Configuring Local Subnet Discovery on SteelHead SD

This topic describes how to configure SteelHead SD to discover global and local subnets on the LAN side of the network. It includes these topics:

These procedures describe local and global subnet autodiscovery for SteelHead SD 570-SD, 770-SD, and 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. For detailed information, see the SteelConnect Manager User Guide.

SteelHead SD provides the ability to discover subnets at the zone and site level in a branch. Local subnet discovery identifies routes that are local to a particular branch. These routes can be reached from other sites or branches using the overlay tunnels. Local subnet discovery allows you to define a set of routing criteria so that routes that match the criteria are qualified as subnets local to the branch.

Ideally, all routes learned over the LAN interfaces of an appliance, on a particular branch, should be qualified as routes local to that branch. However, this qualification isn't always straight forward. Consider the case where OSPF is configured with both the LAN zones and the WAN uplinks attached to it. In this case, OSPF will not be able to differentiate the routes that it learns over the LAN zones from the ones that it learns over the WAN uplinks.

A similar problem can arise when BGP is the chosen protocol where an iBGP neighbor is established with the LAN router and an eBGP neighbor is established with the provider-edge router over the WAN uplink. Here BGP will not be able to call out the local subnets implicitly. Another case to consider is when the appliance is placed behind a branch router, it loses the notion of LAN zones and WAN uplinks. The local subnet autodiscovery feature provides a means for identifying subnets that are local to a branch.

Local subnet discovery allows you to define a set of routing criteria so that routes that match the criteria are qualified as subnets local to the branch. The routing criteria are:

•Zone inclusion list - You select one or more of the configured LAN zones. Routes whose next-hop interface matches one of the selected zones are qualified as local subnets. Preexisting zones that are directly connected to a site are added to the list automatically. You can also manually add other zones. Zones deleted from a site are automatically removed from the list.

•Uplink inclusion list - You select one or more of the configured WAN uplinks. Routes whose next-hop interface matches one of the selected WAN uplinks are qualified as local subnets. For example, you might want to attract traffic towards a site for transit purposes. If Site A wants to connect to Site C through Site B. Site B can learn Site C networks via the underlay and make Site A traffic bound for Site C to be forwarded to Site C.

•Community inclusion list - You specify a community to include all the routes that carry that community string. The routes matching the community in the community list are reported as local subnets. You can specify multiple communities.

•Tag inclusion list - You specify a tag to include all the routes that include the tag. All the routes matching the tag are reported as local subnets from the configured site. You can specify multiple tags.

•Network prefix inclusion list - You configure a list of prefixes. If a route for one of the prefixes in the list is received, it is qualified as a local subnet.

•Next-hop inclusion list - You configure a list of next-hop prefixes. All routes whose next-hop matches one of the entries in the list are qualified as a local subnet.

•Community exclusion list - You specify a tag to exclude all the routes that include the tag. All the routes matching the tag are reported as local subnets from the configured site. You can specify multiple tags.

•Tag exclusion list - You specify a tag list to include. You can specify multiple tags. The routes matching the tag list are reported as local subnets. You can list more than one community.

•Network prefix exclusion list - You configure a list of prefixes. If a route for one of the prefixes in the list is received, it’s not qualified as a local subnet.

SteelConnect SDI-2030 and SDI-5030 gateways don’t allow you to define routing criteria based on zones and uplinks.

For SteelHead SD, you can create inclusion and exclusion lists at the organization, zone, and site level. For example, you could create an umbrella subnet 10.0.0.0/8 inclusion list at the organization level and then drill down to a particular site to exclude 10.0.0.0/16.

Inclusion lists are applied first, and then exclusions lists will be applied.

Users can add an organization level subnet discovery rule under the Global Subnet Discovery tab. This rule will be applied to all sites, unless they are specifically overridden by the site-level subnet discovery rule.

4. Specify the IPv4 address, including the network prefix to be included in local subnet autodiscovery.

10. Specify the IP address, including the network prefix, to be excluded from local subnet autodiscovery.

After you have defined subnet discovery at the organization level, you can drill down to particular sites to define inclusion and exclusion lists. For OSPF routes, make sure that your branch has the LAN zone and WAN uplink attached to it before you begin. For BGP routes, make sure that your branch has the iBGP neighbor defined for the LAN router and the eBGP neighbor defined for the WAN router.

You can also configure community list and tags for subnet autodiscovery. This feature enables the discovery of subnets based on the community or tag present in the route. You can specify the community list and tag for both inclusion and exclusion network lists.

4. Select the zone to discover all of the LAN-side subnets routed through the zone’s peers. The list includes automatically populated and manually added zones. Preexisting zones that are directly connected to a site are added to the list automatically. You can manually add other zones. Zones deleted from a site are automatically removed from the list.

6. Under Inherit global, click On to globally include subnets and next hops. Whatever subnets were configured for inclusion or exclusion at the organization level can be inherited at the site level.

7. Optionally, specify a community list to include all the routes that carry that community string. The routes matching the community in the community list are reported as local subnets. You can specify multiple communities separated by a comma.

8. Optionally, specify a tag to include all the routes that carry that tag. All the routes matching any tag are reported as local subnets from the configured site. You can specify multiple tags separated by a comma.

4. Under Exclusion List, click On to globally exclude subnets and next hops. Whatever subnets were configured for inclusion or exclusion at the organization level can be inherited at the site level.

5. Optionally, specify a community list to exclude all the routes that carry that community string. The routes matching the community in the community list are not reported as local subnets. You can specify multiple communities separated by a comma.

6. Optionally, specify a tag to exclude all the routes that carry that tag. All the routes matching any tag are not reported as local subnets from the configured site. You can specify multiple tags separated by a comma.