Professional Documents
Culture Documents
Intelligent WAN
Configuration Files Guide
April 2017
Table of Contents
Table of Contents
Introduction...................................................................................................................................... 1
Product List...................................................................................................................................... 8
IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation.......................................... 9
Configuration Files ........................................................................................................................................................ 12
IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites............................................... 13
Configuration Files......................................................................................................................................................... 14
IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation........................................... 15
Configuration Files......................................................................................................................................................... 18
IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites.................................................. 19
Configuration Files......................................................................................................................................................... 20
IWAN Dual Hybrid with PLR and MTT Design Model for BGP—WAN Aggregation............................ 31
Configuration Files......................................................................................................................................................... 33
IWAN Dual Hybrid with PLR and MTT Design Model for BGP—Remote Sites.................................... 34
Configuration Files......................................................................................................................................................... 35
IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—WAN Aggregation.................... 36
Configuration Files......................................................................................................................................................... 39
IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—Remote Sites........................... 40
Configuration Files......................................................................................................................................................... 41
Appendix A: Changes..................................................................................................................... 42
Introduction
The Cisco Intelligent WAN (IWAN) solution provides design and implementation guidance for organizations looking
to deploy wide area network (WAN) transport with a transport-independent design (TID), intelligent path control,
application optimization, and secure encrypted communications between branch locations while reducing the
operating cost of the WAN. IWAN takes full advantage of cost-effective transport services in order to increase
bandwidth capacity without compromising performance, reliability, or security of collaboration or cloud-based
applications.
This document provides the available configuration files for the products used in the Intelligent WAN Deployment
Guide and the Intelligent WAN advanced series of guides.
The advanced guides are as follows:
•• IWAN High Availability and Scalability Deployment Guide
This guide is a companion document to the deployment guides, serving as a reference for engineers who are
evaluating or deploying the IWAN solution.
This guide describes two base IWAN design models and three advanced IWAN design models.
The first design model is the IWAN Hybrid, which uses MPLS paired with Internet as WAN transports. In this
design model, the MPLS WAN can provide more bandwidth for the critical classes of services needed for key ap-
plications and can provide SLA guarantees for these applications.
The second design model is the IWAN Dual Internet, which uses a pair of Internet service providers to further
reduce cost while maintaining a high level of resiliency for the WAN.
Core Layer
WAN Distribution
Hub Master
Layer
Controller
DMVPN 1 DMVPN 2
INET
MPLS
1248F
Figure 2 IWAN dual Internet model—WAN aggregation site overview
Core Layer
DMVPN 11 DMVPN 12
INET
1240F
ISP A / ISP B
1241F
The first advanced design builds on previous design models by adding hub borders routers for horizontal scaling
at a single data center. This design also has an option to add a second hub master controller (MC) at a single data
center for high availability.
Core Layer
Hub Master
Controller (MC)
WAN Distribution Lo1: 10.6.32.252/32
Layer
Hub Master
Controller (MC-HA)
Lo1: 10.6.32.252/31
Hub Border
Routers (BR) Internet Edge
DMVPN 11 DMVPN 12
INET
2307F
Core Layer
Hub Master
WAN Distribution Controller (MC)
Layer Hub Master
Controller (MC-HA)
Hub Border
Routers (BR)
Internet Edge
Multiple paths
to the same
DMVPN
2308F
DMVPN 11 DMVPN 12 DMVPN 11 DMVPN 12
ISP A / ISP B
The second advanced design builds on previous design models with data center redundancy. The multi-data
center or the transit site support feature enables organizations to scale their network infrastructure and load-
balance the traffic when required.
DC1 DC2
10.4.0.0/16 10.4.0.0/16
10.6.0.0/16 DCI 10.8.0.0/16
WAN Core
Hub MC Transit MC
POP-ID 0 POP-ID 1
10.4.0.0/16 10.4.0.0/16
10.6.0.0/16 10.8.0.0/16
The third advanced design model is a multiple transport option called IWAN Dual Hybrid with Path of Last Resort
(PLR). This model has two MPLS transports, two Internet transports, and a fifth transport used as the final option
when the other four are not available. The model is not limited to two MPLS, two Internet and one PLR transport,
but this specific design is used to show the underlying principles for multiple transports. The multiple transport
design can be used with any of the previous design models.
You can add multiple WAN transports with new border routers or the Multiple Tunnel Termination (MTT) feature for
each transport, depending on the scaling requirements.
Figure 7 IWAN dual hybrid with PLR design model—WAN aggregation site overview
Core Layer
WAN Distribution
Layer Hub Master
Controller (MC)
Hub
Border
Routers
(BRs)
Internet Edge
INET INET
MPLS 1 MPLS 2 INET 1 INET 2 PLR
ISP A / ISP B /
6040F
DMVPN 1 DMVPN 3 DMVPN 2 DMVPN 4 DMVPN 5 ISP C
Figure 8 IWAN dual hybrid with PLR and MTT design model—WAN aggregation site overview
Core Layer
Hub Border
Routers (BR)
INET
MPLS1 INET1 MPLS2 INET2
PLR
7081F
DMVPN 1 DMVPN 5 DMVPN 2 DMVPN 3 DMVPN 4
Figure 9 IWAN dual hybrid with PLR design model—Remote site options
IWAN Dual
Hybrid with PLR
INET PLR
MPLS 1 INET 1
Link resiliency
with up to three
WAN transports
INET PLR
Link resiliency
with dual routers
with up to five
6046F
WAN transports
The fourth advanced design model is a multiple transport option called IWAN Dual Hybrid with PLR and Multiple
VRFs. This model adds virtual routing and forwarding instances for isolating end-to-end traffic among multiple
independent networks inside the same data center (DC). Similarly, at the remote location, devices in each VRF
co-exist inside the same physical hardware as the common employee network. The model is not limited to three
VRFs, but this specific design is used to show the underlying principles for multiple VRFs. The multiple VRF design
can be used with any of the previous design models.
The hub-site and transit-site are connected by a data center interconnect (DCI) link. Both sites are further con-
nected to the remote sites over multiple WAN transports.
Figure 10 IWAN dual hybrid with PLR and Multi-VRF design model
IoT-VRF-101
Default VRF
CONT-VRF-102
MPLS1
Hub-Site Tunnel 100 Remote-Site
(Single Router)
WAN-DIST-Firewall IoT Client
IoT Server-1 VRF 101
DHY-M1I1-
VRF 101 ASR1002X-1
Web Server-1 DC
(Shared Services) Hub Site
Default VRF INET1 Employees
DHY-M2I2I3- Tunnel 200 RS11-4451-1 RS-ACCESS Default VRF
Contractor WAN-D3750X ASR1002X-2
Server-1
VRF 102
Contractor
DHY-MC-
CSR1000v-1 Client
VRF 102
MPLS2
Tunnel 300
DCI
Remote-Site
Transit-Site (Dual Router)
IoT Client
IoT Server-2
DHY-M1I1- RS32-4451-1 VRF 101
VRF 101 ASR1002X-T1
INET2
Web Server-2 DC Tunnel 400
(Shared Services) Transit Site
Default VRF
DHY-M2I2I3-
Employees
RS-ACCESS Default VRF
Contractor WAN-D3750X-T ASR1002X-T2
Server-2
VRF 102
7089F
ASR1002X-T1
Tunnel 500
VRF 102
Product List
To view the full list of IWAN-supported routers for this version of the CVD, see Supported Cisco Platforms and
Software Releases.
This guide was validated using the software in this appendix. When deploying, you should always use the Cisco
IOS Software Checker tool to see if there are software vulnerabilities applicable for your environment. This tool is
available at the following location:
https://tools.cisco.com/security/center/selectIOSVersion.x
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit master controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit border router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using
EIGRP, as referenced in the figure below.
Figure 11 IWAN dual hybrid model w/ PLR model for EIGRP
Internal MPLS1 MPLS2 MPLS1 MPLS2
10.6.X.X 192.168.6.X 192.168.7.X 192.168.6.X 192.168.7.X
Lo0
42.251 INET1: 172.16.140.1 and 140.2 Loopback Netblock
To Core Tunnel10 Tunnel11
42.33 42.34 24.1 24.30 INET2: 172.17.140.1 and 140.2 10.255.X.X 10.7.X.X
Po136 Po36 10.6.34.X 10.6.36.X
VLAN300 INET4G: 172.18.140.1 and 140.2 Netblock
Lo0 0.0 - 7.255
IE-D3750X IE-ASA5545-1
146.1 Tunnel12 Tunnel13 Tunnel14 INET1 241.11
10.6.38.X 10.6.40.X 10.6.42.X 98.91 RS11
42.38
Lo0 Tu11
32.241 Single ISR G2
36.11
IW-DMZ- Access 2K
MPLS1 RS11-2921 RS11-A2960
A2960X Tu10
HY-MPLS1- 6.1 MPLS1
ASR1002X-1 6.5 34.11
.2
32
Hub Site
Lo0 Tu10 INET1 INET1 Lo0
Po33 98.100
32.242 34.1 Tunnel 11 Tu11
241.12
Po1 INET1 36.12
HY-INET1- 146.10 Netblock
.6 Tu11
32 ASR1002X-2 MPLS1 Tu10 16.0 - 23.255
36.1 6.9 34.12 RS12-2911-1
42.37
32.243
32
32.240 .5
To Core 32 MPLS2
Dual ISR G2
HY-MPLS2- 7.1 RS12-A2960 Access 2K
42.41 42.42 32.9 32.10
Po138 Po38 Po3 ASR1002X-3
32
.13 Lo0
Lo0 INET2 Tu13 243.12
WAN-D3750X Tu12 98.100 40.12
Po4 32.244 38.1
32 RS12-2911-2
.14 MPLS1
32
32
Tunnel 10 Tu12
.17
Tu13 MPLS2
.12
HY-INET2-
40.1 38.12 7.9
9
ASR1002X-4 INET2
Po5 146.11
Netblock
Lo0
Lo0 128.0 - 135.255
32.245 INET4G
INET2 243.31
146.12 Tu13
98.204 RS31
32
98.204
.15
HY-MC- 44.31
1
CSR1000v-1
INET1
EIGRP AS:400 Tu11
98.252 Lo0
36.32
241.32
Tu10
34.2 MPLS1 Tu10 Netblock
6.25 34.32 144.0 - 151.255
Internal
10.8.X.X INET4G RS32-4451-1
Lo0 98.252 RS32
32.241 Tu14
To IE-D3750X MPLS2 44.31 Dual ISR 4K
Tunnel 12 INET2
RS32-A3850
Access 3K
HY-MPLS1- Tu13 98.252
ASR1002X-T1 MPLS1 40.32
.2
32
6.41 Lo0
42.38
Lo0 243.32
Transit Site 32.242
INET1
Tu12
RS32-4451-2
Po1 38.32
146.13
Po35 HY-INET1- Tu11 MPLS2
.6 ASR1002X-T2
32 36.2 7.25
Tu11 INET1
42.37
Po2 Lo0
Lo0 36.41 99.44
.1
32.243
32
32.240 .5
To Core 32 MPLS1
HY-MPLS2- 7.41
42.41 42.42 32.9 32.10 Tu12
Po140 Po40 Po3 ASR1002X-T3
32 38.2 Tu10
.13
34.41
Netblock
WAN-D3750X-T Lo0 INET4G MPLS1 Lo0 192.0 - 199.255
32.244 6.29
Po4
32 INET2 Tunnel 14 241.41
.14
RS41
32
32
146.14 Po1
.17
Tu13
.12
HY-INET2-
40.2 Single ISR G2
9
ASR1002X-T4
Po5 Tu11 Dist/Acc 3K/2K
36.42 RS41-2921 RS41-D3750 RS41-A2960
Lo0
32.245 INET1
INET4G 99.84
146.15 MPLS1
32
Netblock
.15
HY-MC- Po1
208.0 - 215.255
1
ASR1002X-T1
Tu13 RS42-4451-1
40.42 RS42
INET2
Dual ISR 4K
99.84
Dist/Acc 3K/3K
RS42-D3850 RS42-A3650
Tu12 Po2
MPLS2
7.33 38.42
Lo0
243.42
6049F
RS42-4451-2
The following tables provide the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR design model.
Configuration Files
Below are the configuration files for all hub and transit site WAN aggregation—EIGRP:
•• The entire set
•• DHY-MC-CSR1000V-1: Hub MC
•• DHY-MC-ASR1002X-T1: Transit MC
•• IW-IE-ASA5545X: Firewall
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR design model.
Table 3 IWAN dual hybrid with PLR model—Remote site router IP addresses
Configuration Files
Below are links to the configuration files for all hybrid remote site devices using EIGRP:
•• The entire set
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit master controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit border router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using BGP
on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 12 IWAN dual hybrid with PLR model for BGP and OSPF
Internal Loopback Netblock
Lo0
10.6.X.X 10.255.X.X 10.7.X.X
To Core 42.251 BGP
Tunnel10 Tunnel11
42.33
Po136 Po36
42.34 24.1 24.30
10.6.34.X 10.6.36.X Community
VLAN300 Attribute Netblock
Lo0 0.0 - 7.255
IE-D3750X IE-ASA5545-1 Tunnel12 Tunnel13 Tunnel14 241.11
BGP
10.6.38.X 10.6.40.X 10.6.42.X RS11
42.38
Prefer
32
INET1=65100:200 Lo0
Tu10
Po33 34.1
Lo0 POP2
MPLS2=65100:300 32.242 65100:100 241.12
Tu11 65100:20
INET2=65100:400 Po1
HY-INET1- Tu11 INET1 36.12
Netblock
INET4G=65100:500 32
.6 ASR1002X-2 36.1 Tunnel 11 65100:20 Tu10 16.0 - 23.255
65100:200 34.12 RS12-2911-1 RS12
42.37
Po2 Lo0
Lo0
.1
32.240 .5
32 Access 2K
32.9 32.10 HY-MPLS2- RS12-A2960
Po3 ASR1002X-3
32
.13 Lo0
WAN-D3750X Lo0 Tu13 243.12 OSPF 100
Po4 32.244 Tu12 40.12 Area 0
32 RS12-2911-2
.14 38.1 MPLS1
32
32
HY-INET2-
38.12
9
ASR1002X-4 65100:20
Po5 Tu13 Netblock
Lo0 40.1 Lo0 128.0 - 135.255
32.245
65100:400 243.31
Tu13
RS31
32
HY-INET4G- 40.31
.18
44.31
HY-MC- Prefer
1
CSR1000v-1
65100:500 Tu11
POP1
65100:101
Internal 36.32
Lo0
65100:10
Tu10 241.32
10.8.X.X 34.2
Lo0
Transit Site 32.241 Tu10 Netblock
To IE-D3750X 34.32
(POP2) 144.0 - 151.255
HY-MPLS1- 65100:201 65100:10 RS32-4451-1 RS32
MPLS1=65100:101 ASR1002X-T1
.2
Tu14
MPLS2
42.38
INET1=65100:201 Lo0
36.2
44.31 Access 3K
MPLS2=65100:301 32.242
Tunnel 12 RS32-A3850
Tu13
INET2=65100:401 Po1 40.32
HY-INET1- Lo0
65100:10
INET4G=65100:501 Po35
32
.6 ASR1002X-T2 243.32 OSPF 100
Tu12
38.32 Area 0
65100:301 RS32-4451-2
42.37
Po2 Lo0
.1
Lo0 32.243
32
32.240 .5 Tu12
32
38.2
32.9 32.10 HY-MPLS2- Tu11
Po3 ASR1002X-T3
32 36.41
.13 65100:401
Tu13
WAN-D3750X-T Lo0
40.2
Po4 32.244
32
.14
32
32
Tu10
.17
.12
HY-INET2-
34.41 Netblock Prefer
9
Tu10
.15
HY-MC- 34.42
Lo0
1
ASR1002X
241.42
65100:20 Netblock
Po1 208.0 - 215.255 Prefer
Tu13 RS42-4451-1 POP1
40.42 65100:20
RS42-D3850 RS42-A3650
RS42
Tu12 Po2 Dual ISR 4K
38.42 Dist/Acc 3K/3K
Lo0 OSPF 100
243.42 Area 0
6050F
RS42-4451-2
The following table provides the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN hybrid design model.
Configuration Files
Below are links to the configuration files for all hybrid hub and transit site WAN aggregation devices using BGP
and OSPF:
•• The entire set
•• IW-IE-ASA5545X: Firewall
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR design model.
Table 6 IWAN dual hybrid with PLR model—Remote site router IP addresses
Configuration Files
Below are links to the configuration files for all hybrid remote site devices using BGP and OSPF:
•• The entire set
•• RS32—Dual-Router, Five-Link, Access, BGP (MPLS1, MPLS2, INET1, INET2 and PLR):
•• RS51—Single-Router, Three-Link, Access, BGP (MPLS1 and INET1 with LTE Fallback):
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
This version of the guide also has hub MC HA and hub BR scaling.
This section includes configuration files corresponding to the IWAN dual Internet design model WAN aggregation
site for EIGRP, as referenced in the figure below.
Figure 13 IWAN dual Internet model for EIGRP—Hub MC HA, hub BR scaling and IOS CA
INET1 INET1 Loopback Netblock
172.16.X.X 172.18.X.X 10.255.X.X 10.7.X.X
Tu20
48.0 - 55.255
64.14
RS14-2921-1
RS14
Hub Site IWAN-IOS-CA IW-DMZ- Dual ISR G2
.11
D3750X INET2
24
DHCP Access 2K
Tunnel 20 RS14-A2960
Lo0 PfR Lo1 98.115
Po33 32.253 32.252 Lo0
EIGRP AS:400
247.14
DI-MC
3 Tu21
.16 ASR1004-1 RS14-2921-2
32 66.14
42.37
32.240 .1
To Core 32 64.33 DHCP DHCP Netblock
DI-MC 99.11 99.11 Lo0 160.0 - 167.255
42.41 42.42 32.161 32.164
Po138 Po38 Po23 ASR1004-2 246.33
32
.41
Tu21 RS33
WAN-D3750X Lo0 INET2 66.33 Single ISR 4K
Tu20
Po11 32.246 Tunnel 21
32
32 64.1 Access 2K
RS33-4451 RS33-A2960
32
.42
.45
Tu20
32
.53
.49
DI-INET1- 64.34
ASR1002X-11 146.20
Po12 INET1
Lo0 DHCP
32.247 Tu21 99.19 Lo0
66.1 246.34
32
.46
DI-INET2- Netblock
Po13 ASR1002X-12 146.21 176.0 - 183.255
Lo0 RS34-4451-1
32.248 Tu20 Tu21 RS34
64.2 66.34 INET2
32
Dual ISR 4K
.50
DHCP
DI-INET1- 99.20 RS34-A3650 Access 3K
Po14
ASR1002X-11b 146.22
Tu20
Lo0 64.43 Lo0
32.249 247.34
Tu21
32
66.2
RS34-4451-2
.54
Tu21
DI-INET2- 66.43
ASR1002X-12b 146.23 INET1 INET2
DHCP DHCP
99.92 99.91 Netblock
Tu20 Lo0 224.0 - 231.255
64.44 246.43
Po1 RS43
Single ISR 4K
RS43-D3750 RS43-A2960 Dist/Acc 3K/2K
RS43-4451
INET1
Tu21 DHCP
66.44 99.76
Lo0
246.42
Netblock
Po1
240.0 - 247.255
RS44-3945-1
RS44
Dual ISR G2
RS44-D3750 RS44-A2960 Dist/Acc 3K/2K
Po2
INET2
DHCP Lo0
99.99 247.44 6051F
RS44-3945-2
The following table provides the loopback addresses for the WAN aggregation devices in the IWAN dual Internet
model.
Configuration Files
Below are links to the configuration files for all dual Internet hub site WAN aggregation devices using EIGRP:
•• The entire set
•• DI-MC-ASR1004-1: Hub MC
•• DI-MC-ASR1004-2: Hub MC HA
•• IW-IE-ASA5545X: Firewall
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following table provides the loopback addresses for the remote site devices in the IWAN dual Internet design
model.
Configuration Files
Below are links to the configuration files for all dual Internet remote site devices using EIGRP:
•• The entire set
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
This version of the guide also has MTT, hub MC HA, hub BR scaling and IOS CA.
This section includes configuration files corresponding to the IWAN hybrid design model WAN aggregation site for
EIGRP, as referenced in the figure below.
Figure 14 IWAN hybrid with MTT design model for EIGRP—Hub MC HA, hub BR scaling and IOS CA
MPLS1 MPLS
192.168.X.X 192.168.X.X
Internal Loopback Netblock
10.6.X.X INET1 INET1 10.255.X.X 10.7.X.X
172.16.X.X 172.18.X.X
Netblock
Lo0 32.0 - 39.255
Lo0
42.251 Tunnel 20 INET1 246.13
To Core IE Outside RS13
10.6.64.X DHCP
42.33 42.34 24.1 24.30 INET1: 172.16.140.11 and 140.12 98.109 Single ISR 4K
Po136 Po36
VLAN300 Access 2K
Tunnel 21 MPLS1
RS13-A2960
IE DMZ 6.89 RS13-4451
IE-D3750X IE-ASA5545-1
146.1 10.6.66.X
192.168.146.X
Tu21
66.13
42.38
Lo0
INET1 247.14 Netblock
24 Tu20 DHCP 48.0 - 55.255
.1 64.13 98.115
1
IWAN-IOS-CA IW-DMZ- RS14-2921-2
RS14
A2960X Tu21 Dual ISR G2
66.14 Access 2K
Lo0 PfR Lo1 RS14-A2960
32.253 32.252 INET1
Hub Site MPLS1
Tunnel 21 6.93
HY-MC Lo0
3
. 16 ASR1002X-1 246.14
EIGRP AS:400 Po33
32
Lo0 PfR Lo1 RS14-2921-1
32.254 32.252/31
Po22 Tu20 INET1 Netblock
64.14 DHCP
HY-MC 160.0 - 167.255
64 99.11 Lo0
32.1 ASR1002X-2
Tu21
42.37
246.33
MPLS1 RS33
61
32.240 6.97
32
Tu21 RS34-4451-1
66.43
INET1
DHCP
99.92 Netblock
MPLS1 224.0 - 231.255
Tu20 Lo0
6.105
64.43 246.43
Po1
RS43
Single ISR 4K
Dist/Acc 3K/2K
RS43-D3750 RS43-A2960
RS43-4451
Tu21
66.44
INET1
DHCP
99.76
Lo0
247.44
Netblock
RS44-4451-2 240.0 - 247.255
Po2
Tu20
64.44 RS44
Dual ISR 4K
MPLS1 Po1 Dist/Acc 3K/2K
RS44-D3750 RS44-A2960
6.109
Lo0
246.44 6061F
RS44-4451-1
The following table provides the loopback addresses for the WAN aggregation devices in the IWAN hybrid model.
Configuration Files
Below are links to the configuration files for all hybrid with MTT hub site WAN aggregation devices using EIGRP:
•• The entire set
•• HY-MC-ASR1002X-1: Hub MC
•• HY-MC-ASR1002X-2: Hub MC HA
•• IW-IE-ASA5545X: Firewall
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following table provides the loopback addresses for the remote site devices in the IWAN hybrid with MTT
design model.
Table 10 IWAN hybrid with MTT model—Remote site router IP addresses
Loopback IP
IWAN function Host name address
Branch MC/BR (MPLS1/INET1) RS13-4451 10.255.246.13/32
Branch MC/BR (MPLS1) RS14-2921-1 10.255.246.14/32
Branch BR (INET1) RS14-2921-2 10.255.247.14/32
Branch MC/BR (MPLS1/INET1) RS33-4451 10.255.246.33/32
Branch MC/BR (MPLS1) RS34-4451-1 10.255.246.34/32
Branch BR (INET1) RS34-4451-2 10.255.247.34/32
Branch MC/BR (MPLS1/INET1) RS43-4451 10.255.246.43/32
Branch MC/BR (MPLS1) RS44-4451-1 10.255.246.44/32
Branch BR (INET1) RS44-4451-2 10.255.247.44/32
Configuration Files
Below are links to the configuration files for all hybrid with MTT remote site devices using EIGRP:
•• The entire set
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit master controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit border router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR and MTT
using BGP on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 15 IWAN dual hybrid with PLR and MTT model for BGP and OSPF
Loopback Netblock
Internal Tunnel10 Tunnel11 10.255.X.X 10.7.X.X
10.6.X.X 10.6.34.X 10.6.36.X
Lo0 BGP Netblock
42.251 Lo0 0.0 - 7.255
Tunnel12 Tunnel13 Tunnel14 Community 241.11
To Core
42.33 42.34 24.1 24.30 BGP
10.6.38.X 10.6.40.X 10.6.42.X Attribute RS11
Po136 Po36 Single ISR G2
VLAN300 Community Tu11
36.11 Access 2K
Attribute RS11-2921 RS11-A2960
IE-D3750X IE-ASA5545-1 Tu10
65100:20 34.11
42.38
MPLS2=65100:300 34.12
32
Tu10
Lo0
INET2=65100:400 Po33 32.242
34.1 Dual ISR 4K
Access 2K
INET4G=65100:500 65100:100
RS12-A2960
Po1 DHY-M2l2l3-
ASR1002X-2 Lo0
.6
32 Tu13 Tu13 243.12 OSPF 100
40.1 40.31 Area 0
42.37
MPLS1 RS12-4451-2
32
32.240 .5 32.251
32 Tu12
Tu12 Tunnel 10
65100:20 38.12
38.1
32.129 Po21 32.151 DHY-MC-
CSR1000v-1 65100:300 Netblock
Lo0 128.0 - 135.255
WAN-D3750X Tu14 243.31
Tu13
44.1
40.31 RS31
65100:500 65100:10 Single ISR 4K
OSPF 100 Tu12
RS31-4451 RS31-A2960 Access 2K
Area 0 INET2
38.31
65100:201
Tunnel 13 Tu14
Tu11 65100:101 44.31
Internal Lo0 36.2 Prefer
Transit Site 10.8.X.X 32.241
Tu11
POP1
Tu10 Lo0
(POP2) 34.2
36.32
241.32
65100:10
To IE-D3750X DHY-M1l1-
ASR1002x-T1 65100:10
MPLS1=65100:101 Tu10 Netblock
42.38
34.32
.2
Lo0
Lo0 Tu14 65100:10 OSPF 100
.1
.5 32.251
Tu12 Area 0
32 65100:501
38.32 RS32-4451-2
INET4G
Tunnel 14
Tu10
BGP AS:65100
34.41 Netblock Prefer
Lo0 192.0 - 199.255
in WAN Overlay 65100:10
241.41 POP1
Po1 65100:10
Tu11
36.42
RS41
RS41-4451 RS41-D3750 RS41-A2960 Single ISR 4K
Dist/Acc 3K/2K
65100:20
OSPF 100
Area 0
Tu10
34.42
Lo0
241.42
65100:20 Netblock
Po1 208.0 - 215.255 Prefer
Tu13 RS42-4451-1 POP2
40.42 65100:20
RS42-D3850 RS42-A3650
RS42
Tu12 Po2 Dual ISR 4K
38.42 Dist/Acc 3K/3K
Lo0 OSPF 100
243.42 Area 0
6060F
RS42-4451-2
The following table provides the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR and MTT design model.
Table 11 IWAN dual hybrid with PLR and MTT model—Hub router IP addresses
Table 12 IWAN dual hybrid with PLR and MTT model—Transit router IP addresses
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and MTT hub and transit site WAN aggrega-
tion devices using BGP and OSPF:
•• The entire set
•• IW-IE-ASA5545X: Firewall
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR and MTT design model.
Table 13 IWAN dual hybrid with PLR and MTT model—Remote site router IP addresses
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and MTT remote site devices using BGP and
OSPF:
•• The entire set
•• RS32—Dual-Router, Five-Link, Access, BGP (MPLS1, MPLS2, INET1, INET2 and PLR):
•• RS51—Single-Router, Three-Link, Access, BGP (MPLS1 and INET1 with LTE Fallback):
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit master controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit border router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
In order to enable inter-VRF route leaking, a Cisco firewall is configured with static routes. It is attached to the
hub-site WAN distribution switch, and a very basic configuration is included here as a reference only.
Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR and Multi-
VRF using BGP on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 16 IWAN dual hybrid with PLR and Multi-VRF model for BGP and OSPF
Hub-site Internal Hub-site Internal Hub-site Internal Tunnel100 Tunnel200 Tunnel300 Tunnel400 Tunnel500 Loopback0 Netblock
Default VRF IoT-VRF-101 CONT-VRF-102 Default VRF Default VRF Default VRF Default VRF Default VRF Default VRF Default VRF
10.6.X.X 10.21.X.X 10.25.X.X 10.6.34.X 10.6.36.X 10.6.38.X 10.6.40.X 10.6.44.X 10.255.X.X 10.7.X.X
7102F
Default VRF IoT-VRF-101 CONT-VRF-102
10.8.X.X 10.23.X.X 10.27.X.X
The following tables provide the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR and Multi-VRF design model.
Table 14 IWAN dual hybrid with PLR and Multi-VRF model—Hub and transit router IP addresses (Default VRF)
Table 15 IWAN dual hybrid with PLR and Multi-VRF model—Hub and transit router IP addresses (IoT-VRF-101)
Table 16 IWAN dual hybrid with PLR and Multi-VRF model—Hub and transit router IP addresses (CONT-VRF-102)
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and Multi-VRF hub and transit site WAN ag-
gregation devices using BGP and OSPF:
•• The entire set
•• IW-IE-ASA5545X: Firewall
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR and Multi-VRF design model.
Table 17 IWAN dual hybrid with PLR and Multi-VRF model—Remote site router IP addresses (Default VRF)
Table 18 IWAN dual hybrid with PLR and Multi-VRF model—Remote site router IP addresses (IoT-VRF-101)
Table 19 IWAN dual hybrid with PLR and Multi-VRF model—Remote site router IP addresses (CONT-VRF-102)
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and Multi-VRF remote site devices using BGP
and OSPF:
•• The entire set
•• RS32—Dual-Router, Five-Link, Access, BGP (MPLS1, MPLS2, INET1, INET2 and PLR):
Appendix A: Changes
This appendix summarizes the changes Cisco made to this guide since its last edition.
•• Routing updates:
◦◦ Changed an EIGRP summary address in the WAN aggregation switches to cover a larger range of net-
works at the hub location
◦◦ Simplified the EIGRP tagging and removed the filtering that was no longer needed
◦◦ Added the EIGRP data center affinity use case to hub and remote sites
•• Hub BR updates:
◦◦ Added the Multiple Tunnel Termination feature with EIGRP and BGP
•• Multi-VRF update:
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, “DESIGNS”) IN THIS MANUAL ARE PRESENTED “AS
IS,” WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT
SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION,
LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR
THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS
OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON
FACTORS NOT TESTED BY CISCO.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included
in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go
to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. (1110R)