Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
For tunnel orchestration, uplink configuration is required on both Branch Gateways and VPNCs. The SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. Orchestrator requires:
- An appropriate pair of uplinks to bring up IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels between Branch Gateways and VPNCs
- An algorithm to determine the tunnels orchestrated between Branch Gateways and VPNCs.
For tunnel orchestration, the following configuration is required on the uplink interfaces:
- For uplinks:
- Link Name—The link name configured on the MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. uplink interface of a VPNC must match the link name of the MPLS uplink interface configured on Branch Gateways.
- Private IP address—By default, the IP address of the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface is used as the private IP address for uplink interfaces on the VPNCs. The private IP address can be modified.
- For uplinks:
- Link Name—Link name matching is not mandatory. However, the SD-WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Orchestrator will try to find the INET link with the same name; for example, if the INET uplink is named , the SD-WAN Orchestrator tries to establish tunnels to . Even if there is no matching INET link, the SD-WAN Orchestrator can establish IPsec tunnels between Branch Gateways and VPNCs with first available INET uplink.
- Public IP address—You must configure a public IP address that corresponds to the firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. translation of the private IP address for the uplink interfaces on VPNCs.
- Private IP address—By default, the IP address of the VLAN interface is used as the private IP address for INET uplink interfaces on the VPNCs. Private IP address for INET uplinks cannot be modified or overwritten.
For more information on how to configure uplinks on Gateways, see Configuring Uplink Interfaces on Branch Gateways.
