Cisco SDWAN: Breaking Down Communication Between TLOC Colors

Cisco SDWAN: Breaking Down Communication Between TLOC Colors

Have you ever wondered how Cisco SDWAN devices communicate with each other? Well, wonder no more! Let's dive into the nitty-gritty of how WAN edge devices understand whether they are behind a NAT device and what their NATed address and port are during the authentication process with the vBond orchestrator.

First things first, let's talk about the STUN protocol. This little gem is used to help WAN edge devices identify whether they are behind a NAT device. 

What is STUN ?

A client submits a request to a server using the client-server protocol STUN, which employs a request/response transaction in which the server responds to the client. The source IP address and port of the packet are changed by the NAT as the request (also known as a STUN Binding Request) travels through it. 

As a result, the request will be sent to the STUN server using the public IP address and port that the nearest NAT device has generated.

The STUN server then delivers the STUN Binding response back to the client by copying the public address into an XOR-MAPPED- ADDRESS attribute. 

The public address/port in the IP header will be un-NATted back to the private ones when it passes through the NAT again, but the public address copy in the STUN response's body won't change. The client can discover the IP address that the outermost NAT assigned it in relation to the STUN server in this way.

Breaking Down Communication Between TLOC Colors
Fig 1.1- Breaking Down Communication Between TLOC Colors

Check out below in detail about NAT Traversal in the article
Cisco Viptela SDWAN: vBond as Orchestration Plane

Now, let's talk about TLOCs (Transport Locators). Each TLOC has a private/public address and port. If there's no NAT present, both the private and public addresses will be the same. However, if a NAT device is present along the path, the private address reflects the native interface IP, and the public address represents the post-NAT address. Simple, right?

More about TLOC ...
Purpose of TLOC in Cisco Viptela SDWAN

But what happens when two Cisco SDWAN devices try to build an overlay tunnel? Well, the colors at both ends are used to determine which IP address to use. Even if only one of the colors is public, the WAN edge devices will still attempt to form the data plane tunnel using the public IP addresses. However, if the TLOC color at both ends is private, the WAN edge devices will attempt to form the data plane tunnel using their private IP addresses.

Now, you may be wondering why this is so important. Picture this: WAN edge devices communicate directly with address over a private cloud, such as MPLS. At the same time, they access the control plane through the same cloud via Network Address Translation. 

In this situation, data plane tunnels between TLOCs marked with private colors are formed using private IP addresses. It's essential to ensure that communication is seamless and secure.

So, there you have it! A breakdown of how Cisco SDWAN devices communicate with each other. Remember, understanding the intricacies of how your network operates is crucial to ensuring everything runs smoothly.

Continue Reading...