Setting up a transparent bridge can be used to pass all traffic as it currently exists on the network and selectively pull out specific traffic to be handled by the Ecessa. Integrating WAN Virtualization with an existing MPLS is a common scenario. This allows the MPLS to behave exactly how it is currently, including propagating dynamic routing protocols, while being able to control what is sent over WAN Virtualization.
Checklist for Transparent Bridge Configuration:
- WAN and LAN use “bridge” interface
- WAN and LAN are configured in Translucent mode
- WAN is /32
- LAN is full mask
- Appropriate ‘wan peer’ rule are configured for gateway and other “WAN” side devices.
- WAN Gratuitous ARP is disabled
Instructions for Transparent Bridge Configuration
Bridging configuration can only be performed in the command line interface at this time.
1. Create the bridge logical interface. This interface will be used as the port for both the WAN and LAN configuration in the next steps.
bridges add alias mybridge port 1 port 2
2. Now add a WAN using the newly created logical port. This is configured similar to a standard “Translucent” mode WAN line. It is important to note that gratuitous ARP should be disabled.
wan add alias mywan ip 172.16.1.254/32 gateway 172.16.1.1 port mybridge tp1 172.16.1.1 uplink 100000 downlink 100000 no-grat-arp enable translucent enable
3. Next create the corresponding “Translucent” LAN using the bridge port.
lan add alias mylan ip 172.16.1.254/24 port mybridge routed-via mywan
4. Be sure to add a wan peer address for your gateway device. You will need to get the actual MAC in use by the gateway.
wan peer add wan-alias mywan wan 172.16.1.254 peer 172.16.1.1 mac 00:00:DE:AD:BE:EF arpreply enable entry enable
5. Finally commit and save your changes.
Once the Transparent Bridge is configured, use static routes to control what traffic gets taken out of the bridge.
staticroute add source 172.16.1.0/24 destination 172.16.2.0/24 wan mywanvirtsite:1 wan bridged:2 type fixed ct-force enable
In this example the primary route is the WAN Virtualization site ‘my-wanvirt-site’ set at priority one. And the secondary route is to use the bridge, specified by the “bridged” keyword.
Note: To pull traffic out of the bridge you must use the 'bridged' keyword or the bridge device in the route.
Statistics and Live Graphs
- LAN and WAN graphs will not be accurate for bridge traffic. They will only show traffic sourced from or destined to the Ecessa device. For example:
- WAN Virtualization traffic.
- Ping testing
- VPNs terminating on the Ecessa
- WAN Graph will show traffic load balanced over another WAN
- Port graphs are they only way to get accurate information at this time.
- Ports attached to the bridge will be accurate
- The ‘bridge’ port will only show traffic sourced from or destined to the Ecessa device
- QoS must be applied to ports on the bridge. For outbound QoS on the WAN, apply it to the port connected to the gateway device for the bridged WAN. Defining QoS for the WAN will not work.