Contents
- Transport services
- Point-to-Point (P2P) transport service
- Point-to-Multipoint (P2M) transport service
- Multipoint-to-Multipoint (M2M) transport service
- Adding a transport service in a CPE template
- Editing a transport service in a CPE template
- Deleting a transport service from a CPE template
- Scenario: Directing application traffic to a transport service
Transport services
Transport services, which are mechanisms used to transfer traffic between remote locations, play a critical role in ensuring reliable, efficient, and secure communication throughout the SD-WAN infrastructure. Transport services are constructed on top of segments and consist of service interfaces.
Kaspersky SD-WAN supports creating the following transport services:
- Point-to-Point (P2P)
- Point-to-Multipoint (P2M)
- Multipoint-to-Multipoint (M2M)
When creating transport services, you can add reserve service interfaces. Reserve and primary service interfaces can be created on the same CPE device. A reserve service interface makes it possible to continue data transfer in the event of a failure of the primary service interface.
The settings of each individual transport service form a service topology that determines the type of connectivity between client devices connected to standard CPE devices and SD-WAN gateways.
Point-to-Point (P2P) transport service
Point-to-Point (E-line in the MEF classification, hereinafter also referred to as the P2P service) is a transport service within involves establishing a connection between two service interfaces of CPE devices on top of an Ethernet network for efficient and secure communication without the use of intermediate network devices. This is especially relevant when using applications that must transmit information in real time or exchange large files.
When creating a P2P service, you must specify the service interface that sends traffic (hereinafter referred to as the source interface) and the service interface that receives traffic (hereinafter referred to as the destination interface).
Creating a P2P service
Before creating a P2P service, you must complete the following steps:
- Activate CPE devices.
- Create a constraint (Manual-TE or threshold).
- Create service interfaces.
- Create a traffic filter.
- Create a QoS rule.
To create a P2P transport service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2P services section.
A table of P2P services is displayed.
- In the upper part of the page, click + P2P service.
- This opens a window; in that window, in the Name field, enter the name of the transport service.
- In the Constraint drop-down list, select a previously created constraint that you want to add to the transport service.
- In the Balancing mode drop-down list, select the balancing mode for evenly distributing traffic among the links to prevent congestion of individual links and prevent performance issues for users:
- Per-flow — Balancing across flows (sessions). During transmission, flows are evenly distributed across the links. This is the default setting.
- Per-packet — Per-packet balancing. During transmission, packets are distributed evenly across the links.
- Broadcast — Packets are sent to all links simultaneously to prevent losses.
- If necessary, in the Description field, enter a brief description of the P2P service.
- In the Switch and Port drop-down lists on the left, select the CPE device and the service interface created on it that you want to use as the source interface.
- In the Switch and Port drop-down lists on the right, select the CPE device and the service interface created on it that you want to use as the destination interface.
- To display service interfaces that were previously added to transport services in the Port drop-down lists, select the Show used interfaces check box. This check box is cleared by default.
- To swap the values selected in the Port drop-down list for the source interface and the destination interface, select the Switch interfaces check box. This check box is cleared by default.
- If necessary, add a backup source interface through which traffic must be transmitted if the primary interface goes out of service:
- Select the Use backup interface check box. This check box is cleared by default.
- In the Backup switch and Backup port drop-down lists, select the CPE device and the service interface created on it that you want to use as the reserve service interface.
- To display service interfaces that were previously added to transport services in the Backup port drop-down list, select the Show used interfaces check box. This check box is cleared by default.
If the primary service interface goes back online, the transport service continues to use the reserve service interface.
- In the Inbound filter drop-down lists on the left and right, select the previously created traffic filter for the source and destination interfaces.
- In the QoS drop-down list, select the previously created QoS rule for the source interface.
- If you need to monitor the status of both service interfaces and when one of them becomes disabled, automatically disable the other, select the Propagate interface status check box. This check box is cleared by default. This check box cannot be selected when the Use backup interface check box is selected.
When the service interface that was disabled first goes back online, the second service interface that was automatically disabled also resumes operation. This functionality works only if the Access encapsulation type is used on the service interfaces. The encapsulation type is selected when creating the service interface.
- Click Create.
The P2P service is created and displayed in the table.
Page topEditing a P2P service
To edit a P2P service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2P services section.
A table of P2P services is displayed.
- Click Management next to the P2P service and in the drop-down list, select Edit.
- This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating a P2P service.
- Click Save.
Deleting a P2P service
Deleted P2P services cannot be restored
To delete a P2P service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2P services section.
A table of P2P services is displayed.
- Click Management next to the P2P service and in the drop-down list, select Delete.
- If you need to delete the service interfaces added to the P2P service, select the Delete associated service interfaces check box in the confirmation window.
- Click Delete.
The P2P service is deleted and is no longer displayed in the table.
Page topViewing statistics of a P2P service
To view the statistics of a P2P service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2P services section.
A table of P2P services is displayed.
- Click Management next to the P2P service and in the drop-down list, select Statistics.
This opens a window with statistics of the P2P service.
Page topConfiguring the display of devices in a P2P service topology
To configure the display of devices in a P2P service topology
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2P services section.
A table of P2P services is displayed.
- Click Management next to the P2P service and in the drop-down list, select Service topology.
This opens a window with the P2P service topology.
- If you need to change the relative position of CPE devices in the topology, use the following buttons in the upper part of the window:
- Manual to manually change the relative position of CPE devices.
- Automatically to select one of the values in the drop-down list to automatically generate the transport service topology:
- Physical simulation — CPE devices are arranged in the diagram approximately in accordance with their actual location relative to each other. For example:
- Random — The arrangement of CPE devices is randomized. For example:
- Circle — Devices are arranged in accordance with a ring topology. For example:
- Breadthfirst — CPE devices are arranged horizontally. For example:
- Concentric — CPE devices are arranged concentrically. For example:
- Grid — CPE devices are arranged in accordance with a grid topology. For example:
- Physical simulation — CPE devices are arranged in the diagram approximately in accordance with their actual location relative to each other. For example:
- If you want to display labels of CPE devices, select the following check boxes:
- Name
- IP address
These check boxes are cleared by default.
- If necessary, display the links used in a segment of two CPE devices:
- Select the Segments check box. This check box is cleared by default.
- Select devices from the drop-down lists below or in the diagram.
- To open the window with control buttons and additional information about the CPE device or link, click the icon of the device or link.
Restarting a P2P service
You may need to restart a P2P service if a problem occurs during its operation (for example, with the network connection) or if changes made to the current configuration necessitate a restart.
To restart a P2P service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2P services section.
A table of P2P services is displayed.
- Click Management next to the P2P service and in the drop-down list, select Reprovision.
- In the confirmation window, click Reprovision.
This opens a window with a success message about the restart of the P2P service. The SD-WAN Controller adds the P2P service to all CPE devices that were previously used in this service.
Page topPoint-to-Multipoint (P2M) transport service
Point-to-Multipoint (E-tree in the MEF classification, hereinafter also referred to as the P2M service) is a transport service involving a single service interface of a CPE device transmitting traffic in a centralized way to multiple interfaces on top of an Ethernet network based on a tree topology.
The hierarchical structure of the P2M service simplifies network management, ensures the reliability of data transfer without duplication, and improves the scalability of the network by accommodating new devices.
When creating a P2M service, you must assign one of the following roles to each service interface:
- Root is a service interface that can send traffic to interfaces with any role. At least one service interface must be assigned this role.
- Leaf is a service interface that can send traffic only to interfaces with the Root role.
Frames complying with the IEEE 802.1Q and 802.1AD standards can be transmitted.
Creating a P2M service
Before creating a P2M service, you must complete the following steps:
- Activate CPE devices.
- Create a constraint (Manual-TE or threshold).
- Create service interfaces.
- Define the topology of the transport service and assign roles to service interfaces.
- Create a traffic filter.
- Create a group of OpenFlow interfaces.
- Create a QoS rule.
To create a P2M transport service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- In the upper part of the page, click + P2M service.
- This opens a window; in that window, in the Name field, enter the name of the transport service.
- In the Constraint drop-down list, select a previously created constraint that you want to add to the transport service.
- In the Balancing mode drop-down list, select the balancing mode for evenly distributing traffic among the tunnels to prevent congestion of individual tunnels and prevent performance issues for users:
- Per-flow — Balancing across flows (sessions). During transmission, flows are evenly distributed across the tunnels. This is the default setting.
- Per-packet — Per-packet balancing. During transmission, packets are distributed evenly across the tunnels.
- Broadcast — Packets are sent to all tunnels simultaneously to prevent losses.
- In the MAC learn mode drop-down list, select the action to apply to a series of frames when the first frame is sent to the SD-WAN controller to learn the source MAC address:
- Learn and flood means the controller remembers the MAC address of the source and checks for the presence of the destination MAC address in the MAC address table. If the destination MAC address is not in the table, the series of frames is sent to all service interfaces added to the transport service, except for the interface on which the series of frames originally arrived. This is the default setting.
- Learn and drop means the controller remembers the MAC address of the source and checks for the presence of the destination MAC address in the MAC address table. If the destination MAC address is not in the table, the series of frames is dropped.
In both cases, if the destination MAC address is present in the MAC address table, the series of frames is sent to the corresponding service interface.
- In the MAC age (sec.) field, enter the time period in seconds during which entries are kept in the MAC table on the SD-WAN Controller. Range of values: 10 to 65,535. The default setting is
300
. - In the MAC table overload drop-down list, select the policy for processing new MAC addresses when the MAC table SD-WAN Controller is full:
- Flood means traffic with destination MAC addresses that have not been learned previously is transmitted as BUM traffic (Broadcast, unknown-unicast, and multicast). This is the default setting.
- Drop means that traffic with previously destination MAC addresses that have not been learned previously is dropped.
- In the MAC table size field, enter the maximum number of entries in the MAC table on the SD-WAN controller. Range of values: 0 to 65,535.
0
means the number of entries is not limited. The default setting is100
. - In the Mode drop-down list, select whether you want to use the Default Forwarding Interface (hereinafter referred to as DFI) in the transport service. If the DFI role is assigned to a service interface, all unknown unicast traffic is sent to that service interface. Possible values:
- Classic if you do not want to use DFI. This is the default setting.
- DFI with FIB on root and leafs if you want to use DFI on the service interface with the Root role. The number of service interfaces with the Leaf role is not limited. Backup service interfaces can be added for each service interface.
- DFI with FIB on leaf if you want to use DFI on the service interface with the Root role. The number of service interfaces with the Leaf role is not limited. Service interfaces with the Leaf role must be on the same CPE device. Backup service interfaces can be added for each service interface. Backup service interfaces with the Leaf role must be on the same CPE device, which must be different from the device hosting the primary service interfaces.
- If necessary, in the Description field, enter a brief description of the transport service.
- Click Next to proceed to the next group of settings.
- In the Switch and Port drop-down lists on the right, select the CPE device and the service interface that you want to add to the transport service.
- To display service interfaces that were previously added to transport services in the Port drop-down list, select the Show used interfaces check box. This check box is cleared by default.
- In the QoS drop-down list, select the previously created QoS rule for the service interface.
- In the Inbound filter drop-down list, select the previously created traffic filter for the service interface.
- In the Role drop-down list, select the role of the service interface:
- Leaf
- Root
- If necessary, add a backup service interface through which traffic must be transmitted if the primary interface goes out of service:
- Select the Use backup interface check box. This check box is cleared by default.
- In the Backup switch and Backup port drop-down lists, select the CPE device and the service interface created on it that you want to use as the backup service interface.
- To display service interfaces that were previously added to transport services in the Backup port drop-down list, select the Show used interfaces check box. This check box is cleared by default.
If the primary service interface goes back online, the transport service continues to use the backup service interface.
- To assign the DFI role to the service interface, select the Default Forwarding Interface check box. This check box cannot be selected if in the Role drop-down list for the service interface, you selected Leaf.
- Click + Add to add the service interface to the transport service.
The service interface is displayed in the lower part of the window. You can delete a service interface by clicking Delete next to it.
- Click Next to proceed to the next group of settings.
- In the Group drop-down list, select the previously created group of OpenFlow interfaces that you want to add. A service interface is automatically created on top of each OpenFlow interface in the group, and that service interface is added to the transport service.
- In the QoS drop-down list, select the previously created QoS rule for service interfaces created on top of OpenFlow interfaces.
- In the VLAN ID field, enter the outer VLAN tag value for service interfaces created on top of OpenFlow interfaces. You must take into account the following limitations regarding automatic creation of service interfaces on top of OpenFlow interfaces:
- Only service interfaces with the VLAN encapsulation type can be created.
- The VLAN tag value must be the same on all service interfaces.
- In the Role drop-down list, select a role for service interfaces automatically created on top of OpenFlow interfaces:
- Leaf
- Root
- Click + Add to add the group of OpenFlow interfaces to the transport service.
The automatically created service interfaces are displayed in the lower part of the window. You can delete a service interface by clicking Delete next to it.
- Click Create.
The P2M service is created and displayed in the table.
Page topEditing a P2M service
To edit a P2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- Click Management next to the P2M service and in the drop-down list, select Edit.
- This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating a P2M service.
- Click Save.
Deleting a P2M service
Deleted P2M services cannot be restored.
To delete a P2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- Click Management next to the P2M service and in the drop-down list, select Delete.
- If you need to delete the service interfaces added to the P2M service, select the Delete associated service interfaces check box in the confirmation window.
- Click Delete.
The P2M service is deleted and is no longer displayed in the table.
Page topViewing statistics of a P2M service
To view the statistics of a P2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- Click Management next to the P2M service and in the drop-down list, select Statistics.
This opens a window with statistics of the P2M service.
Page topViewing the MAC table of a P2M service
To view the MAC table of a P2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- Click Management next to the P2M service and in the drop-down list, select MAC table.
This opens a window with the MAC table of the P2M service.
- To find a specific MAC address, enter it in the field and click Find by MAC.
- To clear the MAC address table, click Clear.
Configuring the display of devices in a P2M service topology
To configure the display of devices in a P2M service topology
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- Click Management next to the P2M service and in the drop-down list, select Service topology.
This opens a window with the P2M service topology.
- If you need to change the relative position of CPE devices in the topology, use the following buttons in the upper part of the window:
- Manual to manually change the relative position of CPE devices.
- Automatically to select one of the values in the drop-down list to automatically generate the transport service topology:
- Physical simulation — CPE devices are arranged in the diagram approximately in accordance with their actual location relative to each other. For example:
- Random — The arrangement of CPE devices is randomized. For example:
- Circle — Devices are arranged in accordance with a ring topology. For example:
- Breadthfirst — CPE devices are arranged horizontally. For example:
- Concentric — CPE devices are arranged concentrically. For example:
- Grid — CPE devices are arranged in accordance with a grid topology. For example:
- Physical simulation — CPE devices are arranged in the diagram approximately in accordance with their actual location relative to each other. For example:
- If you want to display labels of CPE devices, select the following check boxes:
- Name
- IP address
These check boxes are cleared by default.
- If necessary, display the links used in a segment of two CPE devices:
- Select the Segments check box. This check box is cleared by default.
- Select devices from the drop-down lists below or in the diagram.
- To open the window with control buttons and additional information about the CPE device or link, click the icon of the device or link.
Restarting a P2M service
You may need to restart a P2M service if a problem occurs during its operation (for example, with the network connection) or if changes made to the current configuration necessitate a restart.
To restart a P2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the P2M services section.
A table of P2M services is displayed.
- Click Management next to the P2M service and in the drop-down list, select Reprovision.
- In the confirmation window, click Confirm.
This opens a window with a success message about the restart of the P2M service. The SD-WAN Controller adds the P2M service to all CPE devices that were previously used in this service.
Page topMultipoint-to-Multipoint (M2M) transport service
Multipoint-to-Multipoint (E-LAN in the MEF classification, hereinafter also referred to as the M2M service) is a transport service that involves establishing a peer connection between interfaces of CPE devices on top of the local Ethernet network for communication and joint performance of tasks in a common networking environment without a centralized controller and a clearly defined hierarchy.
To populate the MAC table on the SD-WAN Controller, the M2M service uses the so-called MAC learning mechanism. At the same time, a separate bridge domain is also organized on each CPE device and the CPE device contains a separate table of MAC addresses.
Creating an M2M service
Before creating an M2M service, you must complete the following steps:
- Activate CPE devices.
- Create a constraint (Manual-TE or threshold).
- Create service interfaces.
- Create a traffic filter.
- Create a group of OpenFlow interfaces.
- Create a QoS rule.
To create an M2M transport service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- In the upper part of the page, click + M2M service.
- This opens a window; in that window, in the Name field, enter the name of the transport service.
- In the Constraint drop-down list, select a previously created constraint that you want to add to the transport service.
- In the Balancing mode drop-down list, select the balancing mode for evenly distributing traffic among the links to prevent congestion of individual links and prevent performance issues for users:
- Per-flow — Balancing across flows (sessions). During transmission, flows are evenly distributed across the links. This is the default setting.
- Per-packet — Per-packet balancing. During transmission, packets are distributed evenly across the links.
- Broadcast — Packets are sent to all links simultaneously to prevent losses.
- In the MAC learn mode drop-down list, select the action to apply to a series of frames when the first frame is sent to the SD-WAN controller to learn the source MAC address:
- Learn and flood means the controller remembers the MAC address of the source and checks for the presence of the destination MAC address in the MAC address table. If the destination MAC address is not in the table, the series of frames is sent to all service interfaces added to the transport service, except for the interface on which the series of frames originally arrived. This is the default setting.
- Learn and drop means the controller remembers the MAC address of the source and checks for the presence of the destination MAC address in the MAC address table. If the destination MAC address is not in the table, the series of frames is dropped.
In both cases, if the destination MAC address is present in the MAC address table, the series of frames is sent to the corresponding service interface.
- In the MAC age (sec.) field, enter the time period in seconds during which entries are kept in the MAC table on the SD-WAN Controller. Range of values: 10 to 65,535. The default setting is
300
. - In the MAC table overload drop-down list, select the policy for processing new MAC addresses when the MAC table SD-WAN Controller is full:
- Flood means traffic with destination MAC addresses that have not been learned previously is transmitted as BUM traffic (Broadcast, unknown-unicast, and multicast). This is the default setting.
- Drop means that traffic with previously destination MAC addresses that have not been learned previously is dropped.
- In the MAC table size field, enter the maximum number of entries in the MAC table on the SD-WAN controller. Range of values: 0 to 65,535.
0
means the number of entries is not limited. The default setting is100
. - If necessary, in the Description field, enter a brief description of the transport service.
- Click Next to proceed to the next group of settings.
- In the Switch and Port drop-down lists on the right, select the CPE device and the service interface that you want to add to the transport service.
- To display service interfaces that were previously added to transport services in the Port drop-down list, select the Show used interfaces check box. This check box is cleared by default.
- In the QoS drop-down list, select the previously created QoS rule for the service interface.
- In the Inbound filter drop-down list, select the previously created traffic filter for the service interface.
- If necessary, add a reserve service interface through which traffic must be transmitted if the primary interface goes out of service:
- Select the Use backup interface check box. This check box is cleared by default.
- In the Backup switch and Backup port drop-down lists, select the CPE device and the service interface created on it that you want to use as the reserve service interface.
- To display service interfaces that were previously added to transport services in the Backup port drop-down list, select the Show used interfaces check box. This check box is cleared by default.
If the primary service interface goes back online, the transport service continues to use the reserve service interface.
- Click + Add to add the service interface to the transport service.
The service interface is displayed in the lower part of the window. You can delete a service interface by clicking Delete next to it.
- Click Next to proceed to the next group of settings.
- In the Group drop-down list, select the previously created group of OpenFlow interfaces that you want to add. A service interface is automatically created on top of each OpenFlow interface in the group, and that service interface is added to the transport service.
- In the QoS drop-down list, select the previously created QoS rule for service interfaces created on top of OpenFlow interfaces.
- In the VLAN ID field, enter the outer VLAN tag value for service interfaces created on top of OpenFlow interfaces. You must take into account the following limitations regarding automatic creation of service interfaces on top of OpenFlow interfaces:
- Only service interfaces with the VLAN encapsulation type can be created.
- The VLAN tag value must be the same on all service interfaces.
- Click + Add to add the group of OpenFlow interfaces to the transport service.
The automatically created service interfaces are displayed in the lower part of the window. You can delete a service interface by clicking Delete next to it.
- Click Create.
The M2M service is created and displayed in the table.
Page topEditing an M2M service
To edit an M2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- Click Management next to the M2M service and in the drop-down list, select Edit.
- This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for creating an M2M service.
- Click Save.
Deleting an M2M service
Deleted M2M services cannot be restored.
To delete an M2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- Click Management next to the M2M service and in the drop-down list, select Delete.
- If you need to delete the service interfaces added to the M2M service, select the Delete associated service interfaces check box in the confirmation window.
- Click Delete.
The M2M service is deleted and is no longer displayed in the table.
Page topViewing statistics of an M2M service
To view the statistics of an M2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- Click Management next to the M2M service and in the drop-down list, select Statistics.
This opens a window with statistics of the M2M service.
Page topViewing the MAC table of an M2M service
To view the MAC table of an M2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- Click Management next to the M2M service and in the drop-down list, select MAC table.
This opens a window with the MAC table of the M2M service.
- To find a specific MAC address, enter it in the field and click Find by MAC.
- To clear the MAC address table, click Clear.
Configuring the display of devices in an M2M service topology
To configure the display of devices in an M2M service topology:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- Click Management next to the M2M service and in the drop-down list, select Service topology.
This opens a window with the M2M service topology.
- If you need to change the relative position of CPE devices in the topology, use the following buttons in the upper part of the window:
- Manual to manually change the relative position of CPE devices.
- Automatically to select one of the values in the drop-down list to automatically generate the transport service topology:
- Physical simulation — CPE devices are arranged in the diagram approximately in accordance with their actual location relative to each other. For example:
- Random — The arrangement of CPE devices is randomized. For example:
- Circle — Devices are arranged in accordance with a ring topology. For example:
- Breadthfirst — CPE devices are arranged horizontally. For example:
- Concentric — CPE devices are arranged concentrically. For example:
- Grid — CPE devices are arranged in accordance with a grid topology. For example:
- Physical simulation — CPE devices are arranged in the diagram approximately in accordance with their actual location relative to each other. For example:
- If you want to display labels of CPE devices, select the following check boxes:
- Name
- IP address
These check boxes are cleared by default.
- If necessary, display the links used in a segment of two CPE devices:
- Select the Segments check box. This check box is cleared by default.
- Select devices from the drop-down lists below or in the diagram.
- To open the window with control buttons and additional information about the CPE device or link, click the icon of the device or link.
Restarting an M2M service
You may need to restart an M2M service if a problem occurs during its operation (for example, with the network connection) or if changes made to the current configuration necessitate a restart.
To restart an M2M service:
- In the menu, go to the Infrastructure section.
The SD-WAN infrastructure management page is displayed. By default, the Network resources tab is selected, which displays the table of SD-WAN Controllers.
- Click Management next to the SD-WAN Controller and in the drop-down list, select Configuration menu.
This opens the SD-WAN Controller configuration menu. By default, you are taken to the Controller nodes section, which displays a table of Controller nodes.
- Go to the M2M services section.
A table of M2M services is displayed.
- Click Management next to the M2M service and in the drop-down list, select Reprovision.
- In the confirmation window, click Confirm.
This opens a window with a success message about the restart of the M2M service. The SD-WAN Controller adds the M2M service to all CPE devices that were previously used in this service.
Page topAdding a transport service in a CPE template
You can add transport services in the configuration of a CPE template and then apply the template to devices. In this case, service interfaces for connecting to the added transport services are automatically created on top of the OpenFlow interfaces that correspond to the LAN interfaces of CPE devices to which the template is applied. In this way, you avoid the need to create service interfaces manually and individually connect each CPE device to transport services.
Before adding a transport service to the CPE template configuration, you must complete the following steps:
- Create a transport service in the SD-WAN Controller configuration menu.
- Create a QoS rule.
Note that all settings must match the previously created transport service. For example, you must use the same name and type.
To add a transport service in the CPE template:
- In the menu, go to the SD-WAN → CPE templates subsection.
A table of CPE templates is displayed.
- Click the CPE template.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
.
- Select the Transport services tab.
A table of transport services is displayed.
- Click + Transport service.
- This opens a window; in that window, in the Name field, enter the name of the transport service.
- In the QoS name field, enter the name of the previously created QoS rule that is used in the transport service.
- In the Stage drop-down list, select the state of the CPE device in which you want to add the service interface to the transport service.
- Before activation — The service interface is added to the transport service before activating the CPE device. This is the default setting.
- After activation — The service interface is added to the transport service after activating the CPE device.
- In the Type drop-down list, select one of the following values:
- P2M
- M2M
- In the Encapsulation drop-down list, select the type of encapsulation on the service interface:
- Access (selected by default).
- VLAN
- Q-in-Q
- If in the Encapsulation drop-down list, you selected VLAN, in the VLAN ID field, enter the outer VLAN tag. Range of values: 1 to 4,094.
- If in the Encapsulation drop-down list, you selected Q-in-Q, follow these steps:
- In the VLAN ID field, enter the outer VLAN tag. Range of values: 1 to 4,094.
- In the Inner VLAN ID field, enter the inner VLAN tag. Range of values: 1 to 4,094.
- If in the Type drop-down list, you selected P2M, in the Role drop-down list, select the role of the service interface:
- Leaf is a service interface that can send traffic only to interfaces with the Root role.
- Root is a service interface that can send traffic to interfaces with any role. At least one service interface must be assigned this role.
- Click Create.
The transport service is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE template.
Editing a transport service in a CPE template
To edit a transport service in the configuration of a CPE template:
- In the menu, go to the SD-WAN → CPE templates subsection.
A table of CPE templates is displayed.
- Click the CPE template.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
.
- Select the Transport services tab.
A table of transport services is displayed.
- Click Edit next to the transport service.
- This opens a window; in that window, edit the settings that you want to change. For a description of the settings, see the instructions for adding a transport service in the CPE template configuration.
- Click Save.
Deleting a transport service from a CPE template
Transport services that are deleted in the CPE template configuration cannot be restored.
To delete a transport service in the configuration of a CPE template:
- In the menu, go to the SD-WAN → CPE templates subsection.
A table of CPE templates is displayed.
- Click the CPE template.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
.
- Select the Transport services tab.
A table of transport services is displayed.
- Click Delete next to the transport service.
The transport service is deleted and is no longer displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE template.
Scenario: Directing application traffic to a transport service
Kaspersky SD-WAN supports application-level traffic identification. This functionality can be used when defining QoS policies for the following purposes:
- Directing application traffic through a specific WAN interface of a CPE device, for example, in accordance with the SLA values of path metrics.
- Dropping the traffic of a certain application on the CPE device to prevent this traffic from entering the SD-WAN network.
This scenario provides step-by step instructions for directing traffic of one or more applications to the transport service. Before following this scenario, you must create a transport service to which the application traffic is to be directed.
The scenario for directing application traffic to a transport service involves the following steps:
- Creating a traffic classification rule
A traffic classification rule is used to identify the traffic of a specific application from the overall data stream. When creating a traffic classification rule, you must select the L3 protocol on the L3 fields tab, and select the application whose traffic you want to direct to the transport service on the DPI tab.
To direct traffic of multiple applications to a transport service, create a traffic classification rule for each of them.
- Creating a traffic filter
A traffic filter determines whether the routing of an application's traffic is allowed. When creating a traffic filter, you must add a traffic classification rule for an application or multiple classification rules.
- Creating an ACL interface
An ACL interface applies a filter to traffic that passes through it. When creating an ACL interface, you must select a traffic filter for the application.
- Adding the ACL interface to the transport service
You must edit the settings of the transport service and add an ACL interface through which application traffic will arrive to the service.