Cisco Viptela SDWAN: DIA NAT & Tracker via CLI
Today we are going to discuss about the configuration of the tracker on the interface in Cisco Viptela vEdge devices.
Purpose of the Tracker on the interface
As the name suggest, the purpose of the tracker is to track the status of transport interfaces that connect to the internet.
Why tracker is required in Cisco Viptela SDWAN?
As we know we enable NAT on our transport interface in order to send the traffic via the local internet on the site, so that we can save the traffic to be pushed on the datacenters and then exit to the internet.
So now let's think the scenario where your local internet fails and the router has no understanding as it works with the centralized policies defined on the vManage and it continues to forward traffic based on the policy rules. The result is that traffic that is being forwarded to the internet is silently dropped.
So then, this is a situation where our packets will be dropped if they are allowed to go via local internet and to prevent the internet-bound traffic from being dropped, you can configure the router to track the status of the transport interface and to redirect the traffic to the non-NATed tunnel on the transport interface when the local internet is unavailable.
 |
| Fig 1.1- Cisco Viptela DIA NAT Tracker |
How tracker works in case of failure of local internet?
With the tracker parameter, the router periodically probes the path to the internet to determine whether it is up. When it detects that the path is down, the router withdraws the NAT route to the internet destination, and reroutes the traffic to the non-NATed tunnel on the interface so that another router in the overlay network can forward the traffic to the internet.
The local router continues to periodically check the status of the path to the interface. When it detects that the path is again functioning, the router reinstalls the NAT route to the internet.
Configurations for tracker on the vEdge
NDNA_vEdge(config)# system
NDNA_vEdge(config-system)# tracker NDNA_internet (tracker-name)
NDNA_vEdge(config-tracker)# endpoint-dns-name www.thenetworkdna.com (dns-name)
NDNA_vEdge(config-tracker)# endpoint-ip 8.8.8.8 (ip-address)
NDNA_vEdge(config-tracker)# interval seconds
NDNA_vEdge(config-tracker)# multiplier number
NDNA_vEdge(config-tracker)# threshold milliseconds
To apply a tracker to a transport interface:
NDNA_vEdge(config)# vpn 0
NDNA_vEdge(vpn)# interface ge2/0 (interface-name)
NDNA_vEdge(interface)# tracker NDNA_internet (tracker-name)
Points to be noted
- Tracker name can be up to 128 lowercase characters
- At a minimum, you must specify the IP address or DNS name of a destination on the internet. This is the destination to which the router sends probes to determine the status of the transport interface. You can configure either one IP address or one DNS name.
- By default, a status probe is sent every minute (60 seconds). To modify this value, change the time in the interval command to a value from 10 through 600 seconds.
- By default, the router waits 300 milliseconds to receive a response from the internet destination. To modify the time to wait for a response, change the time in the threshold command to a value from 100 through 1000 milliseconds.
- By default, after sending three probes and receiving no responses, the router declares that transport interface is down. To modify the number of retries, change the number in the multiplier command to a value from 1 through 10.
- You can configure up to eight interface trackers.
