Cisco SDWAN : Tunnel Groups

Cisco SDWAN : Tunnel Groups

In Cisco SD-WAN environment , tunnel groups enable enhanced flexibility and management in creating overlay tunnels between Transport Locator (TLOC) endpoints. By organizing tunnels into groups, administrators can establish tailored policies for connection formation, promoting efficient and secure network communication.

As you may know that in Cisco SD-WAN, cEdges are designed by default to create a full-mesh overlay by establishing tunnels to all other TLOCs, irrespective of their color. This behavior is thoroughly discussed in our lesson on TLOC colors. 

When a full-mesh topology is not desired, the restrict option can be used to limit tunnels to only those TLOCs sharing the same color. This feature is commonly applied on transports assigned private colors, as private clouds typically lack connectivity to public networks like the Internet. However, the TLOC color-restrict option has a key limitation: each WAN edge router can only designate one interface with a given color, which reduces its flexibility.

Example 

A common use case is when we aim to create groupings of meshed tunnels. All interfaces within the left tunnel mesh are assigned a group ID of 1, while those in the right tunnel mesh have a group ID of 2. The crucial aspect of this example is that the hub routers do not have tunnel-group IDs configured on their interfaces, allowing them to establish overlay tunnels with all other tunnel-group IDs.

Awesome Book you can purchase on SDWAN 
SD-WAN: Example-based Study Guide: Volume 1 

Here are the configurations on Site-1 and Site-2 

Here are the configurations on Site-3 and Site-4

The tunnel-group feature is designed to give more flexibility and granular control over the overlay tunnel establishments irrespective of the TLOC color. It works by assigning a tunnel group ID under a tunnel. Once the group-ID is configured under the TLOC, it obeys the following rules:

• TLOCs can only establish tunnels with remote TLOCs with the same tunnel-group IDs irrespective of the TLOC color.
• TLOCs with any tunnel-group ID will also form tunnels with TLOCs that have no tunnel-group IDs assigned.
• If the restrict-option is configured in conjunction with the tunnel-group option, then TLOCs will only form an overlay tunnel to remote TLOCs having the same tunnel-group ID and TLOC color

Continue Reading...

• Finding the Right SD-WAN Vendor for Your Business
• The Evolution: Exploring the Origins of SD-WAN discussions
• Discover the Power of Multitenancy with Versa SDWAN!
• Introduction to Silver-Peak SDWAN Solution
• Introduction to VeloCloud SD-WAN Solution
• Introduction to Palo Alto's Prisma (CloudGenix) SDWAN
• Introduction to Fortinet SDWAN

Cisco SDWAN 

• Cisco sdwan Manager (vManage) Alarms and Types
• Manual Bootstrap Tutorial for Cisco SD-WAN Edge Devices
• Introduction to Adaptive Qos in Cisco SDWAN
• Cisco Catalyst SDWAN: Inbound Vs Outbound Control Policy
• Features in Cisco Catalyst SDWAN release 20.13.x