This article provides examples of configuring interfaces on vEdge routers to allow the flow of data traffic across both public and private WAN transport networks.
Loopback 2 review: Elevates the interface for sophisticated sound routing in macOS Pro-level audio input mixer app for Mac is useful for musicians, DJs, audio engineers, and podcasters. Notes for Owners of Loopback 1. If you previously purchased Loopback 1, you're eligible to upgrade to version 2 for just $49. Download the new version to try it out, then click to purchase your discounted upgrade to version 2. Folks who purchased Loopback on or after September 1st, 2018 will receive a complimentary upgrade to Loopback 2.
Connect to a Public WAN
This example shows a basic configuration for two vEdge routers connected to the same public WAN network (such as the Internet). The vSmart controller and vBond orchestrator are also connected to the public WAN network, and the vSmart controller is able to reach all destinations on the public WAN.
For vEdge-1, the interface ge0/1 connects to the public WAN, so it is the interface that is configured as a tunnel interface. The tunnel has a color of biz-internet, and the encapsulation used for data traffic is IPsec. The Viptela software creates a single TLOC for this interface, comprising the interface's IP address, color, and encapsulation, and the TLOC is sent to the vSmart controller over the OMP session running on the tunnel. The configuration also includes a default route to ensure that the router can reach the vBond orchestrator and vSmart controller.
The configuration for vEdge-2 is similar to that for vEdge-1:
On the vSmart controller and vBond orchestrator, you configure a tunnel interface and default IP route to reach the WAN transport. For the tunnel, color has no meaning because these devices have no TLOCs.
Use the show interface command to check that the interfaces are operational and that the tunnel connections have been established. In the Port Type column, tunnel connections are marked as 'transport.'
Use the show control connections command to check that the vEdge router has a DTLS or TLS session established to the vSmart controller.
Use the show bfd sessions command to display information about the BFD sessions that have been established between the local vEdge router and remote routers:
Use the show omp tlocs command to list the TLOCs that the local router has learned from the vSmart controller:
Connect to Two Public WANs
In this example, two vEdge routers at two different sites connect to two public WANs, and hence each router has two tunnel connections. To direct traffic to the two different WANs, each tunnel interface is assigned a different color (here, silver and gold). Because each router has two tunnels, each router has two TLOCs.
A third router at a third site, vEdge-3, connects only to one of the public WANs.
The vSmart controller and vBond orchestrator are connected to one of the public WAN networks. (In reality, it does not matter which of the two networks they are connected to, nor does it matter whether the two devices are connected to the same network.) The vSmart controller is able to reach all destinations on the public WAN. To ensure that the vBond orchestrator is accessible via each transport tunnel on the routers, a default route is configured for each interface. In our example, we configure a static default route, but you can also use DHCP.
The configurations for vEdge-1 and vEdge-2 are similar. We configure two tunnel interfaces, one with color silver and the other with color gold, and we configure static default routes for both tunnel interfaces. Here is the configuration for vEdge-1:
The configuration for vEdge-2 is similar:
The third router, vEdge-3, connects only to one of the public WAN networks, and its tunnel interface is assigned the color 'gold':
On the vSmart controller and vBond orchestrator, you configure a tunnel interface and default IP route to reach the WAN transport. For the tunnel, color has no meaning because these devices have no TLOCs.
Connect to Public and Private WANs, with Separation of Network Traffic
In this example, two vEdge routers at two different sites each connect to the same public WAN (here, the Internet) and the same private WAN (here, an MPLS network). We want to separate the MPLS network completely so that it is not reachable by the Internet. The vSmart controller and vBond orchestrator are hosted in the provider's cloud, which is reachable only via the Internet. A third vEdge router at a third site connects only to the public WAN (Internet).
In this example topology, we need to ensure the following:
- Complete traffic separation exists between private-WAN (MPLS) traffic and public-WAN (Internet) traffic.
- Each site (that is, each vEdge router) must have a connection to the Internet, because this is the only way that the overlay network can come up.
To maintain complete separation between the public and private networks so that all MPLS traffic stays within the MPLS network, and so that only public traffic passes over the Internet, we create two overlays, one for the private MPLS WAN and the second for the public Internet. For the private overlay, we want to create data traffic tunnels (which run IPsec and BFD sessions) between private-WAN TLOCs, and for the public overlay we want to create these tunnel connections between Internet TLOCs. To make sure that no data traffic tunnels are established between private-WAN TLOCs and Internet TLOCs, or vice versa, we associate the restrict attribute with the color on the private-WAN TLOCs. When a TLOC is marked as restricted, a TLOC on the local router establishes tunnel connections with a remote TLOC only if the remote TLOC has the same color. Put another way, BFD sessions come up between two private-WAN TLOCs and they come up between two public-WAN TLOCs, but they do not come up between an MPLS TLOC and an Internet TLOC.
Loopback 1 2 1 – Route Audio Between Applications Online
Each site must have a connection to the public (Internet) WAN so that the overlay network can come up. In this topology, the vSmart controller and vBond orchestrator are reachable only via the Internet, but the MPLS network is completely isolated from the Internet. This means that if a vEdge router were to connect just to the MPLS network, it would never be able to discover the vSmart and vBond devices and so would never be able to never establish control connections in the overlay network. In order for a vEdge router in the MPLS network to participate in overlay routing, it must have at least one tunnel connection, or more specifically, one TLOC, to the Internet WAN. (Up to seven TLOCs can be configured on each vEdge router.) The overlay network routes that the router router learns over the public-WAN tunnel connection populate the routing table on the vEdge router and allow the router and all its interfaces and TLOCs to participate in the overlay network.
By default, all tunnel connections attempt to establish control connections in the overlay network. Because the MPLS tunnel connections are never going to be able to establish these connections to the vSmart or vBond devices, we include the max-control-connections 0 command in the configuration. While there is no harm in having the MPLS tunnels attempt to establish control connections, these attempts will never succeed, so disabling them saves resources on the vEdge router. Note that max-control-connections 0 command works only when there is no NAT device between the vEdge router and the PE router in the private WAN.
Connectivity to sites in the private MPLS WAN is possible only by enabling service-side routing.
Here is the configuration for the tunnel interfaces on vEdge-1. This snippet does not include the service-side routing configuration.
The configuration on vEdge-2 is quite similar:
The vEdge-3 router connects only to the public Internet WAN:
On the vSmart controller and vBond orchestrator, you configure a tunnel interface and default IP route to reach the WAN transport. For the tunnel, color has no meaning because these devices have no TLOCs.
Connect to Public and Private WANs, with Ubiquitous Connectivity to Both WANs
This example is a variant of the previous example. We still have two vEdge routers at two different sites each connect to the same public WAN (here, the Internet) and the same private WAN (here, an MPLS network). However, now we want sites on the MPLS network and the Internet to be able to exchange data traffic. This topology requires a single overlay over both the public and private WANs. Control connections are present over both transports, and we want IPsec tunnel connections running BFD sessions to exist from private-WAN TLOCs to private-WAN TLOCs, from Internet TLOCs to Internet TLOCs, from private-WAN TLOCs to Internet TLOCs, and from Internet TLOCs to private-WAN TLOCs. This full possibility of TLOCs allows the establishment of a ubiquitous data plane in the overlay network.
For this configuration to work, the vBond orchestrator must be reachable over both WAN transports. Because it is on the public WAN (that is, on the Internet), there needs to be connectivity from the private WAN to the Internet. This could be provided via a DMZ, as shown in the figure above. The vSmart controller can be either on the public or the private LAN. If there are multiple controllers, some can be on public LAN and others on private LAN.
On each vEdge router, you configure private-WAN TLOCs, assigning a private color (metro-ethernet, mpls, or private1 through private6) to the tunnel interface. You also configure public TLOCs, assigning any other color (or you can leave the color as default). Each vEdge router needs two routes to reach the vBond orchestrator, one via the private WAN and one via the public WAN.
With such a configuration:
- Control connections are established over each WAN transport.
- BFD/IPsec comes up between all TLOCs (if no policy is configured to change this).
- A given site can be dual-homed to both WAN transports or single-homed to either one.
Here is an example of the configuration on one of the vEdge routers, vEdge-1:
The show control connections command lists two DTLS sessions to the vSmart controller, one from the public tunnel (color of biz-internet) and one from the private tunnel (color of mpls):
The show bfd sessions command output shows that vEdge-1 has separate tunnel connections that are running separate BFD sessions for each color:
Exchange Data Traffic within a Single Private WAN
When the vEdge router is connected is a private WAN network, such as an MPLS or a metro Ethernet network, and when the carrier hosting the private network does not advertise the router's IP address, remote vEdge routers on the same private network but at different sites can never learn how to reach that router and hence are not able to exchange data traffic with it by going only through the private network. Instead, the remote routers must route data traffic through a local NAT and over the Internet to a vBond orchestrator, which then provides routing information to direct the traffic to its destination. This process can add significant overhead to data traffic exchange, because the vBond orchestrator may physically be located at a different site or a long distance from the two vEdge routers and because it may be situated behind a DMZ.
To allow vEdge routers at different overlay network sites on the private network to exchange data traffic directly using their private IP addresses, you configure their WAN interfaces to have one of eight private colors, metro-ethernet, mpls, and private1 through private6. Of these four colors, the WAN interfaces on the vEdge routers must be marked with the same color so that they can exchange data traffic.
To illustrate the exchange of data traffic across private WANs, let's look at a simple topology in which two vEdge routers are both connected to the same private WAN. The following figure shows that these two vEdge routers are connected to the same private MPLS network. The vEdge-1 router is located at Site 1, and vEdge-2 is at Site 2. Both routers are directly connected to PE routers in the carrier's MPLS cloud, and you want both routers to be able to communicate using their private IP addresses.
This topology requires a special configuration to allow traffic exchange using private IP addresses because:
- The vEdge routers are in different sites; that is, they are configured with different site IDs.
- The vEdge routers are directly connected to the PE routers in the carrier's MPLS cloud.
- The MPLS carrier does not advertise the link between the vEdge router and its PE router.
To be clear, if the situation were one of the following, no special configuration would be required:
- vEdge-1 and vEdge-2 are configured with the same site ID.
- vEdge-1 and vEdge-2 are in different sites, and the vEdge router connects to a CE router that, in turn, connects to the MPLS cloud.
- vEdge-1 and vEdge-2 are in different sites, the vEdge router connects to the PE router in the MPLS cloud, and the private network carrier advertises the link between the vEdge router and the PE router in the MPLS cloud.
- vEdge-1 and vEdge-2 are in different sites, and you want them to communicate using their public IP addresses.
In this topology, because the MPLS carrier does not advertise the link between the vEdge router and the PE router, you use a loopback interface on the each vEdge router to handle the data traffic instead of using the physical interface that connects to the WAN. Even though the loopback interface is a virtual interface, when you configure it on the vEdge router, it is treated like a physical interface: the loopback interface is a terminus for both a DTLS tunnel connection and an IPsec tunnel connection, and a TLOC is created for it.
This loopback interface acts as a transport interface, so you must configure it in VPN 0.
For the vEdge-1 and vEdge-2 routers to be able to communicate using their private IP addresses over the MPLS cloud, you set the color of their loopback interfaces to be the same and to one of eight special colors—metro-ethernet, mpls, and private1 through private6.
Here is the configuration on vEdge-1:
On vEdge-2, you configure a loopback interface with the same tunnel interface color that you used for vEdge-1:
Use the show interface command to verify that the loopback interface is up and running. The output shows that the loopback interface is operating as a transport interface, so this is how you know that it is sending and receiving data traffic over the private network.
To allow vEdge routers at different overlay network sites on the private network to exchange data traffic directly, you use a loopback interface on the each vEdge router to handle the data traffic instead of using the physical interface that connects to the WAN. You associate the same tag, called a carrier tag, with each loopback interface so that all the routers learn that they are on the same private WAN. Because the loopback interfaces are advertised across the overlay network, the vEdge routers are able to learn reachability information, and they can exchange data traffic over the private network. To allow the data traffic to actually be transmitted out the WAN interface, you bind the loopback interface to a physical WAN interface, specifically to the interface that connects to the private network. Remember that this is the interface that the private network does not advertise. However, it is still capable of transmitting data traffic.
Exchange Data Traffic between Two Private WANs
This example shows a topology with two different private networks, possibly the networks of two different network providers, and all the Viptela devices are located somewhere on one or both of the private networks. Two vEdge routers are located at two different sites, and they both connect to both private networks. A third vEdge router connects to only one of the private WANs. The vBond orchestrator and vSmart controller both sit in one of the private WANs, perhaps in a data center, and they are reachable over both private WANs. For the vEdge routers to be able to establish control connections, the subnetworks where the vBond and vSmart devices reside must be advertised into each private WAN. Each private WAN CPE router then advertises these subnets in its VRF, and each vEdge router learns those prefixes from each PE router that it is connected to.
Loopback 1 2 1 – Route Audio Between Applications Pdf
Because both WANs are private, we need only a single overlay. In this overlay network, without policy, IPsec tunnels running BFD sessions exist from any TLOC connected to either transport network to any TLOC in the other transport as well as to any TLOC in the same WAN transport network.
As with the previous examples in this article, it is possible to configure the tunnel interfaces on the routers' physical interfaces. If you do this, you also need to configure a routing protocol between the vEdge router at its peer PE router, and you need to configure access lists on the vEdge router to advertise all the routes in both private networks.
A simpler configuration option that avoids the need for access lists is to use loopback interfaces as the tunnel interfaces, and then bind each loopback interface to the physical interface that connects to the private network. Here, the loopback interfaces become the end points of the tunnel, and the TLOC connections in the overlay network run between loopback interfaces, not between physical interfaces. So in the figure shown above, on router vEdge-1, the tunnel connections originate at the Loopback1 and Loopback2 interfaces. This router has two TLOCs: {1.1.1.1, private2, ipsec} and {1.1.1.2, private1, ipsec}.
The WAN interfaces on the vEdge routers must run a routing protocol with their peer PE routers. The routing protocol must advertise the vEdge router's loopback addresses to both PE routers so that all vEdge routers on the two private networks can learn routes to each other. A simple way to advertise the loopback addresses is to redistribute routes learned from other (connected) interfaces on the same router. (You do this instead of creating access lists.) If, for example, you are using OSPF, you can advertise the loopback addresses by including the redistribute connected command in the OSPF configuration. Looking at the figure above, the ge0/2 interface on vEdge-1 needs to advertise both the Loopback1 and Loopback2 interfaces to the blue private WAN, and ge0/1 must advertise also advertise both these loopback interfaces to the green private WAN.
With this configuration:
- The vEdge routers learn the routes to the vBond orchestrator and vSmart controller over each private WAN transport.
- The vEdge routers learn every other vEdge router's loopback address over each WAN transport network.
- The end points of the tunnel connections between each pair of vEdge routers are the loopback interfaces, not the physical (ge) interfaces.
- The overlay network has data plane connectivity between any TLOCs and has a control plane over both transport networks.
Here is the interface configuration for VPN 0 on vEdge-1. Highlighted are the commands that bind the loopback interfaces to their physical interfaces. Notice that the tunnel interfaces, and the basic tunnel interface properties (encapsulation and color), are configured on the loopback interfaces, not on the Gigabit Ethernet interfaces.
The configuration for vEdge-2 is similar:
The vEdge-3 router connects only to the green private WAN:
On the vSmart controller and vBond orchestrator, you configure a tunnel interface and default IP route to reach the WAN transport. For the tunnel, color has no meaning because these devices have no TLOCs.
Connect to a WAN Using PPPoE
This example shows a vEdge router with a TLOC tunnel interface and an interface enabled for Point-to-Point Protocol over Ethernet (PPPoE). The PPP interface defines the authentication method and credentials and is linked to the PPPoE-enabled interface.
Here is the interface configuration for VPN 0:
Use the show ppp interface command to view existing PPP interfaces:
Use the show ppppoe session and show pppoe statistics commands to view information about PPPoE sessions:
Additional Information
Configuring Interfaces
Configuring Segmentation (VPNs)
Overview
LoopBack is built on Express and implements Express' routing system. However, basic Express routing is limited only to a small portion of the functionality of LoopBack.A large part of LoopBack's features are implemented using its more detailed extension to the routing system.Understanding this system will help you understand LoopBack better and develop better LoopBack apps.
Summary of Express routing
For those not familiar with routing in Express, here are some key points:
Routing refers to the rules for capturing requests to the server, and the subsequent passing through and handling of requests through a chain of middleware functions.
A middleware function accepts three objects, the request object (
req
),the response object (res
),and the next middleware in the chain (next
); in that order.You load middleware either using
app.use()
or by assigning it as the callback function of aroute definition.Multiple middleware can be matched to handle the requests to a route,these matched middleware make up the middleware chain for the request.The request will pass through each middleware in the order they were loaded, unless one of the middleware in the chain terminates the propagation.
Any middleware in the chain may terminate the request propagation by sending a response back to the client.
A middleware can send the response to the request using one of the response methods in the response objector pass on the request to the next middleware by calling
next()
. Matlab surfnorm.If a middleware sends the server response, conventionally the request does not propagate further in the middleware chain.Any call to
next()
will likely result in an error.A middleware function can also take four arguments. In this case, it is an error handling middleware.The parameters to the function in their order are: the error object (
err
),the request object (req
), the response object (res
),and the next middleware in the chain (next
).
For more details about routing in Express, see http://expressjs.com/guide/routing.html.
LoopBack routing
LoopBack implements the middleware pattern of request routing, therefore the concept of middleware and routing is the same as in Express.However, the Express aspect of routing is contained within the modified middleware chain generated by LoopBack.The extended routing details in LoopBack is best understood by understanding the LoopBack middleware chain.
LoopBack middleware chain
The LoopBack middleware chain is composed of middleware added to the chain in the following order, and the request passes through them in the given order.
Note:
Except 14, 15, and 16, the listed items refer to LoopBack middleware phases.
- initial:before
- initial
- initial:after
- session:before
- session
- session:after
- auth:before
- auth
- auth:after
- parse:before
- parse
- parse:after
- routes:before
- routes
- routes:after
- files:before
- files
- files:after
- final:before
- final
- final:after
A middleware loaded earlier in the chain gets the prior opportunity to handle the request.If it happens to send a response or fail to call next()
, the request will terminate at it, and not propagate any further.
As evident from the list above, LoopBack takes control of the loading order of the middleware in the app, and prioritizes its relevantmiddleware over those loaded using Express' interface app.use()
, components, or boot scripts. Window focus 1 0 1 download free.
Note:
If you add middleware on the route
or route:after
phase, it will not execute after the route is matched.Instead, it will be ignored because the route was already matched.
Audio Loopback Driver
The middleware to be loaded during the middleware phases are configured in the middleware.json file of the app.The order of the phases in the file are semantic, and cannot be listed randomly.
LoopBack also supports custom phases.Custom phases can be defined in any position of the middleware chain, and may be used to prioritize over LoopBack's built-in middleware phases.
Loading middleware
LoopBack middleware are declaratively loaded using the middleware.json file,or imperatively using the app.middleware() method.
Express middleware can be loaded in the server.js
file using app.use()
or a route definition.
LoopBack components can load middleware using the reference to the LoopBack application instance.
Boot scripts can load middleware using the reference to the LoopBack application instance.