Configuring Local Subnet Discovery on SteelHead SD
This topic describes how to configure SteelHead SD 2.0 to discover global and local subnets on the LAN side of the network. It includes these topics:
These procedures describe local and global subnet autodiscovery for SteelHead SD 570-SD, 770-SD, 3070-SD appliances and the SteelConnect SDI-2030 gateway located at the branch. For additional information, see the SteelConnect Manager User Guide.
Introducing local subnet discovery
SteelHead SD 2.0 provides the ability to discover subnets at the zone and site level in a branch. Local subnet discovery identifies routes that are local to a particular branch. These routes can be reached from other sites or branches using the overlay tunnels.
Ideally, all routes learned over the LAN interfaces of an appliance, on a particular branch, should be qualified as routes local to that branch. However, this qualification isn't always straight forward. Consider the case where OSPF is configured with both the LAN zones and the WAN uplinks attached to it. In this case, OSPF will not be able to differentiate the routes that it learns over the LAN zones from the ones that it learns over the WAN uplinks. A similar problem can arise when BGP is the chosen protocol where an IBGP neighbor is established with the LAN router and eBGP neighbor is established with the provider-edge router over the WAN uplink. Here BGP will not be able to call out the local subnets implicitly. Another case to consider is when the appliance is placed behind a branch router, it loses the notion of LAN zones and WAN up-links. The local subnet autodiscovery feature provides a means for identifying subnets that are local to a branch.
Routing criteria
Local subnet discovery allows you to define a set of routing criteria so that routes that match the criteria are qualified as subnets local to the branch. The routing criteria are:
•Zone inclusion list - You select one or more of the configured LAN zones. Routes whose next-hop interface matches one of the selected zones are qualified as local subnets. Preexisting zones that are directly connected to a site are added to the list automatically. You can also manually add other zones. Zones deleted from a site are automatically removed from the list.
•Uplink inclusion list - You select one or more of the configured WAN uplinks. Routes whose next-hop interface matches one of the selected WAN uplinks are qualified as local subnets.
•Prefix inclusion list - You configure a list of prefixes. If a route for one of the prefixes in the list is received, it is qualified as a local subnet.
•Next-hop inclusion list - You configure a list of next-hop prefixes. All routes whose next-hop matches one of the entries in the list are qualified as a local subnet.
•Prefix exclusion list - You configure a list of prefixes. If a route for one of the prefixes in the list is received, it’s not qualified as a local subnet.
SteelConnect SDI-2030 and SDI-5030 gateways do not allow you to define routing criteria based on zones and uplinks.
For SteelHead SD, you can create inclusion and exclusion lists at the organization, zone, and site level. For example, you could create an umbrella subnet 10.0.0.0/8 inclusion list at the organization level and then drill down to a particular site to exclude 10.0.0.0/16.
Inclusion lists are applied first, and then exclusions lists will be applied.
Defining global subnet discovery at the organization level
Users can add an organization level subnet discovery rule under the Global Subnet Discovery tab. This rule will be applied to all sites, unless they are specifically overridden by the site-level subnet discovery rule.
To define global subnet discovery for an organization
1. Choose Organizations.
2. Select the Global Subnet Discovery tab.
Defining organization level subnet discovery
3. Click New Included Network.
Defining included networks
4. Specify a Classless Inter-Domain Routing (CIDR) IPv4 address, including the network prefix to be included in local subnet autodiscovery.
5. Click Submit.
6. Click Included Next Hop.
Defining the next hop
7. Specify the IPv4 IP address for the local-subnet next hop from SteelConnect appliance in this site.
8. Click Submit.
9. Click Excluded Networks.
Defining excluded networks
10. Specify the IP address, including the network prefix, to be excluded from local subnet autodiscovery.
11. Click Submit.
Defining local subnet discovery
After you have defined subnet discovery at the organization level, you can drill down to particular sites to define inclusion and exclusion lists. For OSPF routes, make sure that your branch has the LAN zone and WAN uplink attached to it before you begin. For BGP routes, make sure that your branch has the iBGP neighbor defined for the LAN router and the eBGP neighbor defined for the WAN router.
To define local subnet discovery
1. Choose Network Design to display the sites for the organization.
2. Select the site for which you want to define local subnet discovery.
3. Select the Local Subnet Discovery tab.
4. Under Inherit Global, click On to globally include subnets and next hops. Whatever subnets were configured for inclusion or exclusion at the organization level can be inherited at the site level.
Defining site level subnet discovery
5. Select the zone to discover all of the LAN-side subnets routed through the zone’s peers. The list includes automatically populated and manually added zones. Preexisting zones that are directly connected to a site are added to the list automatically. You can manually add other zones. Zones deleted from a site are automatically removed from the list.
Click the trash can to remove a zone from the inclusion list and add its prefix to the exclusion list.
6. Select the uplink from the Uplink Inclusion list.
7. Click Included Network.
Defining included networks
8. Specify a Classless Inter-Domain Routing (CIDR) IP address, including the network prefix, and click Submit.
9. Click Included Next Hop.
Defining the next hop
10. Enter the IPv4 IP address for the next hop, and click Submit.
11. Click On to globally include subnets and next hops. Whatever subnets were configured for inclusion or exclusion at the organization level can be inherited at the site level.
12. Click Excluded Networks.
Defining excluded networks
13. Specify a CIDR IP address, including the network prefix.
14. Click Submit.
To exclude subnets from local subnet discovery
1. Choose Network Design to display the sites for the organization.
2. Select the site for which you want to define local subnet discovery.
3. Select the Local Subnet Discovery tab.
4. Under Local subnet discovery exclusion, click On to globally exclude subnets and next hops. Whatever subnets were configured for inclusion or exclusion at the organization level can be inherited at the site level.
Defining site level subnet discovery
5. Click Excluded Network.
Defining excluded networks
6. Specify the CIDR IP address, including the network prefix.
7. Click Submit.