SD-WAN

 View Only

  • 1.  Issues getting Redundant SD-Branch to work

    Posted Nov 04, 2025 09:49 PM

    I hope someone can help me stabilize an SD-Branch solution I am testing out here in my home-lab, whatever I try it remains not very unstable, both Gateways work but NOT as a redundant / hitless solution when one of the links goes down. My setup is as below.  Both gateways are with a lag connected to two different switches, one switch is also a L3 switch while the other is just a L2 switch.

    The Lag is a trunk.

    A diagram of a cloud network AI-generated content may be incorrect.

    Initially, I created a VLAN 100 that only had IP addresses defined on the gateways, it was Layer2 on the switches. I used this as the cluster management VLAN as well as the System-IP Vlan. I used OSPF to route between the L3 switch and the gateways. I validated that OSPF formed a proper adjacency and that I received routes. In this scenario it looked like all traffic was routed through gw01. In this setup, I was unable to form a tunnel to gw02. I also observed strange behavior with VRRP. Although VRRP was up and one was a backup and the other a active member, I was unable to ping gw02 from gw01.  The IPSEC tunnel to gw02 would not establish from the AP.

    A diagram of a network AI-generated content may be incorrect.

    I decided to change the configuration and use VLAN 3 as the management VLAN as well as the System IP VLAN, this VLAN was also routed on the L3 switch. In this scenario, the IPSEC tunnel got established to both gateways. So far so good, however when I try to test failover and disconnected what is marked as the leader, the device does not failover immediately. I basically have to disconnect from the WIFI wait half a minute, reconnect and then the connection re-established. Same thing with failover back to the primary, I also lose packets.

    Below some snapshots

    A screenshot of a computer AI-generated content may be incorrect.

    A screenshot of a computer AI-generated content may be incorrect.

    Hope anyone can provide some guidance, I wasn't able to find enough information on the VSG and other sources to get this to work properly.



    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------


  • 2.  RE: Issues getting Redundant SD-Branch to work

    Posted Nov 05, 2025 12:53 AM

    see if this technnote helps it covers "Aruba Branch Gateway Redundancy"



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Issues getting Redundant SD-Branch to work

    Posted Nov 14, 2025 12:26 PM
    Edited by mvanoverbeek Nov 14, 2025 03:20 PM

    Hi Ariyap,

    I tried to follow along with the manual, set up two 9004 gateways. For gw01 I used VLAN 4085 as Uplink WAN VLAN and for gw02 I used Uplink WAN VLAN 4094. When at step 2.5 I get stuck, despite having configured the VLANs 4085 and 4094 at the Group level I am unable to select these VLANS in the Uplink tab

    I went ahead and configured all the other settings, including the WAN redundancy settings (see below)

    I see this:

    The interesting thing is though that after configuring all the other steps it does seem to work


    Here is a view of the WAN interfaces on the primary gateway

    One thing I cannot figure out though is if I am now actually being able to loadshare the connection. Can I for instance on a per host or application determine which WAN link I should prefer?
    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------

    Original Message


Related Content