Link Search Menu Expand Document

Business Intent Overlays

配置>覆盖层和安全>业务意图覆盖

Use theBusiness Intent Overlays (BIOs)tab to create separate, logical networks that are individually customized to your applications and requirements within your network. By default, there are several predefined overlays matching a range of traffic within your network.

这overlay summary table is used for easy comparison of values between your various configured overlays. You can select any link in the table and theOverlay Configurationdialog box launches. You can also temporarily save your changes before officially applying those changes to your overlay. The pending configuration updates are indicated by an orange box around the edited item. ClickSave and Apply Changes to Overlayswhen you are ready to apply the changes and clickCancelif you want to delete the changes.

Overview

Orchestrator matches traffic to an ACL, progressing down the ordered priority list of overlays until it identifies the first one that matches. The matched traffic is then analyzed against the overlay’s Internet Traffic configuration and forwarded within the fabric, or broken out to the internet based on the preferred policy order. If the software determines that the traffic is not destined for the internet, it refers to theWAN Links & Bonding Policyconfiguration and forwards traffic accordingly within the overlay.

SD-WAN Traffic to Internal Subnets

Overlay Configuration

您可以开始配置或修改默认覆盖层Overlaycolumn. You can also select any icon on theBusiness Intent Overlaypage and the selected editor or dialog box opens.

Complete the following steps to configure your overlay.

  1. 选择覆盖的名称。这Overlay Configurationwindow opens. If you want to edit the default overlay or create a new overlay, enter the new name of the overlay in theNamefield.

  2. 选择Match从菜单中选择匹配标准。

  3. 点击Editicon next to the ACL field. To apply default ACLs or create your own, selectAdd Rule在里面Associate ACLwindow.

  4. ClickSave.

Region

To view your associated region within your overlay, select theRegionsicon in theRegioncolumn in the overlay summary table. You can modify, remove, or edit overlay settings for a selected region by expanding the list at the right-top of theOverlay Configurationwindow. For more information aboutRegions, refer to the help on the tab.

Topology

选择type of topology you want to apply to your overlay and network. You can choose between the following types of topology:

  • 网:ChooseMeshif you want to make a local network.

  • Hub & Spoke:轮毂用于在集线器和辐条网络中构建隧道,并在区域之间的路由流量。如果您选择Hub & Spoke, any appliance set as a hub will serve as a hub in any overlay applied to it. Hubs in different regions mesh with each other to support regional routing. To configure hubs, select theHubslink at the top of the page.

  • Regional Mesh and Regional Hub & Spoke:To streamline the number of tunnels created between groups of appliances that are geographically dispersed, you can assign appliances toRegionsand selectRegional MeshorRegional Hub & Spoke.

  1. 在页面顶部,选择Regions.

  2. You can add and remove a region or view the status of each overlay within a selected region.

Building SD-WAN Using These Interfaces

You can select which WAN interfaces you want to use for each device to connect to the SD-WAN. First, you assign for your traffic to go to thePrimaryinterfaces. If the primary interface is unavailable or not meeting the desired Service Level Objectives configured, the备份interfaces are used. Move the desired interfaces betweenPrimaryand备份. The interfaces are grayed out until moved into thePrimaryor备份boxes.

  • Cross Connectallows you to define tunnels built between each interface label. Each appliance has a maximum number of tunnels that it can support, and usingCross Connectincreases the number of tunnels created.

  • Add Backup if Primary Are:Specifies when the system should use the Backup interfaces.

  • +Secondary:Click+Secondary启用辅助接口。您可以选择Qurtestrator选择何时通过选择辅助DownorNot Meeting Service Levels.

Service Level Objective

Traffic is routed through the primary interfaces exclusively unless the service level thresholds for失利,Latency, orJitter已超过。如果发生这种情况,则添加备份接口,以便可以满足服务级别的目标。

NOTE:Primary interfaces can still be used to support the overall Service Level Objective.

You can select the following Link Bonding Policies when you need to specify the criteria for selecting the best route possible when data is sent between multiple tunnels and appliances. You can also select custom bonding, which enables you to customize link prioritization and traffic steering policies based on multiple criteria.

Field Description
High Availability 对于根本无法接受任何中断的关键服务。例如,呼叫中心语音或关键的VDI流量。
高质量 For typical real-time services, such as VoIP or video conferencing. For example, WebEx or business-quality Skype, VDI traffic.
高通量 For anything where maximum speed is more important than quality. For example, data replication, NFS, file transfers, and so forth.
High Efficiency For everything else. This option sends load balance information on multiple links, with no FEC or overhead.
风俗 Specify the following:

FEC Wait Time (in milliseconds)

Exclude links: Overlay or Underlay brownout

链接重新排序频率:激进,中度,保守

Path Conditioning (in percentage)

Packet Reorder Wait Time (in milliseconds)

Link Selection: Waterfall or Balanced

QoS, Security, and Optimization

To further customize your overlay configuration, enter the appropriate information for the following fields.

Field Description
FW Zone 选择firewall zone you want to restrict traffic to from an overlay.
Boost SelectTrueorFalseif you want to apply any purchased Boost to your overlay.
Peer Unavailable Option 选择following options you want your traffic to go if a peer is unavailable:Use MPLS,Use Internet,使用LTE,Use Best Route,Drop.
交通类 Channels traffic to the desired queue based on the applied service. SelectBest RouteorDrop.
LAN DSCP 选择DSCP you want to apply as a filter to the LAN interface.
WAN DSCP 选择DSCP you want to apply as a filter to the WAN interface.

Breakout Traffic to Internet and Cloud Services

You can use theBreakout Traffic to Internet & Cloud Servicesto monitor and manage traffic coming to or from the internet.

集线器与分支突破设置

您可以为集线器创建不同的突破性策略。您在Topologysection also displays at the top of theInternet Traffic to Web, Cloud Servicestab. When you select an individual hub, theUse Branch Settingsdisplays, selected, to the right of the screen. Complete the following steps to create a custom breakout policy for that hub:

  1. Clear the check box forUse Branch Settings.

  2. Configure the now accessible parameters.

  3. ClickOK.

Preferred Policy Order and Available Policies

  • 您可以在Preferred Policy Orderand the可用的政策列。你也可以改变their order within a column. The defaults provided areBackhaul via Overlay,Break Out Locally, andDrop.

  • 当您选择时Break Out Locally, confirm that any selected interface that is directly connected to the Internet hasStateful Firewallspecified in the deployment profile.

  • You can add services (such as Zscaler, Fortigate, or Palo Alto). The service requires a corresponding Internet-breakout (Passthrough) tunnel for each appliance traffic to that service. To add a service, select the edit icon next toAvailablePolicies.

  • Defaultpolicy you configure for internet breakout is pushed to all appliances that use the selected Overlay. However, you might want to push different breakout rules to your hubs.

您可以通过指定类型的类型来选择最佳的Internet突破链接Link Selection:WaterfallorBalance. Drag and drop an available interface intoPrimaryor备份在里面使用本地突破这se Interfacesand complete the following steps.

  1. SelectWaterfallorBalancedunderLink Selection.

  2. If waterfall is chosen, links are ranked on the selected threshold, from best to worst. The best link is chosen first and the next best link is chosen when the current, best link’s bandwidth utilization is full. Select one of the following ways you want Orchestrator to first determine which link to use.

    Field Description
    Auto Default threshold if you do not specify the threshold for your links.
    MOS Measure of the voice connect quality.
    失利 Configured amount of loss the primary link is given.
    Latency Configured amount of time you assign to the primary link for latency.

    NOTE:备份links are used only whenallprimary links are down.

  3. IfBalancedis chosen, enter the amount for the three Performance Thresholds:失利,Latency, andJitter. Traffic is dispersed between one or more of the configured top or equally ranked links.

    WARNING:Random links are selected if no brownout thresholds for Loss, Latency, and Jitter have been set.

  4. 点击edit icon next to使用本地突破these interfaces and complete the dialog box if you choose to set IP SLA Rule destinations.

    NOTE:You can still enable Path Loading even if you do not select any primary links.

    If you selectExclude links That Are Below Performance Thresholds, the selected policy order is applied.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go toAruba EULA.

Baidu