

Step 3 - How to Configure Basic System Settings

Check Point vsec for Microsoft Azure

Networking Lecture 11

Quick Start Guide for Intel FPGA Development Tools on the Microsoft* Azure* Platform

Deploying Silver Peak Velocity with Dell Compellent Remote Instant Replay. November 2012

All rights reserved. All trademarks are the property of their respective owners.

ARCSERVE UDP CLOUD DIRECT DISASTER RECOVERY APPLIANCE VMWARE

Deploying Silver Peak Velocity with NetApp SnapMirror. October 2012

Firebox Cloud. Deployment Guide. Firebox Cloud for AWS and Microsoft Azure

Simplifying WAN Architecture

Deploying and Provisioning the Barracuda Web Application Firewall in the New Microsoft Azure Management Portal

Virtual Private Cloud. User Guide. Issue 03 Date

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Oracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0

ACE Live on RSP: Installation Instructions

Tanium Network Quarantine User Guide

vrealize Operations Management Pack for NSX for vsphere 3.5.0

Transcription:

Silver Peak EC-V and Microsoft Azure Deployment Guide How to deploy an EC-V in Microsoft Azure 201422-001 Rev. A September 2018

2

Table of Contents Table of Contents 3 Copyright and Trademarks 5 Support 6 Related Documentation 7 EdgeConnect Virtual (EC-V) in Microsoft Azure 8 Topology 9 Prerequisites 10 Deploy an EC-V using the Azure Portal 11 Configure your EC-V 17 Verify the MGMT0 interface settings 26 Disable WAN Next-hop health check 28 Approve the EC-V on the Orchestrator 29 Create the WAN0 network interface on the Azure Portal 35 Create the LAN0 network interface on the Azure Portal 38 Assign a public IP address to the WAN0 interface 42 Enable IP forwarding on the LAN0 network interface 43 Attach WAN0 and LAN0 vnics to the EC-V 44 Configure the EC-V for In-line Router Mode 47 Create a static route on the Azure Route Table 49 Add a route on the EC-V to advertise the workload's subnet 55 3

Verify end-to-end connectivity 57 4

Copyright and Trademarks Silver Peak EC-V and Microsoft Azure Deployment Guide Date: September 2018 Copyright 2018 Silver Peak Systems, Inc. All rights reserved. Information in this document is subject to change at any time. Use of this documentation is restricted as specified in the End User License Agreement. No part of this documentation can be reproduced, except as noted in the End User License Agreement, in whole or in part, without the written consent of Silver Peak Systems, Inc. Trademark Notification Silver Peak, the Silver Peak logo, and all Silver Peak product names, logos, and brands are trademarks or registered trademarks of Silver Peak Systems, Inc. in the United States and/or other countries. All other product names, logos, and brands are property of their respective owners. Warranties and Disclaimers THIS DOCUMENTATION IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SILVER PEAK SYSTEMS, INC. ASSUMES NO RESPONSIBILITY FOR ERRORS OR OMISSIONS IN THIS DOCUMENTATION OR OTHER DOCUMENTS WHICH ARE REFERENCED BY OR LINKED TO THIS DOCUMENTATION. REFERENCES TO CORPORATIONS, THEIR SERVICES AND PRODUCTS, ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. IN NO EVENT SHALL SILVER PEAK SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THIS DOCUMENTATION. THIS DOCUMENTATION MAY INCLUDE TECHNICAL OR OTHER INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE DOCUMENTATION. SILVER PEAK SYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENTATION AT ANY TIME. Silver Peak Systems, Inc. 2860 De La Cruz Boulevard Santa Clara, CA 95050 1.877.210.7325 (toll-free in USA) +1.408.935.1850 http://www.silver-peak.com/support 5

Support For product and technical support, contact Silver Peak Systems at either of the following: 1.877.210.7325 (toll-free in USA) +1.408.935.1850 www.silver-peak.com/support We re dedicated to continually improving the usability of our products and documentation. If you have suggestions or feedback for our documentation, send an e-mail to techpubs@silver-peak.com. If you have comments or feedback about the interface, send an e-mail to usability@silverpeak.com. 6

Related Documentation Release Notes provide information on new software features, system bugs, and software compatibility. All user documentation is available at http://www.silver-peak.com. 7

EdgeConnect Virtual (EC-V) in Microsoft Azure A Silver Peak EdgeConnect Virtual (EC-V) appliance can be deployed in Microsoft Azure to establish and enhance the WAN connectivity as well as accelerate the migration of data from branch offices and data centers to Azure. Your EC-V appliance can be created and launched from the Azure Marketplace using a Bring Your Own License (BYOL) model. NOTE While the Silver Peak EC-V can support more advanced deployments such as connecting to multiple WAN links, i.e., connecting to Azure ExpressRoute and internet simultaneously, this document only guides you through a simple deployment using an in-line router mode with a single WAN, LAN, and management interface. 8

Topology Below is a sample topology used for an EC-V deployment. Figure 1: Topology of an EC-V deployment with one WAN, LAN, and management interface 9

Prerequisites Ensure you have an existing Azure account. Deploy your Silver Peak Orchestrator. This step is recommended prior to deploying your EC-V. Ensure you have an existing Virtual Network (VNet) in Azure that contains at least two subnets for WAN0 and LAN0 interfaces. Although optional, we recommend you create a separate MGMT0 interface and then deploy it on a separate subnet from the WAN and LAN subnets. The EC-V deployment illustrated in this guide assumes that there is no pre-existing site-to-site VPN or ExpressRoute link between the Azure VNet and the on-premises network. If this is the case, you must assign a public IP address on WAN0 and MGMT0 interfaces to access the EC-V remotely. If you already have a site-to-site VPN or an ExpressRoute link between your VNet and the on-premises network, and you want to access the EC-V via those links, you do not need to assign a public IP address on any interfaces of the EC-V. 10

Deploy an EC-V using the Azure Portal You can deploy an EC-V from the Azure Marketplace using these different options. Through an existing Azure Resource Group or a new Azure Resource Group. Through an existing VNet or a new VNet. Our Azure subscription contains an existing Resource Group that is deployed in West US Azure region named EdgeConnect. It contains a VNet named EdgeConnect-VNet, which consists of four subnets, as shown in the figure 2. We will deploy the EC-V on the EdgeConnect Resource Group inside the Edge-Connect VNET VNET. TIP Your Azure workloads could exist either on the same VNet where you deploy the EC-V or on a different VNet. If you plan to deploy the EC-V on an existing VNet where you have already deployed workloads, you only need to create a static route(s) on the Azure Route Table to forward outbound traffic from your workload subnet(s) to the EC-V's LAN0 interface. For more information on how to create routes on the Azure Route Table, refer to Create a static route on the Azure Route Table. If the workloads are deployed on a different VNet than the VNet where you intend to deploy the EC-V, you need to connect the two VNets using the Azure VNet Peering, and then create a static route on the Azure Route Table to forward outbound traffic from your workloads VNet to the EC-V s LAN0 interface. As shown in figure 1, our workloads are running on the same VNet as the EC-V. Thus, VNet Peering is not configured in our deployment. Figure 2: Subnets of an existing VNet 11

1. Log on to the Azure Portal. 2. Go to your existing Resource Group that you selected for the EdgeConnect deployment, and click the +Add icon. Figure 3: Resource Group page 3. From the Search text box, type Silver Peak Unity EdgeConnect and select the latest version of EdgeConnect, and click Create. Figure 4: Search for EdgeConnect on the Azure Marketplace 4. From the Create virtual machine page, you will see a series of blades to your left, with the Basics blade highlighted, as shown in figure 5. 12

Figure 5: Create virtual machine page Refer to the tables to enter settings for each blade. 13

1 Basics-Configure basic settings Name VM disk type Username Authentication type Password Confirm password Subscription Resource group Location Settings Enter a descriptive name for your EC-V Premium SSD Enter any name other than 'admin' Password Enter a valid password other than 'admin' Confirm your password Pay-As-You-Go Select Create new or Use existing Select an Azure region where you want to deploy your EC-V 2 Size-Choose virtual machine size VM size Settings The size should match the WAN bandwidth and the number of interfaces required on the EC-V. For our example, we select Standard DS_v2. NOTE You can find the list of recommended instance types for the EC-V deployment in Azure by clicking the following link: EC- V Host Requirements Guide. You are not required to choose an instance type on the recommended instance types column of the guide so long as your EC-V meets the CPU, RAM, interface bandwidth, and vnic requirements. 3 Settings-Configure optional features High Availability Storage Settings Availability zone: Not required. You are only deploying one EC- V. NOTE If you are deploying multiple EC-Vs for high-availability, you must deploy each EC-V in a unique Availability Zone. Availability set: Not required. You are deploying one EC-V. NOTE If you are deploying multiple EC-Vs for high-availability, you must deploy each EC-V on the same Availability Set. Use managed disks:yes 14

Network Auto-shutdown Monitoring Managed service identity Virtual network: Select a VNet. Subnet: Select a subnet to deploy the MGMT0 interface. NOTE If you do not want a MGMT0 interface on the EC-V, you must select the WAN0 subnet. Public IP address: Leaving the default setting creates a new, basic, dynamic public IP address for the MGMT0 vnic. If you require a static public IP address for the MGMT0 interface, feel free to change the setting from Dynamic to Static. Network Security Group (firewall): Leaving the default NSG rules for the MGMT0 vnic allows all incoming SSH, HTTP, and HTTPS traffic to it. NOTE We recommend tightening the security rules to allow incoming traffic only from your network. After you approve the EC-V on the Orchestrator, you can remove all inbound security rules on the MGMT0 NSG and access the EC-V via the Orchestrator. Enable auto-shutdown: Off Boot diagnostics: Enabled Diagnostics storage account: Select a diagnostic storage account Register with Azure Active Directory: No 5. When blade 4-Summary appears, review the details of your configuration, and click Create. The Azure Dashboard appears as the EC-V begins to deploy. 6. To view the progress of the VM deployment, you can monitor the Resource Group you created earlier by clicking Resource Groups. 7. Select the name of the Resource Group that you selected for the EC-V and allow a couple of minutes for the virtual machine (EC-V) to appear. The following screen display the resources in your Resource Group after the VM is created successfully. 15

Figure 6: Displayed resources related to the EC-V You are now ready to configure your the EC-V using the Appliance Manager. 16

Configure your EC-V 1. Before you can configure your EC-V, locate its public IP address from the Azure Portal, as shown in figure 7. Make note of the MGMT0 public IP address. Figure 7: Location of EC-V public IP address 2. In a web browser, enter https://mgmt0_public_ip. The Appliance Manager login page appears. When prompted, enter the default username and password, admin, admin. NOTE Do not log in with the username and password you created for the EC-V on the Azure Portal. The Configuration Wizard appears. NOTE If you need to open the Configuration Wizard later, click Configuration: Initial Config Wizard. 17

Figure 8: Configuration Wizard 3. Click Next on the Welcome page. The Hostname, DHCP, DNS page opens. 18

Figure 9: Hostname, DHCP, DNS page 4. Enter an Appliance Hostname, Primary DNS IP, and click Apply & Next. The License & Registration page opens. 19

Figure 10: License and Registration page 5. Enter the Account Name and Account Key, and click Apply & Next. The Deployment Mode page opens. 20

Figure 11: Deployment page 6. Leave the default settings as is, and click Apply & Next. NOTE After you add the vnics for WAN0 and LAN0 from the Azure Portal in later steps, you will change the deployment mode from Server to Router. Until then, keep the deployment mode as Server. The Tunnels to Peers page opens. 21

Figure 12: Tunnels to Peers page 7. Select the Use shared subnet information checkbox. 8. Deselect Automatically establish tunnels checkbox, and click Apply & Next. The Date & Time page opens. 22

Figure 13: Date and Time page 9. Set the Time Zone, and click Apply & Next. The Change Password page opens. 23

Figure 14: Password page 10. Enter and confirm a strong password, and click Apply & Next. The Finish page opens. 24

Figure 15: Finish page 11. Click Done. 12. Return to the top of the Application Manager UI, and click Save Changes. Figure 16: Save Changes You are now ready to verify the MGMT0 interface settings. 25

Verify the MGMT0 interface settings Follow these steps to verify the MGMT0 interface settings. 1. From the Application Manager UI, click Configuration: Interfaces page to view the current address assignment of the MGMT0 interface. Figure 17: Verify interface settings 2. When the Interfaces page opens, note that the MAC address, private, and public IPs are properly assigned on the MGMT0 interface, as shown in Figure 18. 26

Figure 18: Verify interface settings You are now ready to disable the WAN Next-hop health check. 27

Disable WAN Next-hop health check Follow these steps to disable the WAN Next-hop. 1. From the Application Manager UI, click Major under Severity of the Alarm row. This indicates that the MGMT0 next-hop is unreachable. Figure 19: Alarms 2. The EC-V appliance sends an ICMP packet on each of its interfaces to verify if the next-hop is reachable once every 10 seconds. The Azure next-hop router does not respond to incoming ICMP traffic, which triggers the next-hop alarm on the EC-V. Disable this next-hop monitor alarm by selecting Configuration: Systems, and uncheck the Enable Health Check checkbox. Figure 20: WAN NextHop Health Checks 3. Click Apply to save your changes. You are now ready to approve the EC-V on the Orchestrator. 28

Approve the EC-V on the Orchestrator By now, the EC-V has communicated with the Silver Peak Cloud Portal and should appear on your Orchestrator as a new appliance that is ready to be added to the SD-WAN fabric. Follow the steps below to approve your EC-V. 1. Log on to your Orchestrator, and click Appliances Discovered. Figure 21: Appliances Discovered 2. From the Discovered Devices screen, click Approve. Figure 22: Approve Device 3. From the Appliance Wizard screen, complete the Appliance Setup details, and click Next. 29

Figure 23: Appliance Setup Details 4. From the Appliance Setup screen, select a deployment profile or skip, and click Next. 30

Figure 24: Deployment profile screen 5. From the Appliance Setup screen, check the Use shared subnet information checkbox, uncheck Automatically include local subnets, and click Next. 31

Figure 25: Add Local Subnets 6. From the Appliance Setup screen, select the necessary Business Intent Overlays and the Template Groups that need to be applied on the EC-V, and click Apply. 32

Figure 26: Apply Business Intent Overlays and Template Groups 7. After the configuration is applied successfully, you should see a similar status, as shown in figure 27. Click Close once you are done reviewing. 33

Figure 27: Applying Configuration You have successfully added the EC-V to the SD-WAN fabric. The next task is to create and assign the LAN0 and WAN0 vnics on the Azure Portal. 34

Create the WAN0 network interface on the Azure Portal Follow these steps to create and assign the WAN0 network interface on the Azure portal. 1. Log back into the Azure Portal, go to Resources groups, and select the resource group where the EC-V was deployed, and click Add. Figure 28: Resource Group screen 2. On the Search text box, type network interface, and select the Network inteface resource. Figure 29: Add network interface resource 3. Click Create. The Create Network Interface blade opens. Refer to the table to enter the settings. 35

Create Network Interface Name Virtual Network Subnet Private IP address assignment Private IP address Network security group Settings Enter a descriptive name for the WAN0 vnic Select the VNet where you deployed the EC-V Select WAN0 subnet Select Static Enter a private IP address that belongs to the WAN0 subnet address space Create a new network security group and add the following rules to it. Inbound rules: UDP 500, UDP 4500, UDP 10002. If you are using a different port on the Orchestrator Overlay Manager Settings page for the IPsec UDP tunnels, you need to specify that port instead of UDP 10002 port. Please refer to figure 30 for a list of recommended settings for inbound security rules. Outbound rules: Allow all outbound. Please refer to figure 33 for a list of recommended settings for outbound security rules. Subscription: Select your subscription Resource group: Select the resource group where you deployed the EC-V Location: Select the location of your resource group 4. Click Create. NOTE The inbound security rules that are created here are strictly for allowing the EdgeConnect device to establish IPsec_UDP tunnels with other EdgeConnect devices. 36

Figure 30: Outbound security rules screen 37

Create the LAN0 network interface on the Azure Portal Follow these steps to create the LAN0 network interface on the Azure Portal. 1. Click +Add on the Resource Group page to create the LAN0 network interface. Figure 31: Resource Group screen 2. On the Search text box, type network interface, and select the Network inteface resource. Figure 32: Add network interface resource 3. Click Create. The Create Network Interface blade opens. Refer to the table to enter the settings. 38

Create Network Interface Name Virtual Network Subnet Private IP address assignment Private IP address Network security group Settings Enter a descriptive name for the LAN0 vnic Select the VNet where you deployed the EC-V Select LAN0 subnet Select Static Enter a private IP address that belongs to the LAN0 subnet address space Create a new network security group and add the following rules to it. Inbound rules: Allow all inbound traffic Note: Because the LAN0 interface does not have a public IP attached to it, it is not exposed to the internet. Thus, it is safe to allow all inbound traffic through it. Outbound rules: Allow all outbound Subscription: Select your subscription Resource group: Select the resource group where you deployed the EC-V Location: Select the location of your resource group 39

Figure 33: Inbound security rules screen 4. Verify that your vnics and Network Security Groups are added successfully by selecting the Resource Group blade to review your resources. 40

Figure 34: Verify newly-added network interfaces and Network Security Groups 41

Assign a public IP address to the WAN0 interface Follow these steps to assign a public IP address to the WAN network interface. 1. From the Azure Portal, click WAN vnic. 2. Under Settings, click IP configurations. 3. Click ipconfig1, and select Enabled under the public IP address settings. 4. Under IP address, click Configure required settings, and then click Create new. 5. Enter a descriptive name for the public IP address, and select Basic under SKU. 6. Select Static under Private IP address settings assignment. Figure 35: IP Configuration screen 7. Click Save to save the configuration. You are now ready to enable IP forwarding on the LAN0 network. 42

Enable IP forwarding on the LAN0 network interface Follow these steps to enable IP forwarding on the LAN0 network interface. 1. From the Azure Portal, click LAN0 vnic. 2. Under Settings, click IP configurations, and select Enabled under the IP forward settings. Figure 36: IP Configuration screen 3. Click Save to update the configuration. You are now ready to attach WAN0 and LAN0 vnics to the EC-V. 43

Attach WAN0 and LAN0 vnics to the EC-V Follow these steps to attach WAN0 and LAN0 vnics to the EC-V. 1. Power OFF the EC-V before you attach the WAN0 and LAN0 to it. 2. Once the EC-V is powered OFF, select Networking under Settings, and click Attach network interface. Figure 37: Networking screen 3. Select the WAN0 vnic, and click OK. 44

Figure 38: Select WAN0 vnic 4. Similarly, repeat steps 2 and 3 to attach the LAN0 vnic to the EC-V. Figure 39: Select LAN0 vnic 5. Power ON the EC-V. 6. Check the MAC addresses of the newly attached vnics by selecting the EC-V and clicking Networking under Settings. NOTE You will need to refer to these MAC addresses when you configure the EC-V for in-line router mode so make a note of them. 7. Click the WAN0 vnic and select Properties under SETTINGS. 45

Figure 40: Checking Mac Address 8. Similarly, check the LAN0 vnic's MAC address. You are ready to configure the EC-V for in-line router mode. 46

Configure the EC-V for In-line Router Mode Follow these steps to configure the EC-V for In-line Router Mode. 1. Log on to your Orchestrator. 2. Go to the Configurations: Interfaces page on the EC-V and assign the WAN0 and LAN0 MAC addresses accordingly. Figure 41: IP Configuration screen 3. Click Apply to save the changes. The Reboot Required and Saved Changes button appear on the top of the UI. 4. Click Save Changes, but DO NOT click Reboot Required. Figure 42: Save Changes 5. Go to Configuration: Deployment to open the deployment page, and click Router. 47

Figure 43: Deployment page 6. Click +Add to create a LAN0 interface and a WAN0 interface. Check the LAN0 IP address from the Azure Portal. 7. Under LAN0 IP/Mask textbox, type the private IP address and the subnet mask of the LAN0 interface. 8. For Next Hop, enter the first IP address of the address prefix. Since our LAN0 subnet mask is 10.6.3.0/24, the first IP address of that range is 10.6.3.1. Azure sets the first IP address of a subnet as the gateway of that subnet. 9. Similarly, for WAN0 IP/Mask textbox, type the private IP address and the subnet mask of the WAN0 interface. 10. For Next Hop, enter the first IP address of the address prefix. 11. Enter the Total Outbound and Total Inbound bandwidth (Kbps) for the WAN0 interface and click Calc. 12. Set WAN0 Firewall to Stateful+SNAT. 13. Enable NAT. This allows the Orchestrator to use the WAN0 public IP address as the tunnel endpoint when establishing tunnels to the WAN0 interface. 14. Click Apply. Once prompted, reboot the VM. 15. Click Apply & Reboot. 16. After the VM reboots, go to the Configuration: Interfaces page and verify that the WAN0 public IP address appears in the table. You have successfully configured the EC-V for in-line router mode. Proceed to the next section to create a static route on the Azure Route Table. 48

Create a static route on the Azure Route Table Follow these steps to create a static route on the Azure Route Table to forward outbound traffic from Azure workloads to the EC-V. 1. From the Azure Portal, go to the Resource Group and click +Add. 2. In the search text box, type route table, and select the Route table in the Results section. Figure 44: Route table selection 3. When the Create route table screen opens, refer to the table to enter the settings. Route table Name Subscription Resource Group Location BGP route propagation Settings Enter a descriptive name for your route Pay-As-You-Go Select your existing Resource Group Select an Azure region where you want to create the route table Disabled 49

Figure 45: Create route table screen 4. Click Apply to save the changes. 5. Once the route table is created, click Routes under SETTINGS and click +Add. 50

Figure 46: Add a route table 6. When the Add route table page opens, refer to the table to enter the settings. Add Route Route name Address prefix Next-hop type Next-hop address Settings Enter a descriptive name for your route Enter the destination address prefix as shown in figure 1, the destination subnet of our example is 10.3.2.0/24. Virtual appliance Enter the local EC-V s LAN0 IP address 51

Figure 47: Add routes 7. Click OK. Any outbound traffic that s destined to the 10.3.2.0/24 network is now sent to the EC- V s LAN0 interface. 8. To associate the workloads subnet to the route table, click Subnets under SETTINGS and click +Associate. 52

Figure 48: Associate the workloads subnet The Associate subnet page opens. 53

Figure 49: Associate workloads subnet page 9. Under Virtual Network, select the VNet where your workloads reside. 10. Under Subnet, select the subnet where your workloads reside. 11. Click OK to associate the workloads subnet to the route table. You have successfully created a static route on the Azure Route Table. Refer to the next section to add a route on the EC-V to advertise the workload's subnet. 54

Add a route on the EC-V to advertise the workload's subnet For the remote EdgeConnect devices to learn the Azure workload s subnet, you must enter it on the Azure EC-V s Routes page as a local subnet. The Silver Peak-proprietary Subnet Sharing protocol advertises this subnet to other EdgeConnect devices on the SD-WAN fabric so they can send traffic to the Azure workload. Follow these steps to add a route on the EC-V to advertise the workload's subnet. 1. Open the Add Routes page of the Azure EC-V. Figure 50: Add Route Workload 2. Refer to the table to enter the settings in the Add Route page. Add Route Subnet/Mask Settings Enter the Azure workload s subnet 55

Next Hop Metric Advertise to Silver Peak Peers Advertise to BGP Peers Advertise to OSPF Neighbors Tag Comments Exclude Enter the LAN0 next-hop IP address Leave the default metric Check Optional Optional Optional Optional Leave default setting You have successfully added a route on the EC-V to advertise the workload's subnet. Refer to the next section to verify your end-to-end connectivity. 56

Verify end-to-end connectivity To verify that outbound traffic from the Azure workloads is received by the Azure EC-V, login to a workload deployed on the workloads subnet and run the traceroute to any IP address on the destination address space. As per the output of the following traceroute command, the traffic is successfully reaching the remote workload via IP address 10.6.3.4, which is the LAN0 interface of the local Azure EC-V instance. This confirms that the Azure EC-V receives outbound traffic sent from the Azure workload. Figure 51: Verify end-to-end connectivity You can also confirm the end-to-end connectivity of the traffic by accessing the Monitoring: Flow page. Figure 52: Flows page Now that the outbound traffic redirection is set up correctly in Azure and you can send traffic end-toend, you may create the necessary Business Internet Overlays (BIO) and other traffic policies in the Silver Peak Orchestrator. For more information about creating BIOs, refer to Building Business Overlays. For a general overview of BIOs, refer to About Business Overlays. 57

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback