Multi-Site Layer 2 Cloud Networks with Local-Site Internet Breakout
Introduction
Big Network provides Software and Hardware that makes it fast and simple to deploy distributed multi-site Layer 2 networks, along with Local Internet Breakout functionality. By default, Local Internet Breakout relies upon two key functions: Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP) service. When combined with a Cloud Network for Layer 2 SD-WAN, Local Internet Breakout can be configured in few different forms:
- Hub and Spoke: Internet Access originates at the Hub, all NAT and DHCP functions happen at the Hub, and the Cloud Network provides a logical Layer 2 extension to the Spokes of the Network.
- Distributed Functions: Internet Access at each site is locally provided; however, the Layer 2 domain spans all sites.
This article will focus on the later use case.
Design Diagram / Application Concept
Multi-Site Layer 2 Cloud Network The Layer 2 domain will use 172.16.0.0/20 as its addressing range.
Assuming a /24 (256 hosts per location), this design allows 14 locations to be connected, with two /24s reserved for other Cloud Network functions. Subnetting looks like the following:
- 172.16.0.0/24: Site #1
- 172.16.1.0/24: Site #2
- 172.16.2.0/24: Site #3
- 172.16.3.0/24: Site #4
- 172.16.4.0/24: Site #5
- 172.16.5.0/24: Site #6
- 172.16.6.0/24: Site #7
- 172.16.7.0/24: Site #8
- 172.16.8.0/24: Site #9
- 172.16.9.0/24: Site #10
- 172.16.10.0/24: Site #11
- 172.16.11.0/24: Site #12
- 172.16.12.0/24: Site #13
- 172.16.13.0/24: Site #14
- 172.16.14.0/24: RESERVED
- 172.16.15.0/24: RESERVED
Design Implementation and Configuration
All hosts attached to the Cloud Network Layer 2 domain will receive IP addresses from 172.16.0.0/20, however, DHCP servers / pools, and Internet Breakout NAT functions will occur at the site level.
Step #1: Cloud Network Configuration
Create a “Cloud Network”. A Cloud Network is a collection of devices that share a common Layer 2 network. Just think of it as your virtual LAN in the cloud. Devices joined to a Cloud Network have complete access to each other.
Navigate to Cloud Networks
Click on “Create Network”; a wizard will appear to collect details about your Cloud Network.
Provide a Name and Description for your Cloud Network
Click “Next”
Define an IP Address Pool - Since this is an L2 network there is no need to define the IP pool just select “Do not assign address pool”.
Click “Next”
Define access to the Cloud Network - You may leave this blank since we only want Edge devices to join the network.
Click “Next”.
Now finalize
To proceed, click “Create”
To proceed, click “Network”
Step #2: Advanced Cloud Network Configuration
By default, Cloud Networks are L2 bridges / domains. By default, Edge Pro and Edge Lite DHCP servers are bridged into attached Cloud Network L2 domains, so in this use case, we must prevent DHCP from "leaking" between our sites. To do this, we use a Cloud Network Flow Rule:
- Navigate to your Cloud Network
- Go to "Advanced Settings"
- Scroll down to Flow Rules:
- Install the following flow rule:
drop sport 67;
drop dport 67;
drop sport 68;
drop dport 68;
- Click "Save"
Click the “Pending Changes” gear to review configuration changes.
Click “Apply” to Apply the configuration changes.
Click “Back”.
Step #3: Site #1 Edge Configuration
Connecting physical ports on your Edge Device to Cloud Networks creates the final “gateway” connection needed to extend your physical network to a Cloud Network.
Navigate to “Edge Devices”
Select “Configure” next to the Edge Pro / Lite you want to use.
Select “Networks” to see configured Networks on the device.
Select “Edit Config”
Select “Create Local Network”
Expand the newly created network; Select Local Services:
Select “Connection”
In “Connected Cloud Network” select the Cloud Network you defined in Step #1.
In “Connected LAN Interfaces” select the physical ports you wish to use with your existing network.
Click “Validate” to validate the configuration.
Click the “Pending Changes” gear to review configuration changes.
Click “Apply” to Apply the configuration changes.
Click “Back”.
Click “Config History” to observe the configuration being applied to Edge Devices. When the new configuration’s checkbox turns from Blue to Green, you know the new configuration is applied.
Step #4: Site #2 Edge Configuration
Connecting physical ports on your Edge Device to Cloud Networks creates the final “gateway” connection needed to extend your physical network to a Cloud Network.
Navigate to “Edge Devices”
Select “Configure” next to the Edge Pro / Lite you want to use.
Select “Networks” to see configured Networks on the device.
Select “Edit Config”
Select “Create Local Network”
Expand the newly created network; Select Local Services:
Add an Internet Breakout Service - The Service IP will be 172.16.1.1 <-- IMPORTANT: Note the change to the 3rd octet for Site #2
Add a DHCP Service:
Choose a pool suitable for this site - i.e. the "subnet" is 172.16.1.0/24, so 172.16.1.20-250 is reasonable. Adjust as you like. <-- IMPORTANT: Note the change to the 3rd octet for Site #2
Use Elipsis for More Settings:
Select “Connection”
In “Connected Cloud Network” select the Cloud Network you defined in Step #1.
In “Connected LAN Interfaces” select the physical ports you wish to use with your existing network.
Click “Validate” to validate the configuration.
Click the “Pending Changes” gear to review configuration changes.
Click “Apply” to Apply the configuration changes.
Click “Back”.
Click “Config History” to observe the configuration being applied to Edge Devices. When the new configuration’s checkbox turns from Blue to Green, you know the new configuration is applied.
Step #5: Other Site Configurations
- Repeat Step #4 for each site, using the subnetting plan listed above. Adjusting the IP prefixes / pools accordingly.
Conclusion and Result
As a result of this implementation:
- DHCP Service from one Edge Device to others, has been blocked from traversing the Cloud Network using Flow Rules.
- Devices at Site #1 will have access to all other devices number in 172.16.0.0/20 via the Cloud Network, at any location. Devices at Site #1, trying to access resources OUTSIDE of 172.16.0.0/20 will follow their default route to the Edge Device, running a NAT function, at 172.16.0.1, to their local WAN connections, using the specified WAN Priority for that Edge Device.
- Devices at Site #2 will have access to all other devices number in 172.16.0.0/20 via the Cloud Network, at any location. Devices at Site #2, trying to access resources OUTSIDE of 172.16.0.0/20 will follow their default route to the Edge Device, running a NAT function, at 172.16.1.1, to their local WAN connections, using the specified WAN Priority for that Edge Device.
- Devices at Site #N will have access to all other devices number in 172.16.0.0/20 via the Cloud Network, at any location. Devices at Site #N, trying to access resources OUTSIDE of 172.16.0.0/20 will follow their default route to the Edge Device, use the corresponding NAT function to their local WAN connections, using the specified WAN Priority for that Edge Device.
Related Articles
Deploying Resilient Internet Access with Edge Pro
Introduction Big Network Edge Pro is the ideal platform to provide resilient Internet Access to offices, branches, or remote locations. Sites seeking high availability of Internet access can use Edge Pro to "abstract" underlying ISPs, such as mobile ...
Big Edge: Local Services
Introduction Big Network's Edge Pro and Edge Lite devices feature the ability to host "Local Services" which are virtual network functions (VNFs) natively available on our devices. Local Services include: Local Breakout Dynamic Host Configuration ...
Layer 2 Point to Point Network
Introduction: Use this Configuration Guide to set up Layer 2 Point-to-Point Network (Shared LAN)Use this Configuration Guide to setup a Layer 2 Point to Point SD-WAN Network using Big Network. Big Network SD-WAN enables Layer 2 connectivity features ...
Account Registration and Create your First Cloud Network
Introduction The purpose of this guide is to walk you through the process of getting started with Big Network. In this document, we will describe how to register for an account, create an organization, configure a Cloud Network, and download Big Apps ...
Getting Started: Adding Users to your Cloud Networks
Introduction Once you have gotten started with Big Network, you will likely want to configure addition users to access your Cloud Networks. This is a natural place to take advantage of Role Based Access Control (RBAC) within Big Network's portal. ...