Intelligent Wan Configuration Files Guide: Cisco Validated Design

Cisco Validated design
Intelligent WAN
Configuration Files Guide
April 2017
Table of Contents
Table of Contents
Introduction...................................................................................................................................... 1
Product List...................................................................................................................................... 8
IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation.......................................... 9
Configuration Files ........................................................................................................................................................ 12
IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites............................................... 13
Configuration Files......................................................................................................................................................... 14
IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation........................................... 15
IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites.................................................. 19
IWAN Dual Internet Design Model for EIGRP—WAN Aggregation..................................................... 21

IWAN Dual Internet Design Model for EIGRP—Remote Sites............................................................ 24

IWAN Hybrid with MTT Design Model for EIGRP—WAN Aggregation............................................... 26

IWAN Hybrid with MTT Design Model for EIGRP—Remote Sites...................................................... 29

IWAN Dual Hybrid with PLR and MTT Design Model for BGP—WAN Aggregation............................ 31
IWAN Dual Hybrid with PLR and MTT Design Model for BGP—Remote Sites.................................... 34
IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—WAN Aggregation.................... 36
IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—Remote Sites........................... 40
Appendix A: Changes..................................................................................................................... 42
Cisco Validated Design

Introduction
Introduction
The Cisco Intelligent WAN (IWAN) solution provides design and implementation guidance for organizations looking
to deploy wide area network (WAN) transport with a transport-independent design (TID), intelligent path control,
application optimization, and secure encrypted communications between branch locations while reducing the
operating cost of the WAN. IWAN takes full advantage of cost-effective transport services in order to increase
bandwidth capacity without compromising performance, reliability, or security of collaboration or cloud-based
applications.
This document provides the available configuration files for the products used in the Intelligent WAN Deployment
Guide and the Intelligent WAN advanced series of guides.
The advanced guides are as follows:
•• IWAN High Availability and Scalability Deployment Guide
•• IWAN Multiple Data Center Deployment Guide
•• IWAN Multiple Transports Deployment Guide
•• IWAN Multiple VRF Deployment Guide
•• IWAN Public Key Infrastructure Deployment Guide
•• IWAN NetFlow Monitoring Deployment Guide
•• IWAN Remote Site 4G LTE Deployment Guide
This guide is a companion document to the deployment guides, serving as a reference for engineers who are
evaluating or deploying the IWAN solution.
This guide describes two base IWAN design models and three advanced IWAN design models.
The first design model is the IWAN Hybrid, which uses MPLS paired with Internet as WAN transports. In this
design model, the MPLS WAN can provide more bandwidth for the critical classes of services needed for key ap-
plications and can provide SLA guarantees for these applications.
The second design model is the IWAN Dual Internet, which uses a pair of Internet service providers to further
reduce cost while maintaining a high level of resiliency for the WAN.
Cisco Validated Design page 1

Introduction
Figure 1 IWAN hybrid model—WAN aggregation site overview
Core Layer
WAN Distribution
Hub Master
Layer
Controller
Hub Border DMVPN Hub

Routers Routers Internet Edge
DMVPN 1 DMVPN 2
INET
MPLS
1248F
Figure 2 IWAN dual Internet model—WAN aggregation site overview
Core Layer
WAN Distribution Hub Master

Layer Controller
Hub Border DMVPN Hub

Routers Routers Internet Edge
DMVPN 11 DMVPN 12
INET
1240F
ISP A / ISP B

Introduction
Figure 3 IWAN—Remote-site overview
Single Router Location Dual Router Location
Branch Master Branch Master Branch

Controller/ Controller/ Border
Branch Border Branch Border Router
Router Router
1241F
The first advanced design builds on previous design models by adding hub borders routers for horizontal scaling
at a single data center. This design also has an option to add a second hub master controller (MC) at a single data
center for high availability.
Figure 4 IWAN dual Internet Model—Hub MC high availability
Core Layer
Hub Master
Controller (MC)
WAN Distribution Lo1: 10.6.32.252/32
Layer
Hub Master
Controller (MC-HA)
Lo1: 10.6.32.252/31
Hub Border
Routers (BR) Internet Edge
DMVPN 11 DMVPN 12
INET
2307F
INET1 INET2 ISP A / ISP B

Introduction
Figure 5 IWAN dual Internet model—Hub BR scalability
Core Layer
Hub Master
WAN Distribution Controller (MC)
Layer Hub Master
Controller (MC-HA)
Hub Border
Routers (BR)
Internet Edge
Multiple paths
to the same
DMVPN
INET1 INET2 INET1 INET2

PATH-ID 1 PATH-ID 2 PATH-ID 3 PATH-ID 4
INET
2308F
DMVPN 11 DMVPN 12 DMVPN 11 DMVPN 12
ISP A / ISP B
The second advanced design builds on previous design models with data center redundancy. The multi-data
center or the transit site support feature enables organizations to scale their network infrastructure and load-
balance the traffic when required.
Figure 6 IWAN hybrid model—Second data center as a transit site
DC1 DC2
10.4.0.0/16 10.4.0.0/16
10.6.0.0/16 DCI 10.8.0.0/16
WAN Core
Hub Site Transit Site
Hub MC Transit MC
POP-ID 0 POP-ID 1
10.4.0.0/16 10.4.0.0/16
10.6.0.0/16 10.8.0.0/16
Hub BRs Transit BRs
MPLS1 INET1 MPLS1 INET1

PATH-ID 1 PATH-ID 2 PATH-ID 1 PATH-ID 2
2309F
DMVPN 1 DMVPN 2 DMVPN 1 DMVPN 2

Introduction
The third advanced design model is a multiple transport option called IWAN Dual Hybrid with Path of Last Resort
(PLR). This model has two MPLS transports, two Internet transports, and a fifth transport used as the final option
when the other four are not available. The model is not limited to two MPLS, two Internet and one PLR transport,
but this specific design is used to show the underlying principles for multiple transports. The multiple transport
design can be used with any of the previous design models.
You can add multiple WAN transports with new border routers or the Multiple Tunnel Termination (MTT) feature for
each transport, depending on the scaling requirements.
Figure 7 IWAN dual hybrid with PLR design model—WAN aggregation site overview
Core Layer
WAN Distribution
Layer Hub Master
Controller (MC)
Hub
Border
Routers
(BRs)
Internet Edge
INET INET
MPLS 1 MPLS 2 INET 1 INET 2 PLR
ISP A / ISP B /
6040F
DMVPN 1 DMVPN 3 DMVPN 2 DMVPN 4 DMVPN 5 ISP C

Introduction
Figure 8 IWAN dual hybrid with PLR and MTT design model—WAN aggregation site overview
Core Layer
WAN Distribution Hub Master

Layer Controller (MC)
Hub Border
Routers (BR)
INET
MPLS1 INET1 MPLS2 INET2
PLR
7081F
DMVPN 1 DMVPN 5 DMVPN 2 DMVPN 3 DMVPN 4
Figure 9 IWAN dual hybrid with PLR design model—Remote site options
IWAN Dual
Hybrid with PLR
INET PLR
MPLS 1 INET 1
Link resiliency
with up to three
WAN transports
INET PLR
MPLS 1 INET 1 MPLS 2 INET 2
Link resiliency
with dual routers
with up to five
6046F
WAN transports

Introduction
The fourth advanced design model is a multiple transport option called IWAN Dual Hybrid with PLR and Multiple
VRFs. This model adds virtual routing and forwarding instances for isolating end-to-end traffic among multiple
independent networks inside the same data center (DC). Similarly, at the remote location, devices in each VRF
co-exist inside the same physical hardware as the common employee network. The model is not limited to three
VRFs, but this specific design is used to show the underlying principles for multiple VRFs. The multiple VRF design
can be used with any of the previous design models.
The hub-site and transit-site are connected by a data center interconnect (DCI) link. Both sites are further con-
nected to the remote sites over multiple WAN transports.
Figure 10 IWAN dual hybrid with PLR and Multi-VRF design model
IoT-VRF-101
Default VRF
CONT-VRF-102
MPLS1
Hub-Site Tunnel 100 Remote-Site
(Single Router)
WAN-DIST-Firewall IoT Client
IoT Server-1 VRF 101
DHY-M1I1-
VRF 101 ASR1002X-1
Web Server-1 DC
(Shared Services) Hub Site
Default VRF INET1 Employees
DHY-M2I2I3- Tunnel 200 RS11-4451-1 RS-ACCESS Default VRF
Contractor WAN-D3750X ASR1002X-2
Server-1
VRF 102
Contractor
DHY-MC-
CSR1000v-1 Client
VRF 102
MPLS2
Tunnel 300
DCI
Remote-Site
Transit-Site (Dual Router)
IoT Client
IoT Server-2
DHY-M1I1- RS32-4451-1 VRF 101
VRF 101 ASR1002X-T1
INET2
Web Server-2 DC Tunnel 400
(Shared Services) Transit Site
Default VRF
DHY-M2I2I3-
Employees
RS-ACCESS Default VRF
Contractor WAN-D3750X-T ASR1002X-T2
Server-2
VRF 102
DHY-MC- RS32-4451-2 Contractor

INET4G
Client
7089F
ASR1002X-T1
Tunnel 500
VRF 102

Product List
Product List
To view the full list of IWAN-supported routers for this version of the CVD, see Supported Cisco Platforms and
Software Releases.
This guide was validated using the software in this appendix. When deploying, you should always use the Cisco
IOS Software Checker tool to see if there are software vulnerabilities applicable for your environment. This tool is
available at the following location:
https://tools.cisco.com/security/center/selectIOSVersion.x

IWAN Dual Hybrid with PLR Design Model for EIGRP—WAN Aggregation
IWAN Dual Hybrid with PLR Design Model for

EIGRP—WAN Aggregation
Performance Routing Version 3 (PfRv3) consists of two major Cisco IOS components: an MC and a border router
(BR). The MC defines the policies and applies them to various traffic classes that traverse the BR systems. The
MC can be configured to learn and control traffic classes on the network.
There are two different roles a device can play at the WAN aggregation site of a PfRv3 configuration:
•• Hub master controller—The hub MC is the MC at the primary WAN aggregation site. This is the MC device
where all PfRv3 policies are configured. It also acts as MC for that site and makes path-optimization decision.
There is only one hub MC per IWAN domain.
•• Hub border router—This is a BR at the hub MC site. This is the device where WAN interfaces terminate. There
can be only one WAN interface on the device. There can be one or more hub BRs. On the Hub BRs, PfRv3
must be configured with:
◦◦ The address of the local MC.
◦◦ The path name on external interfaces.
This section also shows a second data center acting as a transit site with a transit MC and transit BRs.
•• Transit master controller—The transit MC is the MC at the transit site. There is no policy configuration on this
device. It receives policy from the hub MC. This device acts as MC for that site for making path optimization
decisions. The configuration includes the IP address of the hub MC.
•• Transit border router—This is a BR at the transit MC site. This is the device where WAN interfaces terminate.
There can only be one WAN interface on the device. There can be one or more transit BRs. On the transit
BRs, PfRv3 must be configured with:
◦◦ The address of the transit MC.
◦◦ The path ID on external interfaces.

Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using
EIGRP, as referenced in the figure below.
Figure 11 IWAN dual hybrid model w/ PLR model for EIGRP
Internal MPLS1 MPLS2 MPLS1 MPLS2
10.6.X.X 192.168.6.X 192.168.7.X 192.168.6.X 192.168.7.X
IE DMZ INET1 INET2 INET4G INET1 INET2 INET4G

192.168.146.X 172.16.X.X 172.17.X.X 172.18.X.X 172.18.X.X 172.19.X.X 172.17.X.X
IE Outside ISP-A ISP-B ISP-C ISP-C ISP-D ISP-B
Lo0
42.251 INET1: 172.16.140.1 and 140.2 Loopback Netblock
To Core Tunnel10 Tunnel11
42.33 42.34 24.1 24.30 INET2: 172.17.140.1 and 140.2 10.255.X.X 10.7.X.X
Po136 Po36 10.6.34.X 10.6.36.X
VLAN300 INET4G: 172.18.140.1 and 140.2 Netblock
Lo0 0.0 - 7.255
IE-D3750X IE-ASA5545-1
146.1 Tunnel12 Tunnel13 Tunnel14 INET1 241.11
10.6.38.X 10.6.40.X 10.6.42.X 98.91 RS11
42.38
Lo0 Tu11
32.241 Single ISR G2
36.11
IW-DMZ- Access 2K
MPLS1 RS11-2921 RS11-A2960
A2960X Tu10
HY-MPLS1- 6.1 MPLS1
ASR1002X-1 6.5 34.11
.2
32
Hub Site
Lo0 Tu10 INET1 INET1 Lo0
Po33 98.100
32.242 34.1 Tunnel 11 Tu11
241.12
Po1 INET1 36.12
HY-INET1- 146.10 Netblock
.6 Tu11
32 ASR1002X-2 MPLS1 Tu10 16.0 - 23.255
36.1 6.9 34.12 RS12-2911-1
42.37
Po2 Lo0 RS12

Lo0
.1
32.243
32
32.240 .5
To Core 32 MPLS2
Dual ISR G2
HY-MPLS2- 7.1 RS12-A2960 Access 2K
42.41 42.42 32.9 32.10
Po138 Po38 Po3 ASR1002X-3
32
.13 Lo0
Lo0 INET2 Tu13 243.12
WAN-D3750X Tu12 98.100 40.12
Po4 32.244 38.1
32 RS12-2911-2
.14 MPLS1
32
32
Tunnel 10 Tu12
.17
Tu13 MPLS2
.12
HY-INET2-
40.1 38.12 7.9
9
ASR1002X-4 INET2
Po5 146.11
Netblock
Lo0
Lo0 128.0 - 135.255
32.245 INET4G
INET2 243.31
146.12 Tu13
98.204 RS31
32
HY-INET4G- Tu14 40.31

.18
Po21 ASR1002X-5 44.1 Single ISR 4K

MPLS2 Tu12 Access 2K
Lo0 RS31-4451 RS31-A2960
7.21 38.31
32.251
INET2
Tunnel 13 Tu14 INET4G
32
98.204
.15
HY-MC- 44.31
1
CSR1000v-1
INET1
EIGRP AS:400 Tu11
98.252 Lo0
36.32
241.32
Tu10
34.2 MPLS1 Tu10 Netblock
6.25 34.32 144.0 - 151.255
Internal
10.8.X.X INET4G RS32-4451-1
Lo0 98.252 RS32
32.241 Tu14
To IE-D3750X MPLS2 44.31 Dual ISR 4K
Tunnel 12 INET2
RS32-A3850
Access 3K
HY-MPLS1- Tu13 98.252
ASR1002X-T1 MPLS1 40.32
.2
32
6.41 Lo0
42.38
Lo0 243.32
Transit Site 32.242
INET1
Tu12
RS32-4451-2
Po1 38.32
146.13
Po35 HY-INET1- Tu11 MPLS2
.6 ASR1002X-T2
32 36.2 7.25
Tu11 INET1
42.37
Po2 Lo0
Lo0 36.41 99.44
.1
32.243
32
32.240 .5
To Core 32 MPLS1
HY-MPLS2- 7.41
42.41 42.42 32.9 32.10 Tu12
Po140 Po40 Po3 ASR1002X-T3
32 38.2 Tu10
.13
34.41
Netblock
WAN-D3750X-T Lo0 INET4G MPLS1 Lo0 192.0 - 199.255
32.244 6.29
Po4
32 INET2 Tunnel 14 241.41
.14
RS41
32
32
146.14 Po1
.17
Tu13
.12
HY-INET2-
40.2 Single ISR G2
9
ASR1002X-T4
Po5 Tu11 Dist/Acc 3K/2K
36.42 RS41-2921 RS41-D3750 RS41-A2960
Lo0
32.245 INET1
INET4G 99.84
146.15 MPLS1
32
HY-INET4G- Tu14 6.33

.18
ASR1002X-T5 44.2 Tu10

Po21
34.42
Lo0 Lo0
32.251 241.42
32
Netblock
.15
HY-MC- Po1
208.0 - 215.255
1
ASR1002X-T1
Tu13 RS42-4451-1
40.42 RS42
INET2
Dual ISR 4K
99.84
Dist/Acc 3K/3K
RS42-D3850 RS42-A3650
Tu12 Po2
MPLS2
7.33 38.42
Lo0
243.42
6049F
RS42-4451-2

The following tables provide the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR design model.
Table 1 IWAN dual hybrid with PLR model—Hub router IP addresses
Loopback IP Port channel IP

IWAN function Host name address address
Hub MC DHY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26
Hub BR (MPLS1) DHY-MPLS1-ASR1002X-1 10.6.32.241/32 10.6.32.2/30
Hub BR (INET1) DHY-INET1-ASR1002X-2 10.6.32.242/32 10.6.32.6/30
Hub BR (PLR) DHY-INET4G-ASR1002X-5 10.6.32.245/32 10.6.32.18/30
Table 2 IWAN dual hybrid with PLR model—Transit router IP addresses

Transit MC DHY-MC-ASR1002X-T1 10.8.32.251/32 10.8.32.151/26
Transit BR (MPLS1) DHY-MPLS1-ASR1002X-T1 10.8.32.241/32 10.8.32.2/30
Transit BR (INET1) DHY-INET1-ASR1002X-T2 10.8.32.242/32 10.8.32.6/30
Transit BR (PLR) DHY-INET4G-ASR1002X-T5 10.8.32.245/32 10.8.32.18/30

Configuration Files
Below are the configuration files for all hub and transit site WAN aggregation—EIGRP:
•• The entire set
•• DHY-MC-CSR1000V-1: Hub MC
•• DHY-MPLS1-ASR1002X-1: Hub BR (MPLS1)
•• DHY-INET1-ASR1002X-2: Hub BR (INET1)
•• DHY-MPLS2-ASR1002X-3: Hub BR (MPLS2)
•• DHY-INET2-ASR1002X-4: Hub BR (INET2)
•• DHY-INET4G-ASR1002X-5: Hub BR (PLR)
•• DHY-MC-ASR1002X-T1: Transit MC
•• DHY-MPLS1-ASR1002X-T1: Transit BR (MPLS1)
•• DHY-INET1-ASR1002X-T2: Transit BR (INET1)
•• DHY-MPLS2-ASR1002X-T3: Transit BR (MPLS2)
•• DHY-INET2-ASR1002X-T4: Transit BR (INET2)
•• DHY-INET4G-ASR1002X-T5: Transit BR (PLR)
•• IW-IE-ASA5545X: Firewall

IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites

EIGRP—Remote Sites
Performance Routing Version 3 consists of two major Cisco IOS components: an MC and a BR. The MC defines
the policies and applies them to various traffic classes that traverse the BR systems. The MC can be configured
to learn and control traffic classes on the network.
There are two different roles a device can play at the remote site of a PfRv3 configuration:
•• Branch master controller—The Branch MC is the MC at the branch-site. There is no policy configuration on
this device. It receives policy from the Hub MC. This device acts as MC for that site for making path-optimi-
zation decision. The configuration includes the IP address of the hub MC.
•• Branch border router—This is a BR at the branch-site. The configuration on this device enables BR func-
tionality and includes the IP address of the site local MC. The WAN interface that terminates on the device is
detected automatically.
The following tables provide the loopback IP addresses for the remote site devices in the IWAN dual hybrid with
PLR design model.
Table 3 IWAN dual hybrid with PLR model—Remote site router IP addresses
IWAN function Host name Loopback IP address

Branch MC/BR (MPLS1/INET1) RS11-2921 10.255.241.11/32
Branch MC/BR (MPLS1/INET1) RS12-2911-1 10.255.241.12/32
Branch BR (MPLS2/INET2) RS12-2911-2 10.255.243.12/32
Branch MC/BR (MPLS2/INET2/ RS31-4451 10.255.243.31/32
PLR)
Branch MC/BR (MPLS1/INET1/PLR) RS32-4451-1 10.255.241.32/32
Branch MC/BR (MPLS1/INET1/4G) RS51-2921 10.255.241.51/32

IWAN Dual Hybrid with PLR Design Model for EIGRP—Remote Sites
Configuration Files
Below are links to the configuration files for all hybrid remote site devices using EIGRP:
•• RS11—Single-Router, Two-Link, Access (MPLS1 and INET1):
◦◦ RS11-2921: MPLS1 and INET1 WAN links
•• RS12—Dual-Router, Four-Link, Access (MPLS1, MPLS2, INET1 and INET2):
◦◦ RS12-2911-1: MPLS1 and INET1 WAN links
•• RS31—Single-Router, Three-Link, Access (MPLS2, INET2 and PLR):
◦◦ RS31-4451: MPLS2, INET2 and PLR WAN links
•• RS32—Dual-Router, Five-Link, Access (MPLS1, MPLS2, INET1, INET2 and PLR):
◦◦ RS32-4451-1: MPLS1, INET1 and PLR WAN links
•• RS41—Single-Router, Two-Link, Distribution (MPLS1 and INET1):
•• RS42—Dual-Router, Four-Link, Distribution (MPLS1, MPLS2, INET1 and INET2):
•• RS51—Single-Router, Three-Link, Access (MPLS1 and INET1 with LTE Fallback):

IWAN Dual Hybrid with PLR Design Model for BGP—WAN Aggregation

BGP—WAN Aggregation

Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR using BGP
on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 12 IWAN dual hybrid with PLR model for BGP and OSPF
Internal Loopback Netblock
Lo0
10.6.X.X 10.255.X.X 10.7.X.X
To Core 42.251 BGP
Tunnel10 Tunnel11
42.33
Po136 Po36
42.34 24.1 24.30
10.6.34.X 10.6.36.X Community
VLAN300 Attribute Netblock
Lo0 0.0 - 7.255
IE-D3750X IE-ASA5545-1 Tunnel12 Tunnel13 Tunnel14 241.11
BGP
10.6.38.X 10.6.40.X 10.6.42.X RS11
42.38
Lo0 Single ISR G2

Hub Site 32.241 Community Tu11
36.11 Access 2K
(POP1) Attribute RS11-2921 RS11-A2960
HY-MPLS1- Tu10
65100:20 34.11
MPLS1=65100:100 ASR1002X-1
.2
Prefer
32
INET1=65100:200 Lo0
Tu10
Po33 34.1
Lo0 POP2
MPLS2=65100:300 32.242 65100:100 241.12
Tu11 65100:20
INET2=65100:400 Po1
HY-INET1- Tu11 INET1 36.12
Netblock
INET4G=65100:500 32
.6 ASR1002X-2 36.1 Tunnel 11 65100:20 Tu10 16.0 - 23.255
65100:200 34.12 RS12-2911-1 RS12
42.37
Po2 Lo0
Lo0
.1
32.243 Dual ISR G2

32
32.240 .5
32 Access 2K
32.9 32.10 HY-MPLS2- RS12-A2960
Po3 ASR1002X-3
32
.13 Lo0
WAN-D3750X Lo0 Tu13 243.12 OSPF 100
Po4 32.244 Tu12 40.12 Area 0
32 RS12-2911-2
.14 38.1 MPLS1
32
32
65100:300 Tunnel 10 Tu12

.17
.12
HY-INET2-
38.12
9
ASR1002X-4 65100:20
Po5 Tu13 Netblock
Lo0 40.1 Lo0 128.0 - 135.255
32.245
65100:400 243.31
Tu13
RS31
32
HY-INET4G- 40.31
.18
Po21 ASR1002X-5 65100:10 Single ISR 4K

Tu12 Access 2K
OSPF 100 Lo0
38.31 RS31-4451 RS31-A2960
32.251
Area 0 Tu14 INET2
44.1 Tunnel 13 Tu14
32
.15
44.31
HY-MC- Prefer
1
CSR1000v-1
65100:500 Tu11
POP1
65100:101
Internal 36.32
Lo0
65100:10
Tu10 241.32
10.8.X.X 34.2
Lo0
Transit Site 32.241 Tu10 Netblock
To IE-D3750X 34.32
(POP2) 144.0 - 151.255
HY-MPLS1- 65100:201 65100:10 RS32-4451-1 RS32
MPLS1=65100:101 ASR1002X-T1
.2
Tu11 Dual ISR 4K

32
Tu14
MPLS2
42.38
INET1=65100:201 Lo0
36.2
44.31 Access 3K
MPLS2=65100:301 32.242
Tunnel 12 RS32-A3850
Tu13
INET2=65100:401 Po1 40.32
HY-INET1- Lo0
65100:10
INET4G=65100:501 Po35
32
.6 ASR1002X-T2 243.32 OSPF 100
Tu12
38.32 Area 0
65100:301 RS32-4451-2
42.37
Po2 Lo0
.1
Lo0 32.243
32
32.240 .5 Tu12
32
38.2
32.9 32.10 HY-MPLS2- Tu11
Po3 ASR1002X-T3
32 36.41
.13 65100:401
Tu13
WAN-D3750X-T Lo0
40.2
Po4 32.244
32
.14
32
32
Tu10
.17
.12
HY-INET2-
34.41 Netblock Prefer
9
ASR1002X-T4 INET4G Lo0 192.0 - 199.255

Po5
Tunnel 14
65100:10
241.41 POP1
Lo0
32.245 65100:501 Po1 65100:10
Tu14 Tu11 RS41
32
HY-INET4G- 44.2 36.42 RS41-D3750 RS41-A2960

RS41-2921
.18
ASR1002X-T5 Single ISR G2

Po21
Lo0 BGP AS:65100 Dist/Acc 3K/2K
32.251 in WAN Overlay 65100:20 OSPF 100
Area 0
32
Tu10
.15
HY-MC- 34.42
Lo0
1
ASR1002X
241.42
65100:20 Netblock
Po1 208.0 - 215.255 Prefer
Tu13 RS42-4451-1 POP1
40.42 65100:20
RS42-D3850 RS42-A3650
RS42
Tu12 Po2 Dual ISR 4K
38.42 Dist/Acc 3K/3K
Lo0 OSPF 100
243.42 Area 0
6050F
RS42-4451-2

The following table provides the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN hybrid design model.
Table 4 IWAN dual hybrid with PLR model—Hub router IP addresses

Hub MC DHY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26
Hub BR (PLR) DHY-INET4G-ASR1002X-5 10.6.32.245/32 10.6.32.18/30
Table 5 IWAN dual hybrid with PLR model—Transit router IP addresses

Transit BR (PLR) DHY-INET4G-ASR1002X-T5 10.8.32.245/32 10.8.32.18/30

Configuration Files
Below are links to the configuration files for all hybrid hub and transit site WAN aggregation devices using BGP
and OSPF:
•• DHY-MC-CSR1000V-1: Hub MC, BGP
•• DHY-MPLS1-ASR1002X-1: Hub BR, BGP (MPLS1)
•• DHY-INET1-ASR1002X-2: Hub BR, BGP (INET1)
•• DHY-MPLS2-ASR1002X-3: Hub BR, BGP (MPLS2)
•• DHY-INET2-ASR1002X-4: Hub BR, BGP (INET2)
•• DHY-INET4G-ASR1002X-5: Hub BR, BGP (PLR)
•• DHY-MC-ASR1002X-T1: Transit MC, BGP
•• DHY-MPLS1-ASR1002X-T1: Transit BR, BGP (MPLS1)
•• DHY-INET1-ASR1002X-T2: Transit BR, BGP (INET1)
•• DHY-MPLS2-ASR1002X-T3: Transit BR, BGP (MPLS2)
•• DHY-INET2-ASR1002X-T4: Transit BR, BGP (INET2)
•• DHY-INET4G-ASR1002X-T5: Transit BR, BGP (PLR)

IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites

BGP—Remote Sites
PLR design model.
Table 6 IWAN dual hybrid with PLR model—Remote site router IP addresses

Branch MC/BR (MPLS2/INET2/PLR) RS31-4451 10.255.243.31/32

IWAN Dual Hybrid with PLR Design Model for BGP—Remote Sites
Configuration Files
Below are links to the configuration files for all hybrid remote site devices using BGP and OSPF:
•• RS11—Single-Router, Two-Link, Access, BGP (MPLS1 and INET1):
•• RS12—Dual-Router, Four-Link, Access, BGP (MPLS1, MPLS2, INET1 and INET2):
•• RS31—Single-Router, Three-Link, Access, BGP (MPLS2, INET2 and PLR):
•• RS32—Dual-Router, Five-Link, Access, BGP (MPLS1, MPLS2, INET1, INET2 and PLR):
•• RS41—Single-Router, Two-Link, Distribution, BGP (MPLS1 and INET1):
•• RS42—Dual-Router, Four-Link, Distribution, BGP (MPLS1, MPLS2, INET1 and INET2):
•• RS51—Single-Router, Three-Link, Access, BGP (MPLS1 and INET1 with LTE Fallback):

IWAN Dual Internet Design Model for EIGRP—WAN Aggregation
IWAN Dual Internet Design Model for EIGRP—WAN

Aggregation
This version of the guide also has hub MC HA and hub BR scaling.

This section includes configuration files corresponding to the IWAN dual Internet design model WAN aggregation
site for EIGRP, as referenced in the figure below.
Figure 13 IWAN dual Internet model for EIGRP—Hub MC HA, hub BR scaling and IOS CA
INET1 INET1 Loopback Netblock
172.16.X.X 172.18.X.X 10.255.X.X 10.7.X.X
Internal INET2 INET2 Netblock

INET1 INET2
10.6.X.X 172.17.X.X 172.19.X.X DHCP DHCP Lo0 32.0 - 39.255
98.110 98.109 246.13
IE Outside RS13
Single ISR G2
Lo0
INET1: 172.16.140.11 and 140.12 Access 2K
To Core 42.251 RS13-2911 RS13-A2960
Tunnel20 Tu20
42.33 42.34 24.1 24.30 INET2: 172.17.140.11 and 140.12 64.13
Po136 Po36 10.6.64.X
VLAN300
IE DMZ INET1
192.168.146.X DHCP Lo0
IE-D3750X IE-ASA5545-1 Tunnel21 Tu21
98.116
66.13 246.14
146.1 10.6.66.X
Netblock
42.38
Tu20
48.0 - 55.255
64.14
RS14-2921-1
RS14
Hub Site IWAN-IOS-CA IW-DMZ- Dual ISR G2
.11
D3750X INET2
24
DHCP Access 2K
Tunnel 20 RS14-A2960
Lo0 PfR Lo1 98.115
Po33 32.253 32.252 Lo0
EIGRP AS:400
247.14
DI-MC
3 Tu21
.16 ASR1004-1 RS14-2921-2
32 66.14
42.37
Po22 Lo0 PfR Lo1

Lo0
.1
61 32.254 32.252/31 Tu20 INET1 INET2

24
32.240 .1
To Core 32 64.33 DHCP DHCP Netblock
DI-MC 99.11 99.11 Lo0 160.0 - 167.255
42.41 42.42 32.161 32.164
Po138 Po38 Po23 ASR1004-2 246.33
32
.41
Tu21 RS33
WAN-D3750X Lo0 INET2 66.33 Single ISR 4K
Tu20
Po11 32.246 Tunnel 21
32
32 64.1 Access 2K
RS33-4451 RS33-A2960
32
.42
.45
Tu20
32
.53
.49
DI-INET1- 64.34
ASR1002X-11 146.20
Po12 INET1
Lo0 DHCP
32.247 Tu21 99.19 Lo0
66.1 246.34
32
.46
DI-INET2- Netblock
Po13 ASR1002X-12 146.21 176.0 - 183.255
Lo0 RS34-4451-1
32.248 Tu20 Tu21 RS34
64.2 66.34 INET2
32
Dual ISR 4K
.50
DHCP
DI-INET1- 99.20 RS34-A3650 Access 3K
Po14
ASR1002X-11b 146.22
Tu20
Lo0 64.43 Lo0
32.249 247.34
Tu21
32
66.2
RS34-4451-2
.54
Tu21
DI-INET2- 66.43
ASR1002X-12b 146.23 INET1 INET2
DHCP DHCP
99.92 99.91 Netblock
Tu20 Lo0 224.0 - 231.255
64.44 246.43
Po1 RS43
Single ISR 4K
RS43-D3750 RS43-A2960 Dist/Acc 3K/2K
RS43-4451
INET1
Tu21 DHCP
66.44 99.76
Lo0
246.42
Netblock
Po1
240.0 - 247.255
RS44-3945-1
RS44
Dual ISR G2
RS44-D3750 RS44-A2960 Dist/Acc 3K/2K
Po2
INET2
DHCP Lo0
99.99 247.44 6051F
RS44-3945-2

The following table provides the loopback addresses for the WAN aggregation devices in the IWAN dual Internet
model.
Table 7 IWAN dual Internet model—Hub router IP addresses
Loopback0 IP Loopback1 IP Port channel IP

IWAN function Host name address (Mgmt) address (PfR) address
Hub MC DI-MC-ASR1004-1 10.6.32.253/32 10.6.32.252/32 10.6.32.163/26
Hub MC HA DI-MC-ASR1004-2 10.6.32.254/32 10.6.32.252/31 10.6.32.164/26
Hub BR (INET1) DI-INET1-ASR1002X-11 10.6.32.246/32 N/A 10.6.32.42/30
Hub BR (INET2) DI-INET1-ASR1002X-12 10.6.32.247/32 N/A 10.6.32.46/30
Hub BR2 (INET1) DI-INET1-ASR1002X-11b 10.6.32.248/32 N/A 10.6.32.50/30
Hub BR2 (INET2) DI-INET1-ASR1002X-12b 10.6.32.249/32 N/A 10.6.32.54/30
Configuration Files
Below are links to the configuration files for all dual Internet hub site WAN aggregation devices using EIGRP:
•• DI-MC-ASR1004-1: Hub MC
•• DI-MC-ASR1004-2: Hub MC HA
•• DI-INET1-ASR1002X-11: Hub BR (INET1)
•• DI-INET1-ASR1002X-12: Hub BR (INET2)
•• DI-INET1-ASR1002X-11b: Hub BR2 (INET1)
•• DI-INET1-ASR1002X-12b: Hub BR2 (INET2)
•• IWAN-IOS-CA: IOS Certificate Authority

IWAN Dual Internet Design Model for EIGRP—Remote Sites
IWAN Dual Internet Design Model for EIGRP—

Remote Sites
The following table provides the loopback addresses for the remote site devices in the IWAN dual Internet design
model.
Table 8 IWAN dual Internet model—Remote site router IP addresses

Branch MC/BR (INET1/INET2) RS13-2911 10.255.246.13/32
Branch MC/BR (INET1) RS14-2921-1 10.255.246.14/32
Branch BR (INET2) RS14-2921-2 10.255.247.14/32
Branch BR (INET2) RS34-4451-2 10.255.247.34/32
Branch BR (INET2) RS44-3945-2 10.255.247.44/32

IWAN Dual Internet Design Model for EIGRP—Remote Sites
Configuration Files
Below are links to the configuration files for all dual Internet remote site devices using EIGRP:
•• RS13—Single-Router, Two-Link, Access (INET1 and INET2):
◦◦ RS13-2911: INET1 and INET2 WAN links
•• RS14—Dual-Router, Two-Link, Access (INET1 and INET2):
◦◦ RS14-2921-1: INET1 WAN link
•• RS33—Single-Router, Two-Link, Access (INET1 and INET2):
•• RS34—Dual-Router, Two-Link, Access (INET1 and INET2):
•• RS43—Single-Router, Two-Link, Distribution (INET1 and INET2):
•• RS44—Dual-Router, Two-Link, Distribution (INET1 and INET2):

IWAN Hybrid with MTT Design Model for EIGRP—WAN Aggregation
IWAN Hybrid with MTT Design Model for EIGRP—

WAN Aggregation
This version of the guide also has MTT, hub MC HA, hub BR scaling and IOS CA.

This section includes configuration files corresponding to the IWAN hybrid design model WAN aggregation site for
EIGRP, as referenced in the figure below.
Figure 14 IWAN hybrid with MTT design model for EIGRP—Hub MC HA, hub BR scaling and IOS CA
MPLS1 MPLS
192.168.X.X 192.168.X.X
Internal Loopback Netblock
10.6.X.X INET1 INET1 10.255.X.X 10.7.X.X
172.16.X.X 172.18.X.X
Netblock
Lo0 32.0 - 39.255
Lo0
42.251 Tunnel 20 INET1 246.13
To Core IE Outside RS13
10.6.64.X DHCP
42.33 42.34 24.1 24.30 INET1: 172.16.140.11 and 140.12 98.109 Single ISR 4K
Po136 Po36
VLAN300 Access 2K
Tunnel 21 MPLS1
RS13-A2960
IE DMZ 6.89 RS13-4451
IE-D3750X IE-ASA5545-1
146.1 10.6.66.X
192.168.146.X
Tu21
66.13
42.38
Lo0
INET1 247.14 Netblock
24 Tu20 DHCP 48.0 - 55.255
.1 64.13 98.115
1
IWAN-IOS-CA IW-DMZ- RS14-2921-2
RS14
A2960X Tu21 Dual ISR G2
66.14 Access 2K
Lo0 PfR Lo1 RS14-A2960
32.253 32.252 INET1
Hub Site MPLS1
Tunnel 21 6.93
HY-MC Lo0
3
. 16 ASR1002X-1 246.14
EIGRP AS:400 Po33
32
Lo0 PfR Lo1 RS14-2921-1
32.254 32.252/31
Po22 Tu20 INET1 Netblock
64.14 DHCP
HY-MC 160.0 - 167.255
64 99.11 Lo0
32.1 ASR1002X-2
Tu21
42.37
246.33
MPLS1 RS33
61
Lo0 Po23 66.33

.1
32.240 6.97
32
61 Lo0 Single ISR 4K

To Core 32.1 32.246 INET 1
Tu21
42.41 42.42 66.1 Access 2K
Po138 Po38 32.41 146.20 RS33-A2960
32.42 Tu20 RS33-4451
32 Po11 HY-M1l1-
Tu20 64.33
.45 ASR1002X-11
WAN-D3750X 64.1 MPLS1
Lo0 MPLS1 Tunnel 20 Tu21
INET1
6.81 DHCP
Po12 32.247 Tu21 66.34 Lo0
32 99.19
.46 INET 1 66.2 247.34
146.22
HY-M1l1- Netblock
ASR1002X-11b Tu20 176.0 - 183.255
64.2 RS34-4451-2
MPLS1
6.85
RS34
Tu20 MPLS1 Dual ISR 4K
64.34 6.101 Access 3K
Lo0 RS34-A3650
246.34
Tu21 RS34-4451-1
66.43
INET1
DHCP
99.92 Netblock
MPLS1 224.0 - 231.255
Tu20 Lo0
6.105
64.43 246.43
Po1
RS43
Single ISR 4K
Dist/Acc 3K/2K
RS43-D3750 RS43-A2960
RS43-4451
Tu21
66.44
INET1
DHCP
99.76
Lo0
247.44
Netblock
RS44-4451-2 240.0 - 247.255
Po2
Tu20
64.44 RS44
Dual ISR 4K
MPLS1 Po1 Dist/Acc 3K/2K
RS44-D3750 RS44-A2960
6.109
Lo0
246.44 6061F
RS44-4451-1

The following table provides the loopback addresses for the WAN aggregation devices in the IWAN hybrid model.
Table 9 IWAN hybrid with MTT model—Hub router IP addresses
Loopback0 IP Loopback1 IP Port channel IP

IWAN function Host name address (Mgmt) address (PfR) address
Hub MC HY-MC-ASR1002X-1 10.6.32.253/32 10.6.32.252/32 10.6.32.163/26
Hub MC HA HY-MC-ASR1002X-1 10.6.32.254/32 10.6.32.252/31 10.6.32.164/26
Hub BR (MPLS1 & INET1) HY-M1I1-ASR1002X-11 10.6.32.246/32 N/A 10.6.32.42/30
Hub BR (MPLS1 & INET1) HY-M1I1-ASR1002X-11b 10.6.32.247/32 N/A 10.6.32.46/30
Configuration Files
Below are links to the configuration files for all hybrid with MTT hub site WAN aggregation devices using EIGRP:
•• HY-MC-ASR1002X-1: Hub MC
•• HY-MC-ASR1002X-2: Hub MC HA
•• HY-M1I1-ASR1002X-11: Hub BR (MPLS1 & INET1)
•• HY-M1I1-ASR1002X-11b: Hub BR (MPLS1 & INET1)
•• IWAN-IOS-CA: IOS Certificate Authority

IWAN Hybrid with MTT Design Model for EIGRP—Remote Sites
IWAN Hybrid with MTT Design Model for EIGRP—

Remote Sites
The following table provides the loopback addresses for the remote site devices in the IWAN hybrid with MTT
design model.
Table 10 IWAN hybrid with MTT model—Remote site router IP addresses
Loopback IP
IWAN function Host name address
Branch MC/BR (MPLS1) RS14-2921-1 10.255.246.14/32
Branch BR (INET1) RS14-2921-2 10.255.247.14/32
Branch BR (INET1) RS34-4451-2 10.255.247.34/32
Branch BR (INET1) RS44-4451-2 10.255.247.44/32

IWAN Hybrid with MTT Design Model for EIGRP—Remote Sites
Configuration Files
Below are links to the configuration files for all hybrid with MTT remote site devices using EIGRP:
•• RS14—Dual-Router, Two-Link, Access (MPLS1 and INET1):
◦◦ RS14-2921-1: MPLS1 WAN link
•• RS34—Dual-Router, Two-Link, Access (MPLS1 and INET1):
•• RS43—Single-Router, Two-Link, Distribution (MPLS1 and INET1):
•• RS44—Dual-Router, Two-Link, Distribution (MPLS1 and INET1):

IWAN Dual Hybrid with PLR and MTT Design Model for BGP—WAN Aggregation
IWAN Dual Hybrid with PLR and MTT Design

Model for BGP—WAN Aggregation

Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR and MTT
using BGP on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 15 IWAN dual hybrid with PLR and MTT model for BGP and OSPF
Loopback Netblock
Internal Tunnel10 Tunnel11 10.255.X.X 10.7.X.X
10.6.X.X 10.6.34.X 10.6.36.X
Lo0 BGP Netblock
42.251 Lo0 0.0 - 7.255
Tunnel12 Tunnel13 Tunnel14 Community 241.11
To Core
42.33 42.34 24.1 24.30 BGP
10.6.38.X 10.6.40.X 10.6.42.X Attribute RS11
Po136 Po36 Single ISR G2
VLAN300 Community Tu11
36.11 Access 2K
Attribute RS11-2921 RS11-A2960
IE-D3750X IE-ASA5545-1 Tu10
65100:20 34.11
42.38
Hub Site Lo0 Prefer

(POP1)
32.241 LoO
241.12
POP2
Tu11 65100:20
MPLS1=65100:100 DHY-M1l1- Tu11 INET1 36.12 Netblock
ASR1002X-1 36.1 Tunnel 11
INET1=65100:200 65100:200
65100:20
Tu10
16.0 - 23.255
RS12-4451-1 RS12
.2
MPLS2=65100:300 34.12
32
Tu10
Lo0
INET2=65100:400 Po33 32.242
34.1 Dual ISR 4K
Access 2K
INET4G=65100:500 65100:100
RS12-A2960
Po1 DHY-M2l2l3-
ASR1002X-2 Lo0
.6
32 Tu13 Tu13 243.12 OSPF 100
40.1 40.31 Area 0
42.37
Lo0 Po2 Lo0 65100:400

.1
MPLS1 RS12-4451-2
32
32.240 .5 32.251
32 Tu12
Tu12 Tunnel 10
65100:20 38.12
38.1
32.129 Po21 32.151 DHY-MC-
CSR1000v-1 65100:300 Netblock
Lo0 128.0 - 135.255
WAN-D3750X Tu14 243.31
Tu13
44.1
40.31 RS31
65100:500 65100:10 Single ISR 4K
OSPF 100 Tu12
RS31-4451 RS31-A2960 Access 2K
Area 0 INET2
38.31
65100:201
Tunnel 13 Tu14
Tu11 65100:101 44.31
Internal Lo0 36.2 Prefer
Transit Site 10.8.X.X 32.241
Tu11
POP1
Tu10 Lo0
(POP2) 34.2
36.32
241.32
65100:10
To IE-D3750X DHY-M1l1-
ASR1002x-T1 65100:10
MPLS1=65100:101 Tu10 Netblock
42.38
34.32
.2
INET1=65100:201 144.0 - 151.255

32
Lo0 65100:10 RS32-4451-1 RS32

MPLS2=65100:301 32.242 Tu13 65100:401
Tu14
40.2 Dual ISR 4K
INET2=65100:401 Po35 MPLS2 44.31
Access 3K
INET4G=65100:501 Po1 DHY-M2l2l3- Tu12 Tunnel 12 Tu13
RS32-A3850
ASR1002x-T2 38.2 40.32
.6 65100:301
32
42.37
Lo0
Lo0 Tu14 65100:10 OSPF 100
.1
32.240 Po2 Lo0 44.2 243.32

32
.5 32.251
Tu12 Area 0
32 65100:501
38.32 RS32-4451-2
32.129 Po21 32.151 DHY-MC-

ASR1002X-T1
WAN-D3750X-T Tu11
36.41
INET4G
Tunnel 14
Tu10
BGP AS:65100
34.41 Netblock Prefer
Lo0 192.0 - 199.255
in WAN Overlay 65100:10
241.41 POP1
Po1 65100:10
Tu11
36.42
RS41
RS41-4451 RS41-D3750 RS41-A2960 Single ISR 4K
Dist/Acc 3K/2K
65100:20
OSPF 100
Area 0
Tu10
34.42
Lo0
241.42
65100:20 Netblock
Po1 208.0 - 215.255 Prefer
Tu13 RS42-4451-1 POP2
40.42 65100:20
RS42-D3850 RS42-A3650
RS42
Tu12 Po2 Dual ISR 4K
38.42 Dist/Acc 3K/3K
Lo0 OSPF 100
243.42 Area 0
6060F
RS42-4451-2

The following table provides the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR and MTT design model.
Table 11 IWAN dual hybrid with PLR and MTT model—Hub router IP addresses

Hub MC DHY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26
Hub BR (MPLS1 & INET1) DHY-M1I1-ASR1002X-1 10.6.32.241/32 10.6.32.2/30
Hub BR (MPLS2, INET2 and PLR) DHY-M2I2I3-ASR1002X-2 10.6.32.242/32 10.6.32.6/30
Table 12 IWAN dual hybrid with PLR and MTT model—Transit router IP addresses

Transit BR (MPLS1 & INET1) DHY-M1I1-ASR1002X-T1 10.8.32.241/32 10.8.32.2/30
Transit BR (MPLS2, INET2 and PLR) DHY-M2I2I3-ASR1002X-T2 10.8.32.242/32 10.8.32.6/30
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and MTT hub and transit site WAN aggrega-
tion devices using BGP and OSPF:
•• DHY-M1I1-ASR1002X-1: Hub BR, BGP (MPLS1 & INET1)
•• DHY-M2I2I3-ASR1002X-2: Hub BR, BGP (MPLS2, INET2 & PLR)
•• DHY-M1I1-ASR1002X-T1: Transit BR, BGP (MPLS1 & INET1)
•• DHY-M2I2I3-ASR1002X-T2: Transit BR, BGP (MPLS2, INET2 & PLR)
•• IW-WAN-D3750X: Hub WAN Agg Distribution Switch
•• IW-WAN-D3750X-T: Transit WAN Agg Distribution Switch

IWAN Dual Hybrid with PLR and MTT Design Model for BGP—Remote Sites
IWAN Dual Hybrid with PLR and MTT Design

Model for BGP—Remote Sites
PLR and MTT design model.
Table 13 IWAN dual hybrid with PLR and MTT model—Remote site router IP addresses

Branch MC/BR (MPLS2/INET2/PLR) RS31-4451 10.255.243.31/32

IWAN Dual Hybrid with PLR and MTT Design Model for BGP—Remote Sites
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and MTT remote site devices using BGP and
OSPF:
•• RS12—Dual-Router, Four-Link, Access, BGP (MPLS1, MPLS2, INET1 and INET2):
•• RS31—Single-Router, Three-Link, Access, BGP (MPLS2, INET2 and PLR):
•• RS41—Single-Router, Two-Link, Distribution, BGP (MPLS1 and INET1):
•• RS42—Dual-Router, Four-Link, Distribution, BGP (MPLS1, MPLS2, INET1 and INET2):
•• RS51—Single-Router, Three-Link, Access, BGP (MPLS1 and INET1 with LTE Fallback):

IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—WAN Aggregation
IWAN Dual Hybrid with PLR and Multi-VRF Design

Model for BGP—WAN Aggregation
In order to enable inter-VRF route leaking, a Cisco firewall is configured with static routes. It is attached to the
hub-site WAN distribution switch, and a very basic configuration is included here as a reference only.

Finally, this section includes configuration files corresponding to the IWAN dual hybrid model with PLR and Multi-
VRF using BGP on the WAN and OSPF on the LAN, as referenced in the figure below.
Figure 16 IWAN dual hybrid with PLR and Multi-VRF model for BGP and OSPF
Hub-site Internal Hub-site Internal Hub-site Internal Tunnel100 Tunnel200 Tunnel300 Tunnel400 Tunnel500 Loopback0 Netblock
Default VRF IoT-VRF-101 CONT-VRF-102 Default VRF Default VRF Default VRF Default VRF Default VRF Default VRF Default VRF
10.6.X.X 10.21.X.X 10.25.X.X 10.6.34.X 10.6.36.X 10.6.38.X 10.6.40.X 10.6.44.X 10.255.X.X 10.7.X.X
Tunnel101 Tunnel201 Tunnel301 Tunnel401 Tunnel501 Loopback101 Netblock

IoT-VRF-101 IoT-VRF-101 IoT-VRF-101 IoT-VRF-101 IoT-VRF-101 IoT-VRF-101 IoT-VRF-101
10.21.34.X 10.21.36.X 10.21.38.X 10.21.40.X 10.21.44.X 10.201.X.X 10.22.X.X
Po136 Po36
VLAN300 Tunnel102 Tunnel202 Tunnel302 Tunnel402 Tunnel502 Loopback102 Netblock
CONT-VRF-102 CONT-VRF-102 CONT-VRF-102 CONT-VRF-102 CONT-VRF-102 CONT-VRF-102 CONT-VRF-102
IE-D3750X IE-ASA5545-1 10.25.34.X 10.25.36.X 10.25.38.X 10.25.40.X 10.25.44.X 10.202.X.X 10.26.X.X
Lo0
Lo0 Netblock
Lo101 Tu200 Lo0 0.0 - 7.255
Lo102 Tu201 Tu202 INET1 Lo101
Tu202 Lo102
DHY-M1l1- Tunnel 200 Tu201 Tu200
ASR1002X-1 Tu100 VLAN64
Tu100 VLAN521
T101
RS11-2921 VLAN522 RS11-A2960
Tu102 Tu101
Tu102 VLAN69
Po1 Lo0 VLAN531
Po33 Lo101 VLAN532
VLAN1110 Lo102
Tu400 Tu202
VLAN1111 MPLS1
VLAN1112 DHY-M2l2l3-
Lo0 ASR1002X-2 Tu401 Tunnel 100 Tu201
Lo101 Po2 Tu402
Tu300
Lo102 VLAN1120 Tu200
VLAN1121 Tu102
Tu301 Lo0
VLAN1122 Lo0 Tu500 Tu101
Po30 Lo101
Lo101
To Hub-site VLAN30
WAN-D3750X Po21
Lo102
Tu302 Tu100 Lo102
DC Services Tu501
VLAN31 VLAN1100
VLAN32 VLAN1101 DHY-MC-
VLAN1102 CSR1000v-1 INET2
Tu502 Lo0
Tunnel 400 RS32-4451-1
Po20 Netblock
144.0 - 151.255
VLAN20
VLAN21 VLAN99 VLAN64 VLAN69
VLAN22 VLAN511 VLAN521 VLAN531
Tu402 VLAN512 VLAN522 VLAN532
Tu500
Tu202
Tu401
VLAN10 WAN-DIST- RS32-A3850
VLAN11 Po10
Firewall Tu201 Tu400 Lo0
VLAN12 Lo101
Tu102 MPLS2 Lo102
Tu200 Tunnel 300 Tu302
Tu301 Tu300
T101
Lo0
Lo101
Lo102 Tu100 Tu402 RS32-4451-2
Tu501
DHY-M1l1-
ASR1002x-T1 Tu401
Tu502
Tu302
To IE-D3750X Tu400
Po1 Tu301
VLAN1110 Lo0
Po35
VLAN1111 Lo101 Tu300
VLAN1112 Lo102
Lo0
Lo101 Po2 DHY-M2l2l3- INET4G
ASR1002x-T2 Tu500 Tu501 Tu502
Lo102 VLAN1120 Tunnel 500
VLAN1121
WAN-D3750X-T VLAN1122
Lo0
Po21 Lo101
Lo102
VLAN1100
VLAN1101 DHY-MC-
VLAN1102 ASR1002X-T1
Transit-site Internal Transit-site Internal Transit-site Internal
7102F
Default VRF IoT-VRF-101 CONT-VRF-102
10.8.X.X 10.23.X.X 10.27.X.X

The following tables provide the loopback and port-channel IP addresses for the WAN aggregation devices in the
IWAN dual hybrid with PLR and Multi-VRF design model.
Table 14 IWAN dual hybrid with PLR and Multi-VRF model—Hub and transit router IP addresses (Default VRF)

Hub MC DHY-MC-CSR1000V-1 10.6.32.251/32 10.6.32.151/26
Table 15 IWAN dual hybrid with PLR and Multi-VRF model—Hub and transit router IP addresses (IoT-VRF-101)

Hub MC DHY-MC-CSR1000V-1 10.21.32.251/32 10.21.32.151/26
Table 16 IWAN dual hybrid with PLR and Multi-VRF model—Hub and transit router IP addresses (CONT-VRF-102)

Hub MC DHY-MC-CSR1000V-1 10.25.32.251/32 10.25.32.151/26

Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and Multi-VRF hub and transit site WAN ag-
gregation devices using BGP and OSPF:
•• DHY-M1I1-ASR1002X-1: Hub BR, BGP (MPLS1 & INET1)
•• DHY-M2I2I3-ASR1002X-2: Hub BR, BGP (MPLS2, INET2 & PLR)
•• DHY-M1I1-ASR1002X-T1: Transit BR, BGP (MPLS1 & INET1)
•• DHY-M2I2I3-ASR1002X-T2: Transit BR, BGP (MPLS2, INET2 & PLR)
•• IW-WAN-D3750X: Hub WAN Agg Distribution Switch
•• IW-WAN-D3750X-T: Transit WAN Agg Distribution Switch
•• DIST-WAN-FW: Hub-site inter-VRF route leaking firewall

IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—Remote Sites
IWAN Dual Hybrid with PLR and Multi-VRF Design

Model for BGP—Remote Sites
•• Branch master controller—The branch MC is the MC at the branch-site. There is no policy configuration on
this device. It receives policy from the hub MC. This device acts as MC for that site for making path-optimi-
PLR and Multi-VRF design model.
Table 17 IWAN dual hybrid with PLR and Multi-VRF model—Remote site router IP addresses (Default VRF)

Table 18 IWAN dual hybrid with PLR and Multi-VRF model—Remote site router IP addresses (IoT-VRF-101)

Table 19 IWAN dual hybrid with PLR and Multi-VRF model—Remote site router IP addresses (CONT-VRF-102)


IWAN Dual Hybrid with PLR and Multi-VRF Design Model for BGP—Remote Sites
Configuration Files
Below are links to the configuration files for all dual hybrid with PLR and Multi-VRF remote site devices using BGP
and OSPF:

Appendix A: Changes
Appendix A: Changes
This appendix summarizes the changes Cisco made to this guide since its last edition.
•• Routing updates:
◦◦ Changed an EIGRP summary address in the WAN aggregation switches to cover a larger range of net-
works at the hub location
◦◦ Simplified the EIGRP tagging and removed the filtering that was no longer needed
◦◦ Added the EIGRP data center affinity use case to hub and remote sites
•• Hub BR updates:
◦◦ Added the Multiple Tunnel Termination feature with EIGRP and BGP
•• Public Key Infrastructure updates:
◦◦ Changed the revocation-check to crl none
•• Multi-VRF update:
◦◦ Added Multi-VRF configuration with BGP

Please use the feedback form to send comments and
suggestions about this guide.
Americas Headquarters Asia Pacific Headquarters Europe Headquarters

Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, “DESIGNS”) IN THIS MANUAL ARE PRESENTED “AS
IS,” WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT
SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION,
LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR
THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS
OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON
FACTORS NOT TESTED BY CISCO.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included
in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2017 Cisco Systems, Inc. All rights reserved.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go
to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. (1110R)
Cisco Validated Design B-000201i-2 07/17

Intelligent Wan Configuration Files Guide: Cisco Validated Design

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intelligent Wan Configuration Files Guide: Cisco Validated Design

Uploaded by

Copyright:

Available Formats

Cisco Validated design

IWAN Dual Internet Design Model for EIGRP—WAN Aggregation..................................................... 21

IWAN Dual Internet Design Model for EIGRP—Remote Sites............................................................ 24

IWAN Hybrid with MTT Design Model for EIGRP—WAN Aggregation............................................... 26

IWAN Hybrid with MTT Design Model for EIGRP—Remote Sites...................................................... 29

Cisco Validated Design

•• IWAN Multiple Data Center Deployment Guide

•• IWAN Multiple Transports Deployment Guide

•• IWAN Multiple VRF Deployment Guide

•• IWAN Public Key Infrastructure Deployment Guide

•• IWAN NetFlow Monitoring Deployment Guide

•• IWAN Remote Site 4G LTE Deployment Guide

Cisco Validated Design page 1

Figure 1 IWAN hybrid model—WAN aggregation site overview

Hub Border DMVPN Hub

WAN Distribution Hub Master

Hub Border DMVPN Hub

Cisco Validated Design page 2

Figure 3 IWAN—Remote-site overview

Single Router Location Dual Router Location

Branch Master Branch Master Branch

Figure 4 IWAN dual Internet Model—Hub MC high availability

INET1 INET2 ISP A / ISP B

Cisco Validated Design page 3

Figure 5 IWAN dual Internet model—Hub BR scalability

INET1 INET2 INET1 INET2

Figure 6 IWAN hybrid model—Second data center as a transit site

Hub Site Transit Site

Hub BRs Transit BRs

MPLS1 INET1 MPLS1 INET1

DMVPN 1 DMVPN 2 DMVPN 1 DMVPN 2

Cisco Validated Design page 4

Cisco Validated Design page 5

WAN Distribution Hub Master

MPLS 1 INET 1 MPLS 2 INET 2

Cisco Validated Design page 6

DHY-MC- RS32-4451-2 Contractor

Cisco Validated Design page 7

Cisco Validated Design page 8

IWAN Dual Hybrid with PLR Design Model for

◦◦ The address of the local MC.

◦◦ The path name on external interfaces.

◦◦ The address of the transit MC.

◦◦ The path name on external interfaces.

◦◦ The path ID on external interfaces.

Cisco Validated Design page 9

IE DMZ INET1 INET2 INET4G INET1 INET2 INET4G

IE Outside ISP-A ISP-B ISP-C ISP-C ISP-D ISP-B

Po2 Lo0 RS12

HY-INET4G- Tu14 40.31

Po21 ASR1002X-5 44.1 Single ISR 4K

HY-INET4G- Tu14 6.33

ASR1002X-T5 44.2 Tu10

Cisco Validated Design page 10

Table 1 IWAN dual hybrid with PLR model—Hub router IP addresses

Loopback IP Port channel IP

Table 2 IWAN dual hybrid with PLR model—Transit router IP addresses

Loopback IP Port channel IP

Cisco Validated Design page 11

•• DHY-MPLS1-ASR1002X-1: Hub BR (MPLS1)

•• DHY-INET1-ASR1002X-2: Hub BR (INET1)

•• DHY-MPLS2-ASR1002X-3: Hub BR (MPLS2)

•• DHY-INET2-ASR1002X-4: Hub BR (INET2)