Kaspersky SD-WAN
- About Kaspersky SD-WAN
- Architecture of the solution
- Redundancy and fault tolerance
- Ensuring security
- User interface of the solution
- Authentication in Kaspersky SD-WAN
- Setting and resetting the default page
- Switching between light and dark theme
- Limiting the duration of a user session when idle
- Viewing active user sessions
- Configuring the Docker container log verbosity
- Navigating to the orchestrator API
- Changing the language of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- Managing Kaspersky SD-WAN domains
- Managing data centers
- Managing VIMs
- Managing subnets
- Viewing logs
- Service Requests
- Managing network services
- User roles and actions with network services
- Uploading a VNF or PNF package to the orchestrator
- Network service template
- Creating a network service
- Configuring network service topology components
- Editing a network service topology
- Deploying a network service
- Checking the consistency of a network service
- Redeploying a network service and its components
- Auto-Healing
- Managing VNFs and VDUs in a network service
- Viewing the network service log
- Deleting a network service
- Managing confirmation requests
- Managing users
- Creating an LDAP connection
- Editing an LDAP connection
- Changing the password of an LDAP connection
- Deleting an LDAP connection
- Creating access permissions
- Editing access permissions
- Cloning access permissions
- Removing an access permission
- Creating a user
- Editing a user
- Changing user password
- Activating or blocking a user
- Deleting a user
- Creating a user group
- Editing a user group
- Deleting a user group
- Managing tenants
- Creating a tenant
- Assigning a VIM to a tenant
- Assigning topology components to a tenant
- Assigning compute resources to a tenant
- Assigning a user to a tenant
- Assigning a user group to a tenant
- Authenticating as an administrator in the tenant's orchestrator web interface
- Editing a tenant
- Deleting a tenant
- Managing SD-WAN instances
- Creating an SD-WAN instance template
- Setting the default SD-WAN instance template
- Deleting an SD-WAN instance template
- Adding a tenant to an SD-WAN instance template
- Removing a tenant from an SD-WAN instance template
- Configuring high availability
- Choosing a transport strategy
- Adding a tenant to an SD-WAN instance
- Removing a tenant from an SD-WAN instance
- Viewing devices assigned to an SD-WAN Instance
- Deleting an SD-WAN instance
- Creating a pool of SD-WAN instances
- Adding an SD-WAN instance to a pool
- Removing an SD-WAN instance from a pool
- Deleting a pool of SD-WAN instances
- Managing CPE devices
- Composition of CPE devices
- Composition of uCPE devices
- SD-WAN managementTunnel management transport service
- Automatic configuration of CPE (ZTP) devices
- CPE device statuses and states
- Ensuring connectivity of CPE devices with SD-WAN Controllers
- Automatically updating the link cost based on maximum speed of the interface
- CPE template
- Creating a CPE device
- Specifying the address of a CPE device
- Registering a CPE device
- Activating or deactivating a CPE device
- Using a web address to activate a CPE device
- Connecting to the CPE device console
- Deleting a CPE device
- Viewing the password of a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Exporting settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Searching for CPE devices
- Automatic removal and deactivation of a CPE device
- Two-factor authentication of a CPE device
- Orchestrator certificates
- Tags
- Out-of-band management of CPE devices
- Managing CPE devices in SD-WAN controller menu
- Viewing the OpenFlow table of a CPE device
- Viewing statistics of OpenFlow interfaces
- Viewing statistics of queues on LAN interfaces
- Navigating to service interfaces on a CPE device
- Viewing the specifications of a CPE device
- Viewing the usage of a CPE device
- Changing the status of a CPE device in the SD-WAN Controller
- Changing the MAC address of a CPE device
- Terminating the TCP session between a CPE device and the SD-WAN Controller
- Scripts
- Network interfaces
- Configuring the connection of a CPE device to the SD-WAN network
- SD-WAN interfaces
- OpenFlow interfaces
- Service interfaces and UNIs
- Creating a service interface
- Creating an ACL interface
- Viewing the usage of a service interface and an ACL interface
- Deleting a service interface and an ACL interface
- Creating a UNI template
- Creating a UNI in a template
- Editing a UNI in a template
- Deleting a UNI in a template
- Deleting a UNI template
- Creating a UNI
- Editing a UNI
- Deleting a UNI
- Filtering routes
- The BGP dynamic routing protocol
- The OSPF dynamic routing protocol
- The BFD protocol
- Creating or deleting a static IPv4 route
- The VRRP protocol
- Viewing the settings of the CPE device connection to the service provider network
- Configuring the connection of a CPE device to a Syslog server
- Configuring the connection of a CPE device to an NTP server
- Firmware
- Monitoring solution components
- Tunnels, segments, and paths
- Configuring topology
- Quality of Service (QoS)
- Transport services
- Point-to-Point (P2P) transport service
- Point-to-Multipoint (P2M) transport service
- Multipoint-to-Multipoint (M2M) transport service
- Adding a transport service in a CPE template
- Editing a transport service in a CPE template
- Deleting a transport service from a CPE template
- Scenario: Directing application traffic to a transport service
- Traffic mirroring
- Task scheduler
- Configuring the SD-WAN Controller
- Editing the SD-WAN Controller
- Restarting the SD-WAN Controller
- Downloading a backup SD-WAN Controller configuration file
- Restoring the SD-WAN Controller
- Deleting the SD-WAN Controller
- SD-WAN Controller properties
- Viewing information about SD-WAN Controller nodes
- Viewing the topology of a deployed SD-WAN instance
- Contacting Technical Support
- Appendices
- Glossary
- Control plane
- Customer Premise Equipment (CPE)
- Data plane
- DSCP values
- Graceful restart
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- SD-WAN Controller
- SD-WAN Gateway
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Tenant
- Universal CPE (uCPE)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function (VNF)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Information about third-party code
- Trademark notices
Managing CPE devices > SD-WAN interfaces > Creating an SD-WAN interface
Creating an SD-WAN interface
Creating an SD-WAN interface
You can create an SD-WAN interface on an individual CPE device or on all devices that use the CPE template. SD-WAN interfaces are created on top of network interfaces, so you must first create a network interface.
To create an SD-WAN interface, use the following instructions:
- Creating an SD-WAN interface on an individual CPE device.
To create an SD-WAN interface on an individual CPE device:
- In the menu, go to the SD-WAN section.
By default, the CPE subsection is displayed with a table of CPE devices.
- Click the CPE device.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
. - Select the SD-WAN settings → Interfaces tab.
A table of SD-WAN interfaces is displayed.
- Click + SD-WAN interface.
- This opens a window; in that window, in the OpenFlow interface field, enter the number of the OpenFlow interface that must be created on the virtual switch of the CPE device.
- In the Interface (alias) field, enter the alias of the network interface to which you want to bind the OpenFlow interface.
- In the Maximum rate field, enter the maximum speed of the SD-WAN interface in Mbps. Range of values: 1 to 100,000. The default setting is
1,000. - Specify the host whose availability determines the availability of the SD-WAN interface:
- In the IP for tracking field, enter the IP address of the host.
- Click + Add.
You can specify multiple hosts.
- In the Reliability field, enter the number of hosts that must remain available for the SD-WAN interface to be considered available. The default setting is
1.Make sure that the number of hosts does not exceed the number of IP addresses in the IP for tracking field. Otherwise, the SD-WAN interface will always be considered unavailable.
- In the Interval field, enter the SD-WAN interface testing interval in seconds. Range of values: 1 to 600. The default setting is
2. - In the Count field, enter the number of availability checks for each of the specified hosts as part of a single SD-WAN interface test. Range of values: 1 to 600. The default setting is
2. - In the Timeout field, enter the time in milliseconds for the SD-WAN interface to wait for an echo response from the hosts after sending an echo request. Range of values: 1 to 100,000. The default setting is
2000. - In the Down field, enter the interval in seconds for testing the SD-WAN interface if it becomes unavailable. Range of values: 1 to 600. The default setting is
3. - In the Up field, enter the interval in seconds for testing the SD-WAN interface if it becomes available again. Range of values: 1 to 600. The default setting is
2. - In the Speed monitoring drop-down list, select whether to check the speed limit of the SD-WAN interface imposed by the mobile operator:
- Yes
- No (selected by default)
- If necessary, configure traffic queues on the SD-WAN interface:
- Select the QoS tab.
A table of traffic queues is displayed.
- In the Remap ToS column, select the Type of Service value of external headers of traffic packets for each queue. You cannot select these values when configuring traffic queues for the LAN interface.
- In the Minimum Speed, % column, specify the minimum traffic bandwidth for the queue as a percentage of the maximum speed of the SD-WAN interface. The sum total in a column may not exceed 100.
- In the Maximum Speed, % column, specify the maximum traffic bandwidth for the queue as a percentage of the maximum speed of the SD-WAN interface. This setting is used to prevent traffic of high-priority queues from indefinitely preempting traffic of low-priority queues.
The maximum speed of the interface is specified when configuring the connection of the CPE device to the SD-WAN network on the General settings tab in the Maximum rate field.
- Select the QoS tab.
- If necessary, configure the sending of interface information to the SD-WAN Controller:
- Select the NAT and Disjoint WAN underlay tab.
- In the State drop-down list, select one of the following values:
- Disabled if the SD-WAN Controller does not need to receive information about the interface.
- NAT/PAT if the interface is behind NAT or PAT and needs to be assigned a public IP address and UDP port number, which must be sent to the SD-WAN Controller.
- Disjoint WAN Underlay if the interface is on an isolated network and its IP address must be sent to the SD-WAN Controller.
- If in the State drop-down list, you selected NAT/PAT, follow these steps:
- In the Real IP Address field, enter the public IP address (IPv4) of the interface.
- In the Real GENEVE UDP Port field, enter the UDP port number of the interface. Range of values: 1 to 65,353.
- If in the State drop-down list, you selectedDisjoint WAN Underlay, in the IP address field, enter the IP address (IPv4) of the interface. You must enter the IP address specified when creating the network interface over which the SD-WAN interface is created.
- If necessary, override the IP address and port for connecting the interface to the SD-WAN Controller:
- Select the Controllers tab.
- Select the Rewrite controllers IP/Port check box. This check box is cleared by default.
- In the Controllers QTY drop-down list, select the number of Controller nodes in your SD-WAN instance.
You must override the IP address for connecting the interface to each node of the SD-WAN Controller. Otherwise, an error occurs and the settings remain unchanged.
- In the Port field, enter the starting port number for connecting the interface to the SD-WAN Controller. The number of fields corresponds to the value that you selected in the Controllers QTY drop-down list. Range of values: 1 to 65,535. The default setting is
6653.The starting port is used to configure the ports for connecting to the SD-WAN Controller. The number of configured ports depends on the number of WAN interfaces of the CPE device. For example, if you enter
6653as the starting port number and the device has four WAN interfaces, port numbers 6654, 6655, and 6656 are derived from that port. - In the IP address field, enter the IP address (IPv4) for connecting the interface to the SD-WAN Controller. The number of fields corresponds to the value that you selected in the Controllers QTY drop-down list.
After overriding the IP address and port for connecting the interface to the SD-WAN Controller, you must restart the CPE device.
- Click Create.
The SD-WAN interface is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE device.
- In the menu, go to the SD-WAN section.
- Creating an SD-WAN interface on all devices that use the CPE template.
To create an SD-WAN interface on all devices that use the CPE template:
- In the menu, go to the SD-WAN → CPE templates subsection.
A table of CPE templates is displayed.
- Click the CPE template.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
. - Select the SD-WAN settings → Interfaces tab.
A table of SD-WAN interfaces is displayed.
- Click + SD-WAN interface.
- This opens a window; in that window, in the OpenFlow interface field, enter the number of the OpenFlow interface that must be created on the virtual switch of the CPE device.
- In the Interface (alias) field, enter the alias of the network interface to which you want to bind the OpenFlow interface.
- In the Maximum rate field, enter the maximum speed of the SD-WAN interface in Mbps. Range of values: 1 to 100,000. The default setting is
1,000. - Specify the host whose availability determines the availability of the SD-WAN interface:
- In the IP for tracking field, enter the IP address of the host.
- Click + Add.
You can specify multiple hosts.
- In the Reliability field, enter the number of hosts that must remain available for the SD-WAN interface to be considered available. The default setting is
1.Make sure that the number of hosts does not exceed the number of IP addresses in the IP for tracking field. Otherwise, the SD-WAN interface will always be considered unavailable.
- In the Interval field, enter the SD-WAN interface testing interval in seconds. Range of values: 1 to 600. The default setting is
2. - In the Count field, enter the number of availability checks for each of the specified hosts as part of a single SD-WAN interface test. Range of values: 1 to 600. The default setting is
2. - In the Timeout field, enter the time in milliseconds for the SD-WAN interface to wait for an echo response from the hosts after sending an echo request. Range of values: 1 to 100,000. The default setting is
2000. - In the Down field, enter the interval in seconds for testing the SD-WAN interface if it becomes unavailable. Range of values: 1 to 600. The default setting is
3. - In the Up field, enter the interval in seconds for testing the SD-WAN interface if it becomes available again. Range of values: 1 to 600. The default setting is
2. - In the Speed monitoring drop-down list, select whether to check the speed limit of the SD-WAN interface imposed by the mobile operator:
- Yes
- No (selected by default)
- If necessary, configure traffic queues on the SD-WAN interface:
- Select the QoS tab.
A table of traffic queues is displayed.
- In the Remap ToS column, select the Type of Service value of external headers of traffic packets for each queue. You cannot select these values when configuring traffic queues for the LAN interface.
- In the Minimum Speed, % column, specify the minimum traffic bandwidth for the queue as a percentage of the maximum speed of the SD-WAN interface. The sum total in a column may not exceed 100.
- In the Maximum Speed, % column, specify the maximum traffic bandwidth for the queue as a percentage of the maximum speed of the SD-WAN interface. This setting is used to prevent traffic of high-priority queues from indefinitely preempting traffic of low-priority queues.
The maximum speed of the interface is specified when configuring the connection of the CPE device to the SD-WAN network on the General settings tab in the Maximum rate field.
- Select the QoS tab.
- If necessary, configure the sending of interface information to the SD-WAN Controller:
- Select the NAT and Disjoint WAN underlay tab.
- In the State drop-down list, select one of the following values:
- Disabled if the SD-WAN Controller does not need to receive information about the interface.
- NAT/PAT if the interface is behind NAT or PAT and needs to be assigned a public IP address and UDP port number, which must be sent to the SD-WAN Controller.
- Disjoint WAN Underlay if the interface is on an isolated network and its IP address must be sent to the SD-WAN Controller.
- If in the State drop-down list, you selected NAT/PAT, follow these steps:
- In the Real IP Address field, enter the public IP address (IPv4) of the interface.
- In the Real GENEVE UDP Port field, enter the UDP port number of the interface. Range of values: 1 to 65,353.
- If in the State drop-down list, you selectedDisjoint WAN Underlay, in the IP address field, enter the IP address (IPv4) of the interface. You must enter the IP address specified when creating the network interface over which the SD-WAN interface is created.
- If necessary, override the IP address and port for connecting the interface to the SD-WAN Controller:
- Select the Controllers tab.
- Select the Rewrite controllers IP/Port check box. This check box is cleared by default.
- In the Controllers QTY drop-down list, select the number of Controller nodes in your SD-WAN instance.
You must override the IP address for connecting the interface to each node of the SD-WAN Controller. Otherwise, an error occurs and the settings remain unchanged.
- In the Port field, enter the starting port number for connecting the interface to the SD-WAN Controller. The number of fields corresponds to the value that you selected in the Controllers QTY drop-down list. Range of values: 1 to 65,535. The default setting is
6653.The starting port is used to configure the ports for connecting to the SD-WAN Controller. The number of configured ports depends on the number of WAN interfaces of the CPE device. For example, if you enter
6653as the starting port number and the device has four WAN interfaces, port numbers 6654, 6655, and 6656 are derived from that port. - In the IP address field, enter the IP address (IPv4) for connecting the interface to the SD-WAN Controller. The number of fields corresponds to the value that you selected in the Controllers QTY drop-down list.
After overriding the IP address and port for connecting the interface to the SD-WAN Controller, you must restart the CPE device.
- Click Create.
The SD-WAN interface is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE template.
- In the menu, go to the SD-WAN → CPE templates subsection.
Article ID: 243250, Last review: Aug 21, 2024