Intelligent WAN Configuration Files Guide: Cisco Validated Design

CISCO VALIDATED DESIGN
Intelligent WAN
Configuration Files Guide
October 2016
REFERENCE
NETWORK
ARCHITECTURE
Table of Contents
Table of Contents
Introduction...................................................................................................................................... 1
Product List...................................................................................................................................... 6
IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation........................................ 10
Configuration Files ........................................................................................................................................................ 13
IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites............................................... 14
Configuration Files......................................................................................................................................................... 15
IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation........................................... 16
IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites.................................................. 20
IWAN Dual Internet Design Model for EIGRP—WAN Aggregation..................................................... 22
IWAN Dual Internet Design Model for EIGRP—Remote Sites............................................................ 25
Appendix A: Changes..................................................................................................................... 27
Cisco Validated Design

Introduction
Introduction
The Cisco Intelligent WAN (IWAN) solution provides design and implementation guidance for organizations looking
to deploy wide area network (WAN) transport with a transport-independent design (TID), intelligent path control,
application optimization, and secure encrypted communications between branch locations while reducing the
operating cost of the WAN. IWAN takes full advantage of cost-effective transport services in order to increase
bandwidth capacity without compromising performance, reliability, or security of collaboration or cloud-based ap-
plications.
This document provides the available configuration files for the products used in the Intelligent WAN Deployment
Guide. It is a companion document to the deployment guide as a reference for engineers who are evaluating or
deploying the CVD.
This guide describes two base IWAN design models and three advanced IWAN design models.
The first design model is the IWAN Hybrid, which uses MPLS paired with Internet as WAN transports. In this
design model, the MPLS WAN can provide more bandwidth for the critical classes of services needed for key ap-
plications and can provide SLA guarantees for these applications.
The second design model is the IWAN Dual Internet, which uses a pair of Internet service providers to further
reduce cost while maintaining a high level of resiliency for the WAN.
Figure 1 IWAN hybrid model—WAN aggregation site overview
Core Layer
WAN Distribution
Hub Master
Layer
Controller
Hub Border DMVPN Hub

Routers Routers Internet Edge
DMVPN 1 DMVPN 2
INET
MPLS
1248F
Cisco Validated Design page 1

Introduction
Figure 2 IWAN dual Internet model—WAN aggregation site overview
Core Layer
WAN Distribution Hub Master

Layer Controller
Hub Border DMVPN Hub

Routers Routers Internet Edge
DMVPN 11 DMVPN 12
INET
1240F
ISP A / ISP B
Figure 3 IWAN—Remote-site overview
Single Router Location Dual Router Location
Branch Master Branch Master Branch

Controller/ Controller/ Border
Branch Border Branch Border Router
Router Router
1241F

Introduction
The first advanced design builds on previous design models by adding hub borders routers for horizontal scaling
at a single data center. This design also has an option to add a second hub MC at a single data center for high
availability.
Figure 4 IWAN dual Internet Model—Hub MC high availability
Core Layer
Hub Master
Controller (MC)
WAN Distribution Lo1: 10.6.32.252/32
Layer
Hub Master
Controller (MC-HA)
Lo1: 10.6.32.252/31
Hub Border
Routers (BR) Internet Edge
DMVPN 11 DMVPN 12
INET
2307F
INET1 INET2 ISP A / ISP B
Figure 5 IWAN dual Internet model—Hub BR scalability
Core Layer
Hub Master
WAN Distribution Controller (MC)
Layer Hub Master
Controller (MC-HA)
Hub Border
Routers (BR)
Internet Edge
Multiple paths
to the same
DMVPN
INET1 INET2 INET1 INET2

PATH-ID 1 PATH-ID 2 PATH-ID 3 PATH-ID 4
INET
2308F
DMVPN 11 DMVPN 12 DMVPN 11 DMVPN 12

ISP A / ISP B

Introduction
The second advanced design builds on previous design models with data center redundancy. The multi-data
center or the transit site support feature enables organizations to scale their network infrastructure and load-
balance the traffic when required.
Figure 6 IWAN hybrid model—Second data center as a transit site
DC1 DC2
10.4.0.0/16 10.4.0.0/16
10.6.0.0/16 DCI 10.8.0.0/16
WAN Core
Hub Site Transit Site
Hub MC Transit MC
POP-ID 0 POP-ID 1
10.4.0.0/16 10.4.0.0/16
10.6.0.0/16 10.8.0.0/16
Hub BRs Transit BRs
MPLS1 INET1 MPLS1 INET1

PATH-ID 1 PATH-ID 2 PATH-ID 1 PATH-ID 2
2309F
DMVPN 1 DMVPN 2 DMVPN 1 DMVPN 2

Introduction
The third advanced design model is a multiple transport option called IWAN Dual Hybrid with Path of Last Resort
(PLR). This model has two MPLS transports, two Internet transports, and a fifth transport used as the final option
when the other four are not available. The model is not limited to two MPLS, two Internet and one PLR transport,
but this specific design is used to show the underlying principles for multiple transports. The multiple transport
design can be used with any of the previous design models.
Figure 7 IWAN dual hybrid with PLR design model—WAN aggregation site overview
Core Layer
WAN Distribution
Layer Hub Master
Controller (MC)
Hub
Border
Routers
(BRs)
Internet Edge
INET INET
MPLS 1 MPLS 2 INET 1 INET 2 PLR
ISP A / ISP B /
6040F
DMVPN 1 DMVPN 3 DMVPN 2 DMVPN 4 DMVPN 5 ISP C
Figure 8 IWAN dual hybrid with PLR design model—Remote site options
IWAN Dual
Hybrid with PLR
INET PLR
MPLS 1 INET 1
Link resiliency
with up to three
WAN transports
INET PLR
MPLS 1 INET 1 MPLS 2 INET 2
Link resiliency
with dual routers
with up to five
6046F
WAN transports

Product List
Product List
To view the full list of IWAN-supported routers for this version of the CVD, see Supported Cisco Platforms and
Software Releases.
WAN AGGREGATION
Place In Network Product Description Part Number SW Version Feature Set
WAN-aggregation Aggregation Services 1002X Router ASR1002X-5G-VPNK9 IOS XE 03.16.04b.S Advanced
Router Enterprise
Aggregation Services 1001X Router ASR1001X-5G-VPN IOS XE 03.16.04b.S Advanced
Enterprise
Cisco ISR 4451-X Security Bundle ISR4451-X-SEC/K9 IOS XE 03.16.04b.S securityk9
with SEC License
Hub or Transit MC Cloud Services Router 1000v CSR1000v IOS XE 03.16.04b.S AX
WAN REMOTE SITE

Place In Network Product Desccription Part Number SW Version Feature Set
Modular WAN Cisco ISR 4451 AX Bundle with APP ISR4451-X-AX/K9 IOS XE 03.16.04b.S securityk9,
Remote-site Router and SEC License appxk9
Cisco ISR 4431 AX Bundle with APP ISR4431-AX/K9 IOS XE 03.16.04b.S securityk9,
and SEC License appxk9
Cisco ISR 3945 AX Bundle with APP C3945-AX/K9 15.5(3)M4a securityk9,
and SEC License datak9, uck9
Unified Communications Paper PAK for SL-39-UC-K9
Cisco 3900 Series
Unified Communications Paper PAK for SL-29-UC-K9
Cisco 2900 Series
and SEC License datak9

Product List
INTERNET EDGE
Firewall Cisco ASA 5545-X ASA5545-K9 ASA 9.4(3)
Cisco ASA 5525-X ASA5525-K9 ASA 9.4(3)
Cisco ASA 5512-X Security Plus license ASA5512-SEC-PL
Firewall Management ASDM 7.6(2)
INTERNET EDGE LAN

DMZ Switch Cisco Catalyst 2960-X Series 24 10/100/1000 PoE WS-C2960X-24PS 15.2(3)E1 LAN Base
and 2 SFP+ Uplink
Cisco Catalyst 2960-X FlexStack-Plus Hot-Swap- C2960X-STACK
pable Stacking Module
LAN ACCESS LAYER

Modular Access Cisco Catalyst 4500E Series 4507R+E 7-slot Chas- WS-C4507R+E 3.7.1E(15.2.3E1) IP Base
Layer Switch sis with 48Gbps per slot
Cisco Catalyst 4500E Supervisor Engine 8-E, Uni- WS-X45-SUP8-E 3.7.1E(15.2.3E1) IP Base
fied Access, 928Gbps
Cisco Catalyst 4500E 12-port 10GbE SFP+ Fiber WS-X4712-SFP+E
Module
Cisco Catalyst 4500E 48-Port 802.3at PoE+ WS-X4748-RJ45V+E
10/100/1000 (RJ-45)
Cisco Catalyst 4500E Series 4507R+E 7-slot Chas- WS-C4507R+E 3.7.1E(15.2.3E1) IP Base
sis with 48Gbps per slot
Cisco Catalyst 4500E Supervisor Engine 7L-E, WS-X45-SUP7L-E 3.7.1E(15.2.3E1) IP Base
520Gbps
Cisco Catalyst 4500E 48 Ethernet 10/100/1000 WS-X4748-UPOE+E
(RJ45) PoE+,UPoE ports
Cisco Catalyst 4500E 48 Ethernet 10/100/1000 WS-X4648-
(RJ45) PoE+ ports RJ45V+E

Product List

Stackable Access Cisco Catalyst 3850 Series Stackable 48 Ethernet WS-C3850-48F 3.7.1E(15.2.3E1) IP Base
Layer Switch 10/100/1000 PoE+ ports
Cisco Catalyst 3850 Series Stackable 24 Ethernet WS-C3850-24P 3.7.1E(15.2.3E1) IP Base
10/100/1000 PoE+ Ports
Cisco Catalyst 3850 Series 2 x 10GE Network C3850-NM-2-10G
Module
Module
Cisco Catalyst 3650 Series 24 Ethernet WS-C3650-24PD 3.7.1E(15.2.3E1) IP Base
10/100/1000 PoE+ and 2x10GE or 4x1GE Uplink
Cisco Catalyst 3650 Series 24 Ethernet WS-C3650-24PS 3.7.1E(15.2.3E1) IP Base
10/100/1000 PoE+ and 4x1GE Uplink
Cisco Catalyst 3650 Series Stack Module C3650-STACK
Cisco Catalyst 2960-X Series 24 10/100/1000 WS-C2960X-24PD 15.2(3)E1 LAN Base
Ethernet and 2 SFP+ Uplink
Standalone Access Cisco Catalyst 3650 Series 24 Ethernet WS-C3650-24PS 3.7.1E(15.2.3E1) IP Base
Layer Switch 10/100/1000 PoE+ and 4x1GE Uplink
LAN DISTRIBUTION LAYER

Modular Distribution Cisco Catalyst 6500 VSS Supervisor 2T with 2 VS-S2T-10G 15.2(1)SY1 IP Services
Layer Virtual Switch ports 10GbE and PFC4
Pair
Cisco Catalyst 6800 Series 6807-XL 7-Slot Modu- C6807-XL 15.2(1)SY1 IP Services
lar Chassis
Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE WS-X6904-40G-2T
Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 10GbE SFP+ adapter CVR-CFP-4SFP10G
for WX-X6904-40G module
Cisco Catalyst 6500 CEF720 48 port WS-X6748-GE-TX
10/100/1000mb Ethernet
Cisco Catalyst 6500 Distributed Forwarding Card 4 WS-F6K-DFC4-A
Cisco Catalyst 6500 Series 6506-E 6-Slot Chassis WS-C6506-E 15.2(1)SY1 IP services
Cisco Catalyst 6500 VSS Supervisor 2T with 2 VS-S2T-10G 15.2(1)SY1 IP services
ports 10GbE and PFC4
Cisco Catalyst 6500 4-port 40GbE/16-port 10GbE WS-X6904-40G-2T
Fiber Module w/DFC4
Cisco Catalyst 6500 4-port 10GbE SFP+ adapter CVR-CFP-4SFP10G
for WX-X6904-40G module
Cisco Catalyst 6500 48-port GigE Mod (SFP) WS-X6748-SFP
Cisco Catalyst 6500 24-port GigE Mod (SFP) WS-X6724-SFP

Product List
Place in Network Product Description Part Number SW Version Feature Set

Extensible Fixed Cisco Catalyst 6800 Series 6880-X Extensible C6880-X-LE 15.2(1)SY1 IP Services
Distribution Layer Fixed Aggregation Switch (Standard Tables)
Virtual Switch Pair
Cisco Catalyst 6800 Series 6880-X Multi Rate Port C6880-X-LE-
Card (Standard Tables) 16P10G
Modular Distribution Cisco Catalyst 4500E Series 4507R+E 7-slot Chas- WS-C4507R+E 3.7.1E(15.2.3E1) Enterprise
Layer Virtual Switch sis with 48Gbps per slot Services
Pair
Cisco Catalyst 4500E Supervisor Engine 7-E, WS-X45-SUP7-E 3.7.1E(15.2.3E1) Enterprise
848Gbps Services
Cisco Catalyst 4500E 12-port 10GbE SFP+ Fiber WS-X4712-SFP+E
Module
Cisco Catalyst 4500E 48-Port 802.3at PoE+ WS-X4748-RJ45V+E
10/100/1000 (RJ-45)
Fixed Distribution Cisco Catalyst 4500-X Series 32 Port 10GbE IP
Layer Virtual Switch Base Front-to-Back Cooling WS-C4500X-32SFP+
Pair 3.5.3E(15.2.1E3) Enterprise Services
Stackable Cisco Catalyst 3850 Series Stackable Switch with WS-C3850-12S 3.7.1E(15.2.3E1) IP Services
Distribution Layer 12 SFP Ethernet
Switch
Module
Module

IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation
IWAN Dual Hybrid with PLR Design Model for

EIGRP—WAN Aggregation
Performance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a BR. The MC
defines the policies and applies them to various traffic classes that traverse the BR systems. The MC can be con-
figured to learn and control traffic classes on the network.
There are two different roles a device can play at the WAN aggregation site of a PfRv3 configuration:
•• Hub Master Controller—The hub MC is the MC at the primary WAN aggregation site. This is the MC device
where all PfRv3 policies are configured. It also acts as MC for that site and makes path-optimization decision.
There is only one hub MC per IWAN domain.
•• Hub Border Router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate.
There can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs,
PfRv3 must be configured with:
◦◦ The address of the local MC.
◦◦ The path name on external interfaces.
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit Master Controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit Border Router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
◦◦ The address of the transit MC.
◦◦ The path ID on external interfaces.

Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using
EIGRP, as referenced in the figure below.
Figure 9 IWAN dual hybrid model w/ PLR model for EIGRP

Internal MPLS1 MPLS2 MPLS1 MPLS2
10.6.X.X 192.168.6.X 192.168.7.X 192.168.6.X 192.168.7.X
IE DMZ INET1 INET2 INET4G INET1 INET2 INET4G

192.168.146.X 172.16.X.X 172.17.X.X 172.18.X.X 172.18.X.X 172.19.X.X 172.17.X.X
IE Outside ISP-A ISP-B ISP-C ISP-C ISP-D ISP-B
Lo0
42.251 INET1: 172.16.140.1 and 140.2 Loopback Netblock
To Core Tunnel10 Tunnel11
42.33 42.34 24.1 24.30 INET2: 172.17.140.1 and 140.2 10.255.X.X 10.7.X.X
Po136 Po36 10.6.34.X 10.6.36.X
VLAN300 INET4G: 172.18.140.1 and 140.2 Netblock
Lo0 0.0 - 7.255
IE-D3750X IE-ASA5545-1
146.1 Tunnel12 Tunnel13 Tunnel14 INET1 241.11
10.6.38.X 10.6.40.X 10.6.42.X 98.91 RS11
42.38
Lo0 Tu11
32.241 Single ISR G2
36.11
IW-DMZ- Access 2K
MPLS1 RS11-2921 RS11-A2960
A2960X Tu10
HY-MPLS1- 6.1 MPLS1
ASR1002X-1 6.5 34.11
.2
32
Hub Site
Lo0 Tu10 INET1 INET1 Lo0
Po33 98.100
32.242 34.1 Tunnel 11 Tu11
241.12
Po1 INET1 36.12
HY-INET1- 146.10 Netblock
.6 Tu11
32 ASR1002X-2 MPLS1 Tu10 16.0 - 23.255
36.1 6.9 RS12-2911-1
34.12
42.37
Po2 Lo0 RS12

Lo0
.1
32.243
32
32.240 .5
To Core 32 MPLS2
Dual ISR G2
HY-MPLS2- 7.1 RS12-A2960 Access 2K
42.41 42.42 32.9 32.10
Po138 Po38 Po3 ASR1002X-3
32
.13 Lo0
Lo0 INET2 Tu13 243.12
WAN-D3750X Tu12 98.100 40.12
Po4 32.244 38.1
32 RS12-2911-2
.14 MPLS1
32
32
Tunnel 10 Tu12
.17
Tu13 MPLS2
.12
HY-INET2-
40.1 38.12 7.9
9
ASR1002X-4 INET2
Po5 146.11
Netblock
Lo0
Lo0 128.0 - 135.255
32.245 INET4G
INET2 243.31
146.12 Tu13
98.204 RS31
32
HY-INET4G- Tu14 40.31

.18
Po21 ASR1002X-5 44.1 Single ISR 4K

MPLS2 Tu12 Access 2K
Lo0 RS31-4451 RS31-A2960
7.21 38.31
32.251
INET2
Tunnel 13 Tu14 INET4G
32
98.204
.15
HY-MC- 44.31
1
CSR1000v-1
INET1
EIGRP AS:400 Tu11
98.252 Lo0
36.32
241.32
Tu10
34.2 MPLS1 Tu10 Netblock
6.25 34.32 144.0 - 151.255
Internal
10.8.X.X INET4G RS32-4451-1
Lo0 98.252 RS32
32.241 Tu14
To IE-D3750X MPLS2 44.31 Dual ISR 4K
Tunnel 12 INET2
RS32-A3850
Access 3K
HY-MPLS1- Tu13 98.252
ASR1002X-T1 MPLS1 40.32
.2
32
6.41 Lo0
42.38
Lo0 243.32
Transit Site 32.242
INET1
Tu12
RS32-4451-2
Po1 38.32
146.13
Po35 HY-INET1- Tu11 MPLS2
.6 ASR1002X-T2
32 36.2 7.25
Tu11 INET1
42.37
Po2 Lo0
Lo0 36.41 99.44
.1
32.243
32
32.240 .5
To Core 32 MPLS1
HY-MPLS2- 7.41
42.41 42.42 32.9 32.10 Tu12
Po140 Po40 Po3 ASR1002X-T3
32 38.2 Tu10
.13
34.41
Netblock
WAN-D3750X-T Lo0 INET4G MPLS1 Lo0 192.0 - 199.255
32.244 6.29
Po4
32 INET2 Tunnel 14 241.41
.14
RS41
32
32
146.14 Po1
.17
Tu13
.1
HY-INET2-
29
ASR1002X-T4 40.2 Single ISR G2

Po5 Tu11 Dist/Acc 3K/2K
36.42 RS41-2921 RS41-D3750 RS41-A2960
Lo0
32.245 INET1
INET4G 99.84
146.15 MPLS1
32
HY-INET4G- Tu14 6.33

.18
ASR1002X-T5 44.2 Tu10

Po21
34.42
Lo0 Lo0
32.251 241.42
32
Netblock
.15
HY-MC- Po1
208.0 - 215.255
1
ASR1002X-T1
Tu13 RS42-4451-1
40.42 RS42
INET2
Dual ISR 4K
99.84
Dist/Acc 3K/3K
RS42-D3850 RS42-A3650
Tu12 Po2
MPLS2
7.33 38.42
Lo0
243.42
6049F
RS42-4451-2

The following tables provide the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR design model.
Table 1 IWAN dual hybrid with PLR model—Hub router IP addresses
Loopback IP Port channel IP

IWAN function Host name address address
Hub MC HY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26
Hub BR (MPLS1) HY-MPLS1-ASR1002X-1 10.6.32.241/32 10.6.32.2/30
Hub BR (INET1) HY-INET1-ASR1002X-2 10.6.32.242/32 10.6.32.6/30
Hub BR (PLR) HY-INET4G-ASR1002X-5 10.6.32.245/32 10.6.32.18/30
Table 2 IWAN dual hybrid with PLR model—Transit router IP addresses

Transit MC HY-MC-ASR1002X-T1 10.8.32.251/32 10.8.32.151/26
Transit BR (MPLS1) HY-MPLS1-ASR1002X-T1 10.8.32.241/32 10.8.32.2/30
Transit BR (INET1) HY-INET1-ASR1002X-T2 10.8.32.242/32 10.8.32.6/30
Transit BR (PLR) HY-INET4G-ASR1002X-T5 10.8.32.245/32 10.8.32.18/30

CONFIGURATION FILES
Below are links to the configuration files for all hybrid hub and transit site WAN aggregation devices using EIGRP:
•• The entire set
•• HY-MC-CSR1000V-1: Hub MC
•• HY-MPLS1-ASR1002X-1: Hub BR (MPLS1)
•• HY-INET1-ASR1002X-2: Hub BR (INET1)
•• HY-MPLS2-ASR1002X-3: Hub BR (MPLS2)
•• HY-INET2-ASR1002X-4: Hub BR (INET2)
•• HY-INET4G-ASR1002X-5: Hub BR (PLR)
•• HY-MC-ASR1002X-T1: Transit MC
•• HY-MPLS1-ASR1002X-T1: Transit BR (MPLS1)
•• HY-INET1-ASR1002X-T2: Transit BR (INET1)
•• HY-MPLS2-ASR1002X-T3: Transit BR (MPLS2)
•• HY-INET2-ASR1002X-T4: Transit BR (INET2)
•• HY-INET4G-ASR1002X-T5: Transit BR (PLR)
•• IW-IE-ASA5545X: Firewall

IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites

EIGRP—Remote Sites
There are two different roles a device can play at the remote site of a PfRv3 configuration:
•• Branch Master Controller—The Branch MC is the MC at the branch-site. There is no policy configuration on
this device. It receives policy from the Hub MC. This device acts as MC for that site for making path-optimi-
zation decision. The configuration includes the IP address of the hub MC.
•• Branch Border Router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR design model.
Table 3 IWAN dual hybrid with PLR model—Remote site router IP addresses
IWAN function Host name Loopback IP address

Branch MC/BR (MPLS1/INET1) RS11-2921 10.255.241.11/32
Branch MC/BR (MPLS1/INET1) RS12-2911-1 10.255.241.12/32
Branch BR (MPLS2/INET2) RS12-2911-2 10.255.243.12/32
Branch MC/BR (MPLS2/INET2/PLR) RS31-4451 10.255.243.31/32
Branch MC/BR (MPLS1/INET1/PLR) RS32-4451-1 10.255.241.32/32
Branch MC/BR (MPLS1/INET1/4G) RS51-2921 10.255.241.51/32

IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites
CONFIGURATION FILES
Below are links to the configuration files for all hybrid remote site devices using EIGRP:
•• RS11—Single-Router, Two-Link, Access (MPLS1 and INET1):
◦◦ RS11-2921: MPLS1 and INET1 WAN links
•• RS12—Dual-Router, Four-Link, Access (MPLS1, MPLS2, INET1 and INET2):
◦◦ RS12-2911-1: MPLS1 and INET1 WAN links
•• RS31—Single-Router, Three-Link, Access (MPLS2, INET2 and PLR):
◦◦ RS31-4451: MPLS2, INET2 and PLR WAN links
•• RS32—Dual-Router, Five-Link, Access (MPLS1, MPLS2, INET1, INET2 and PLR):
◦◦ RS32-4451-1: MPLS1, INET1 and PLR WAN links
•• RS41—Single-Router, Two-Link, Distribution (MPLS1 and INET1):
•• RS42—Dual-Router, Four-Link, Distribution (MPLS1, MPLS2, INET1 and INET2):
•• RS51—Single-Router, Three-Link, Access (MPLS1 and INET1 with LTE Fallback):

IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation

BGP—WAN Aggregation
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit Master Controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit Border Router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
◦◦ The address of the transit MC.
◦◦ The path ID on external interfaces.

Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using BGP
on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 10 IWAN dual hybrid with PLR model for BGP and OSPF
Internal Loopback Netblock
Lo0
10.6.X.X 10.255.X.X 10.7.X.X
To Core 42.251 BGP
Tunnel10 Tunnel11
42.33
Po136 Po36
42.34 24.1 24.30
10.6.34.X 10.6.36.X Community
VLAN300 Attribute Netblock
Lo0 0.0 - 7.255
IE-D3750X IE-ASA5545-1 Tunnel12 Tunnel13 Tunnel14 241.11
BGP
10.6.38.X 10.6.40.X 10.6.42.X RS11
42.38
Lo0 Single ISR G2

Hub Site 32.241 Community Tu11
36.11 Access 2K
(POP1) Attribute RS11-2921 RS11-A2960
HY-MPLS1- Tu10
65100:20 34.11
MPLS1=65100:100 ASR1002X-1
.2
Prefer
32
INET1=65100:200 Lo0
Tu10
Po33 34.1
Lo0 POP2
MPLS2=65100:300 32.242 65100:100 241.12
Tu11 65100:20
INET2=65100:400 Po1
HY-INET1- Tu11 INET1 36.12
Netblock
INET4G=65100:500 32
.6 ASR1002X-2 36.1 Tunnel 11 65100:20 Tu10 16.0 - 23.255
65100:200 34.12 RS12-2911-1 RS12
42.37
Po2 Lo0
Lo0
.1
32.243 Dual ISR G2

32
32.240 .5
32 Access 2K
32.9 32.10 HY-MPLS2- RS12-A2960
Po3 ASR1002X-3
32
.13 Lo0
WAN-D3750X Lo0 Tu13 243.12 OSPF 100
Po4 32.244 Tu12 40.12 Area 0
32 RS12-2911-2
.14 38.1 MPLS1
32
32
65100:300 Tunnel 10 Tu12

.17
.12
HY-INET2-
38.12
9
ASR1002X-4 65100:20
Po5 Tu13 Netblock
Lo0 40.1 Lo0 128.0 - 135.255
32.245
65100:400 243.31
Tu13
RS31
32
HY-INET4G- 40.31
.18
Po21 ASR1002X-5 65100:10 Single ISR 4K

Tu12 Access 2K
OSPF 100 Lo0
38.31 RS31-4451 RS31-A2960
32.251
Area 0 Tu14 INET2
44.1 Tunnel 13 Tu14
32
.15
44.31
HY-MC- Prefer
1
CSR1000v-1
65100:500 Tu11
POP1
65100:101
Internal 36.32
Lo0
65100:10
Tu10 241.32
10.8.X.X 34.2
Lo0
Transit Site 32.241 Tu10 Netblock
To IE-D3750X 34.32
(POP2) 144.0 - 151.255
HY-MPLS1- 65100:201 65100:10 RS32-4451-1 RS32
MPLS1=65100:101 ASR1002X-T1
.2
Tu11 Dual ISR 4K

32
Tu14
MPLS2
42.38
INET1=65100:201 Lo0
36.2
44.31 Access 3K
MPLS2=65100:301 32.242
Tunnel 12 RS32-A3850
Tu13
INET2=65100:401 Po1 40.32
HY-INET1- Lo0
65100:10
INET4G=65100:501 Po35
32
.6 ASR1002X-T2 243.32 OSPF 100
Tu12
38.32 Area 0
65100:301 RS32-4451-2
42.37
Po2 Lo0
.1
Lo0 32.243
32
32.240 .5 Tu12
32
38.2
32.9 32.10 HY-MPLS2- Tu11
Po3 ASR1002X-T3
32 36.41
.13 65100:401
Tu13
WAN-D3750X-T Lo0
40.2
Po4 32.244
32
.14
32
32
Tu10
.17
.12
HY-INET2-
34.41 Netblock Prefer
9
ASR1002X-T4 INET4G Lo0 192.0 - 199.255

Po5
Tunnel 14
65100:10
241.41 POP1
Lo0
32.245 65100:501 Po1 65100:10
Tu14 Tu11 RS41
32
HY-INET4G- 44.2 36.42 RS41-D3750 RS41-A2960

RS41-2921
.18
ASR1002X-T5 Single ISR G2

Po21
Lo0 BGP AS:65100 Dist/Acc 3K/2K
32.251 in WAN Overlay 65100:20 OSPF 100
Area 0
32
Tu10
.15
HY-MC- 34.42
Lo0
1
ASR1002X
241.42
65100:20 Netblock
Po1 208.0 - 215.255 Prefer
Tu13 RS42-4451-1 POP1
40.42 65100:20
RS42-D3850 RS42-A3650
RS42
Tu12 Po2 Dual ISR 4K
38.42 Dist/Acc 3K/3K
Lo0 OSPF 100
243.42 Area 0
6050F
RS42-4451-2

The following table provides the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN hybrid design model.
Table 4 IWAN dual hybrid with PLR model—Hub router IP addresses

Hub MC HY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26
Hub BR (PLR) HY-INET4G-ASR1002X-5 10.6.32.245/32 10.6.32.18/30
Table 5 IWAN dual hybrid with PLR model—Transit router IP addresses

Transit MC HY-MC-ASR1002X-T1 10.8.32.251/32 10.8.32.151/26
Transit BR (PLR) HY-INET4G-ASR1002X-T5 10.8.32.245/32 10.8.32.18/30

CONFIGURATION FILES
Below are links to the configuration files for all hybrid hub and transit site WAN aggregation devices using BGP
and OSPF:
•• HY-MC-CSR1000V-1: Hub MC, BGP
•• HY-MPLS1-ASR1002X-1: Hub BR, BGP (MPLS1)
•• HY-INET1-ASR1002X-2: Hub BR, BGP (INET1)
•• HY-MPLS2-ASR1002X-3: Hub BR, BGP (MPLS2)
•• HY-INET2-ASR1002X-4: Hub BR, BGP (INET2)
•• HY-INET4G-ASR1002X-5: Hub BR, BGP (PLR)
•• HY-MC-ASR1002X-T1: Transit MC, BGP
•• HY-MPLS1-ASR1002X-T1: Transit BR, BGP (MPLS1)
•• HY-INET1-ASR1002X-T2: Transit BR, BGP (INET1)
•• HY-MPLS2-ASR1002X-T3: Transit BR, BGP (MPLS2)
•• HY-INET2-ASR1002X-T4: Transit BR, BGP (INET2)
•• HY-INET4G-ASR1002X-T5: Transit BR, BGP (PLR)

IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites

BGP—Remote Sites
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR design model.
Table 6 IWAN dual hybrid with PLR model—Remote site router IP addresses

Branch MC/BR (MPLS2/INET2/PLR) RS31-4451 10.255.243.31/32
Branch MC/BR (MPLS1/INET1/PLR) RS32-4451-1 10.255.241.32/32
Branch MC/BR (MPLS1/INET1/4G) RS51-2921 10.255.241.51/32

IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites
CONFIGURATION FILES
Below are links to the configuration files for all hybrid remote site devices using BGP and OSPF:
•• RS11—Single-Router, Two-Link, Access, BGP (MPLS1 and INET1):
•• RS12—Dual-Router, Four-Link, Access, BGP (MPLS1, MPLS2, INET1 and INET2):
•• RS31—Single-Router, Three-Link, Access, BGP (MPLS2, INET2 and PLR):
•• RS32—Dual-Router, Five-Link, Access, BGP (MPLS1, MPLS2, INET1, INET2 and PLR):
◦◦ RS32-4451-1: MPLS1, INET1 and PLR WAN links
•• RS41—Single-Router, Two-Link, Distribution, BGP (MPLS1 and INET1):
•• RS42—Dual-Router, Four-Link, Distribution, BGP (MPLS1, MPLS2, INET1 and INET2):
•• RS51—Single-Router, Three-Link, Access, BGP (MPLS1 and INET1 with LTE Fallback):

IWAN Dual Internet Design Model for EIGRP—WAN Aggregation
IWAN Dual Internet Design Model for EIGRP—WAN

Aggregation
This version of the guide also has hub MC HA and hub BR scaling.

This section includes configuration files corresponding to the IWAN dual Internet design model WAN aggregation
site for EIGRP, as referenced in the figure below.
Figure 11 IWAN dual Internet model for EIGRP—Hub MC HA, hub BR scaling and IOS CA
INET1 INET1 Loopback Netblock
172.16.X.X 172.18.X.X 10.255.X.X 10.7.X.X
Internal INET2 INET2 Netblock

INET1 INET2
10.6.X.X 172.17.X.X 172.19.X.X DHCP DHCP Lo0 32.0 - 39.255
98.110 98.109 246.13
IE Outside RS13
Single ISR G2
Lo0
INET1: 172.16.140.11 and 140.12 Access 2K
To Core 42.251 RS13-2911 RS13-A2960
Tunnel20 Tu20
42.33 42.34 24.1 24.30 INET2: 172.17.140.11 and 140.12 64.13
Po136 Po36 10.6.64.X
VLAN300
IE DMZ INET1
192.168.146.X DHCP Lo0
IE-D3750X IE-ASA5545-1 Tunnel21 Tu21
98.116
66.13 246.14
146.1 10.6.66.X
Netblock
42.38
Tu20
48.0 - 55.255
64.14
RS14-2921-1
RS14
Hub Site IWAN-IOS-CA IW-DMZ- Dual ISR G2
.11
D3750X INET2
24
DHCP Access 2K
Tunnel 20 RS14-A2960
Lo0 PfR Lo1 98.115
Po33 32.253 32.252 Lo0
EIGRP AS:400
247.14
DI-MC
3 Tu21
.16 ASR1004-1 RS14-2921-2
32 66.14
42.37
Po22 Lo0 PfR Lo1

Lo0
.1
1 32.254 32.252/31 Tu20 INET1 INET2

24
32.240 .16
To Core 32 64.33 DHCP DHCP Netblock
DI-MC 99.11 99.11 Lo0 160.0 - 167.255
42.41 42.42 32.161 32.164
Po138 Po38 Po23 ASR1004-2 246.33
32
.41
Tu21 RS33
WAN-D3750X Lo0 INET2 66.33 Single ISR 4K
Tu20
Po11 32.246 Tunnel 21
32
32 64.1 Access 2K
RS33-4451 RS33-A2960
32
.42
.45
Tu20
32
.53
.49
DI-INET1- 64.34
ASR1002X-11 146.20
Po12 INET1
Lo0 DHCP
32.247 Tu21 99.19 Lo0
66.1 246.34
32
.46
DI-INET2- Netblock
Po13 ASR1002X-12 146.21 176.0 - 183.255
Lo0 RS34-4451-1
32.248 Tu20 Tu21 RS34
64.2 66.34 INET2
32
Dual ISR 4K
.50
DHCP
DI-INET1- 99.20 RS34-A3650 Access 3K
Po14
ASR1002X-11b 146.22
Tu20
Lo0 64.43 Lo0
32.249 247.34
Tu21
32
66.2
RS34-4451-2
.54
Tu21
DI-INET2- 66.43
ASR1002X-12b 146.23 INET1 INET2
DHCP DHCP
99.92 99.91 Netblock
Tu20 Lo0 224.0 - 231.255
64.44 246.43
Po1 RS43
Single ISR 4K
RS43-D3750 RS43-A2960 Dist/Acc 3K/2K
RS43-4451
INET1
Tu21 DHCP
66.44 99.76
Lo0
246.42
Netblock
Po1
240.0 - 247.255
RS44-3945-1
RS44
Dual ISR G2
RS44-D3750 RS44-A2960 Dist/Acc 3K/2K
Po2
INET2
DHCP Lo0
99.99 247.44
6051F
RS44-3945-2

The following table provides the loopback addresses for the WAN aggregation devices in the IWAN dual Internet
model.
Table 7 IWAN dual Internet model—Hub router IP addresses
Loopback0 IP address Loopback1 IP address

IWAN function Host name (Mgmt) (PfR) Port channel IP address
Hub MC DI-MC-ASR1004-1 10.6.32.253/32 10.6.32.252/32 10.6.32.163/26
Hub MC HA DI-MC-ASR1004-2 10.6.32.254/32 10.6.32.252/31 10.6.32.164/26
Hub BR (INET1) DI-INET1-ASR1002X-11 10.6.32.246/32 N/A 10.6.32.42/30
Hub BR (INET2) DI-INET1-ASR1002X-12 10.6.32.247/32 N/A 10.6.32.46/30
Hub BR2 (INET1) DI-INET1-ASR1002X-11b 10.6.32.248/32 N/A 10.6.32.50/30
Hub BR2 (INET2) DI-INET1-ASR1002X-12b 10.6.32.249/32 N/A 10.6.32.54/30
CONFIGURATION FILES
Below are links to the configuration files for all dual Internet hub site WAN aggregation devices using EIGRP:
•• DI-MC-ASR1004-1: Hub MC
•• DI-MC-ASR1004-2: Hub MC HA
•• DI-INET1-ASR1002X-11: Hub BR (INET1)
•• DI-INET1-ASR1002X-12: Hub BR (INET2)
•• DI-INET1-ASR1002X-11b: Hub BR2 (INET1)
•• DI-INET1-ASR1002X-12b: Hub BR2 (INET2)
•• IWAN-IOS-CA: IOS Certificate Authority

IWAN Dual Internet Design Model for EIGRP—Remote Sites
IWAN Dual Internet Design Model for EIGRP—

Remote Sites
The following table provides the loopback addresses for the remote site devices in the IWAN dual Internet design
model.
Table 8 IWAN dual Internet model—Remote site router IP addresses

Branch MC/BR (INET1/INET2) RS13-2911 10.255.246.13/32
Branch MC/BR (INET1) RS14-2921-1 10.255.246.14/32
Branch BR (INET2) RS14-2921-2 10.255.247.14/32
Branch BR (INET2) RS34-4451-2 10.255.247.34/32
Branch BR (INET2) RS44-3945-2 10.255.247.44/32

IWAN Dual Internet Design Model for EIGRP—Remote Sites
CONFIGURATION FILES
Below are links to the configuration files for all dual Internet remote site devices using EIGRP:
•• RS13—Single-Router, Two-Link, Access (INET1 and INET2):
◦◦ RS13-2911: INET1 and INET2 WAN links
•• RS14—Dual-Router, Two-Link, Access (INET1 and INET2):
◦◦ RS14-2921-1: INET1 WAN link
•• RS33—Single-Router, Two-Link, Access (INET1 and INET2):
•• RS34—Dual-Router, Two-Link, Access (INET1 and INET2):
•• RS43—Single-Router, Two-Link, Distribution (INET1 and INET2):
•• RS44—Dual-Router, Two-Link, Distribution (INET1 and INET2):

Appendix A: Changes
Appendix A: Changes
This appendix summarizes the changes Cisco made to this guide since its last edition.
•• Routing updates
◦◦ Added iBGP in WAN overlay with OSPF on LAN as an option
◦◦ Added EIGRP stub-site and removed remote site tagging
◦◦ Added EIGRP summary metrics
◦◦ Added EIGRP delay parameters on LAN and transit networks
•• PfR updates
◦◦ Added load-balance exclusion
◦◦ Added path preference hierarchy
◦◦ Added path of last resort (PLR)
•• Multiple WAN transports
◦◦ Added dual Hybrid with PLR design model (2 MPLS, 2 INET and 1 INET PLR)
◦◦ Added five hub BRs and five transit BRs with DC Interconnect
◦◦ Added single router remote site with three WAN transports
◦◦ Added dual router remote site with five WAN transports
◦◦ Added EIGRP and BGP/OSPF configurations
•• AVC updates
◦◦ Prime 3.1 and LiveAction Live NX 5.3 for NetFlow collection
•• IKEV2 updates
◦◦ Added NGE/Suite-B AES-GCM-256 encryption proposal
◦◦ Simplified the crypto configurations with “match fvrf any” for portability between design models
◦◦ Added local identity for PSK design to address Carrier Grade NAT issues
•• Hub MC HA updates
◦◦ Configured a second loopback interface for managing the hub MCs

Please use the feedback form to send comments and
suggestions about this guide.
Americas Headquarters Asia Pacific Headquarters Europe Headquarters

Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, “DESIGNS”) IN THIS MANUAL ARE PRESENTED “AS
IS,” WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT
SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION,
LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR
THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS
OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON
FACTORS NOT TESTED BY CISCO.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included
in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2016 Cisco Systems, Inc. All rights reserved.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go
to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Validated Design B-000201i-1 10/16

Intelligent WAN Configuration Files Guide: Cisco Validated Design

Uploaded by

Copyright:

Available Formats

Intelligent WAN Configuration Files Guide: Cisco Validated Design

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intelligent WAN Configuration Files Guide: Cisco Validated Design

Uploaded by

Copyright:

Available Formats

CISCO VALIDATED DESIGN

Configuration Files ........................................................................................................................................................ 13

IWAN Dual Internet Design Model for EIGRP—WAN Aggregation..................................................... 22

IWAN Dual Internet Design Model for EIGRP—Remote Sites............................................................ 25

Cisco Validated Design

Figure 1 IWAN hybrid model—WAN aggregation site overview

Hub Border DMVPN Hub

Cisco Validated Design page 1

Figure 2 IWAN dual Internet model—WAN aggregation site overview

WAN Distribution Hub Master

Hub Border DMVPN Hub

Figure 3 IWAN—Remote-site overview

Single Router Location Dual Router Location

Branch Master Branch Master Branch

Cisco Validated Design page 2

Figure 4 IWAN dual Internet Model—Hub MC high availability

Figure 5 IWAN dual Internet model—Hub BR scalability

INET1 INET2 INET1 INET2

DMVPN 11 DMVPN 12 DMVPN 11 DMVPN 12

Cisco Validated Design page 3

Figure 6 IWAN hybrid model—Second data center as a transit site

Hub Site Transit Site

Hub BRs Transit BRs

MPLS1 INET1 MPLS1 INET1

Cisco Validated Design page 4

MPLS 1 INET 1 MPLS 2 INET 2

Cisco Validated Design page 5

WAN REMOTE SITE

Cisco Validated Design page 6

INTERNET EDGE LAN

LAN ACCESS LAYER

Cisco Validated Design page 7

Place In Network Product Description Part Number SW Version Feature Set

LAN DISTRIBUTION LAYER

Cisco Validated Design page 8

Place in Network Product Description Part Number SW Version Feature Set

Cisco Validated Design page 9

IWAN Dual Hybrid with PLR Design Model for

◦◦ The address of the local MC.

◦◦ The path name on external interfaces.

◦◦ The address of the transit MC.

◦◦ The path name on external interfaces.

◦◦ The path ID on external interfaces.

Cisco Validated Design page 10

Figure 9 IWAN dual hybrid model w/ PLR model for EIGRP

IE DMZ INET1 INET2 INET4G INET1 INET2 INET4G

IE Outside ISP-A ISP-B ISP-C ISP-C ISP-D ISP-B

Po2 Lo0 RS12

HY-INET4G- Tu14 40.31

Po21 ASR1002X-5 44.1 Single ISR 4K

ASR1002X-T4 40.2 Single ISR G2

HY-INET4G- Tu14 6.33

ASR1002X-T5 44.2 Tu10

Cisco Validated Design page 11

Table 1 IWAN dual hybrid with PLR model—Hub router IP addresses

Loopback IP Port channel IP

Table 2 IWAN dual hybrid with PLR model—Transit router IP addresses

Loopback IP Port channel IP

Cisco Validated Design page 12