Re: vBond

RS19 · ‎04-12-2024

In scenarios where there are 2 vBonds, how the redundancy works ?

In normal scenarios, are both the vBonds are active - active or active - standby.

How the redundancy works in case of failure of 1 vBond ?

MHM Cisco World · ‎04-12-2024

https://www.networkacademy.io/ccie-enterprise/sdwan/high-availability

You can run two vbond in same time

MHM

RS19 · ‎04-12-2024

so you mean both are active - active ? In my scenario we are not using DNS.
So in this case how the redundancy works ?

Torbjørn · ‎04-12-2024

They are active - active, but they don't share any state between themselves. If you aren't using DNS, how are you achieving redundancy?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

RS19 · ‎04-13-2024

sorry my bad. We are using DNS

Kanan Huseynli · ‎04-12-2024

Hi,

vBonds are active/active. No sync happens between them, any router require to reach at least one vBond and then follow regular steps. Normally, DNS is recommended even when you have one vBond. However, if you don't have/want to resolve IP with DNS queries to DNS server, bellow "trick" works:

Still you put DNS name for vBond, but in order device to resolve hostname you use local DNS entries.

In general, router will try the first one and then the next one until finds any available vBond. Example.

vbond vbond.[company_domain] port 12346
ip host vbond-lme.msk.lo [1st_vbond_IP] [2dn_vbond_IP]

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/ha-scaling/ios-xe-17/high-availability-book-xe/m-high-availability-and-scaling.html#concept_bkt_nht_w3b

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

RS19 · ‎04-12-2024

Thanks.

In case if the vBond is rechable, but the vBond certificate exprired, will the cEdge will move to the 2nd vBond ?
In my case , cEdge lost connectivity to vManage. Wanted to check if this could be the issue ?
Also we have rearly 30 cEdge devices. So my understanding is that for some cEdges will use vBond-1 & some cEdges will use vBond-2. Is my understanding right ?

Kanan Huseynli · ‎04-12-2024

In case if the vBond is rechable, but the vBond certificate exprired, will the cEdge will move to the 2nd vBond ?

Good question, not 100% sure, most probably yes. It is required to test this.

In my case , cEdge lost connectivity to vManage. Wanted to check if this could be the issue ?

Does you router has successful connection to vBond? vBond is the first step, after that vManage/vSmart connectivity happens.

Also we have rearly 30 cEdge devices. So my understanding is that for some cEdges will use vBond-1 & some cEdges will use vBond-2. Is my understanding right ?

Depends on how devices are configured. If you configured all with DNS and DNS points vbond1 then vbond2, then router always tries to vbond1 and if it is successful then doesn't use vbond2. For such small number of devices you don't need to do any kind of load balancing. Let all connect to vbond1, if it fails to vbond2. In general, vBond connection from Edge devices is temporary. vBond does not keep connection to routers, only to other controllers.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

RS19 · ‎04-12-2024

The cEdges contact vBond using FQDN & DNS servers are confgured. But not sure how the DNS load balacing is configured or working. My understanding is that the DNS resolution can resolve either of the vBond.
Is there any specific settings or configurations related to this ?

balaji.bandi · ‎04-13-2024

vBond High Availability and Scale
• Default behavior: WAN Edge tries to resolve and connect to all known vBond IPs on
all WAN interfaces. Connection is transient.
• Scale approach:
• Configure regional domain name to point to specific regional vBond pair
• Rely on DNS A records or define manual host entry

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKRST-2559.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

RS19 · ‎04-13-2024

Still I have the question. With DNS settings and 2 vBond how will the resolution happens.

Will it be round robin or some other way to resolve to both the vBond IPs.

balaji.bandi · ‎04-13-2024

Depends how you configure - by default round robin.(that is preferred - you can also choose one on other but you need to tweak DNS)

config vbond and DNS reference :

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/system-interface/vedge-20-x/systems-interfaces-book/systems-interfaces.html#id_115170

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎04-12-2024

I have little acknowledge in sdwan but try help here'

The certifcate is of wan edge must add to white list of vmange and then vmange distribution this list to all other controller (vsmart and vbond)

You can check if edge list have edge cert of not

Configuration>certifcates>wan edge list

This cert. Is used to auth edge to vmange vsmart and vbond.

Also you need to check status of controller cert. (In your case vbond is important)

Dashboard check beside logo of certificate warning and invalid count' is it 0 or other' if it other then one controller have issue with cert.

Hope this help ypu

Goodluck friend

MHM