Configure Host Entry for SD-WAN vBond Controller

Available Languages

Download Options

  • PDF     (38.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (83.1 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (69.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 11, 2023
Document ID:220382

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the procedure to configure host entry for Software Defined Wide Area Network (SD-WAN) vBond Controller.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco Software-defined Wide Area Network (SD-WAN)
    • Cisco SD-WAN vBond controller

    Components Used

    The information in this document is based on these software and hardware versions:

    • vManage software 20.6.3
    • vBond software 20.6.3
    • vSmart software 20.6.3
    • Viptela Edge (vEdge) router software 20.6.3
    • Cisco Edge (cEdge) Router software 17.6.3

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Scope

    Configure vBond host entry when there are Domain Name server (DNS) issues such but not limited to these reasons:

    • Unable to translate Fully Qualified Domain Name (FQDN)
    • DNS connectivity

    Considerations

    This document assumes:

    • The network has vBond, vManage, and vSmart controllers that are up and in a healthy state
    • WAN SD-WAN Edge routers are fully functional
    • Basic Configuration is applied to the controllers
    • Controllers and Edge Routers have connectivity between them

    If you need information about Controller Deployment, navigate to Cisco SD-WAN Overlay Network Bring-Up Process.

    Please visit this link SD-WAN Design if you are interested in a design guide.

    Problem: DNS Scenarios with FQDN Entry

    Scenario 1. DNS Entry with FQDN, Resolution Works

    Here is an example of a common configuration with FQDN.

    vedge# show running-config system vbond
system
 vbond vbond.lab.sdwan
!
vedge# show running-config vpn 0 dns
vpn 0
 dns 192.168.1.11 primary
!

    This is the expected result when DNS translation works.

    vedge# nslookup vbond.lab.sdwan
nslookup in VPN 0:
Server:    192.168.1.11
Address 1: 192.168.1.11

Name:      vbond.lab.sdwan
Address 1: 192.168.2.1 vbond.lab.sdwan
Address 2: 192.168.2.2 vbond.lab.sdwan

vedge# ping vbond.lab.sdwan
Ping in VPN 0
PING vbond.lab (192.168.2.1) 56(84) bytes of data.
64 bytes from vbond.lab (192.168.2.1): icmp_seq=1 ttl=63 time=26.1 ms

    Scenario 2. DNS Entry with FQDN, Resolution Fails

    This configuration is the same as the previous scenario.

    vedge# show running-config system vbond
system
 vbond vbond.lab.sdwan
!
vedge# show running-config vpn 0 dns
vpn 0
 dns 192.168.1.11 primary
!

    This time DNS resolution fails.

    vedge#nslookup vbond.lab.sdwan
    nslookup in VPN 0:
    Server: 192.168.1.11
    Address 1: 192.168.1.11
    nslookup: can't resolve 'vbond.lab.sdwan'
    vedge#
    vedge# ping vpn 0 vbond.lab.sdwan
    Ping in VPN 0
    ping: vbond.lab.sdwan: Name or service not known
    vedge#

    Solution: Configure DNS Entry with Static IP

    Configuration for vEdge

    Configure host command with FQDN and vBond IPs.

    vedge# show running-config vpn 0 host
vpn 0
 host vbond.lab.sdwan ip 192.168.2.1 192.168.2.2
!
vedge#

    Run nslookup  for validation purposes.

    vedge# nslookup vbond.lab.sdwan
    nslookup in VPN 0:
    Server: 192.168.1.11
    Address 1: 192.168.1.11

    Name: vbond.lab.sdwan
    Address 1: 192.168.2.1 vbond.lab.sdwan
    Address 2: 192.168.2.2 vbond.lab.sdwan

    Tip: You can analyze logs of vDebug file from admin-tech if vBond resolution fails.

    Configuration for Controllers

    Configuration is the same as that for vEdge devices.

    This is an example of vSmart.

    vsmart# show running-config system vbond
system
 vbond vbond.lab.sdwan
!
vsmart# show running-config vpn 0 dns
vpn 0
 dns 192.168.1.11 primary
!
    vsmart# show running-config vpn 0 host
vpn 0
 host vbond.lab.sdwan ip 192.168.2.1 192.168.2.2
!
vsmart#

    Configuration for cEdge

    This is the configuration for cEdge router.

    cedge#show sdwan run system | include vbond
    vbond vbond-list
    cedge#
    cedge#show sdwan run | include host
    ip host vbond-list 192.168.2.1 192.168.2.2
    cedge#

    Run ICMP for validation purposes.

    cedge#ping vbond-list
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.50.149, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 27/29/31 ms
    cedge#

    Additional Configuration

    Set the primary and secondary DNS server as a redundancy method. In case one server fails the other one makes a DNS resolution.

    Below example applies for vedge, vManage, vBond and vSmart

    VM# show running-config vpn 0 dns
vpn 0
 dns 192.168.1.11 secondary
 dns 192.168.1.12 primary
!

    Below example applies for cedge

    cedge#show run | i name
    ip name-server 192.168.30.32 192.168.48.89
    cedge#

    Common Configuration Issues

    • Inconsistent name resolution among controllers and WAN Edge routers.
    • Wrong vBond IP addresses.
    • Use the same IP address in vBonds. Each vBond must have its own IP address configured as the  vBond local.
    • You can have control connections on both interfaces Gigabitethernet1 and Gigabitethernet2, but the DNS server is only reachable via Gigabitethernet1, therefore, the control connection fails.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    11-Apr-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Carlos Fernando Machorro Arvizu
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products