Path Labels

Overview

Path labels offer a powerful way to organize networks and tunnels in flexiWAN. With it, users can define unique underlay networks capabilities:

  • Assign an interface to an underlay network type so operations such as tunnel creation or policies defined with labels (logical name) and not with interfaces (specific per device)

  • Have a granular control on how tunnels are created. With Path Labels it’s possible to create multiple tunnels using a given interface and specify the exact underlay network connectivity

  • Use application based routing through Path Selection, to configure outgoing traffic categories such as public services or applications per specified interfaces.

This is depicted in the example below. In the next image the Green and Blue labels represent two separate underlay networks, where each can represent an ISP or any logical underlay network.

@startuml


skinparam rectangle {
  borderColor Transparent
  backgroundColor Transparent
  stereotypeFontColor Transparent
  shadowing false
}
skinparam cloud {
    backgroundColor<<green>> LightGreen
    backgroundColor<<blue>> SkyBlue
    stereotypeFontColor<<green>> LightGreen
    stereotypeFontColor<<blue>> SkyBlue
}

rectangle "LAN1" as LAN1T
rectangle " " as LAN1 {
 card " " as H1
 card " " as H2
 card " " as H3
}

agent "flexiEdge1" as FE1
cloud "Label:Blue\n " as BLUE <<blue>>
cloud "Label:Green\n " as GREEN <<green>>
rectangle "WAN" as WANT
agent "flexiEdge2" as FE2

rectangle " " as LAN2 {
 card " " as H4
 card " " as H5
 card " " as H6
}
rectangle "LAN2" as LAN2T

H3 -[#FFFFFF] LAN1T
H1 -- FE1
H2 -- FE1
H3 -- FE1
FE1 -[#SkyBlue,thickness=4]- BLUE
FE1 -[#LightGreen,thickness=4]- GREEN
BLUE -[#FFFFFF] WANT
BLUE -[#SkyBlue,thickness=4]- FE2
GREEN -[#LightGreen,thickness=4]- FE2
FE2 -- H4
FE2 -- H5
FE2 -- H6
H6 -[#FFFFFF] LAN2T

@enduml

Each physical WAN interface can be assigned to an underlay network by assigning one or more Path Labels to it. WAN Interfaces can have a single Path Label or multiple ones. It’s also possible not to assign any Path Label to an interface, however multiple more advanced features such as Path Seleciton rely on Path Labels as well. With Path Labels and Path Selection functionality, one can configure traffic routing across internet breakout interfaces or a specific tunnels.

There are two Path Label types:

  • Tunnel - used for establishing tunnels between multiple devices. Tunnels can be established between same Path Label assigned on multiple devices.

  • DIA - Direct Internet Access, used for local internet breakout traffic. DIA labels are used togehter with Path Selection, our application based routing functionality. In this case traffic can be routed through the specific DIA interface.

With the introduction of Path Labels, tunnels functionality is greatly enhanced. When creating tunnels one can select specific or all Path Labels. For example, one can label interfaces per:

  • Link type, e.g. “Coax”, “Fiber” or LTE

  • Per ISP, such as ISP1 and ISP2

  • any other type of labeling, such as “blue” or “green” labels.

flexiWAN can establish tunnels between two or more devices even without Path Lables, however when using Path Lables users can have much more control over which interfaces are used for tunnels. Interfaces without path labels are considered part of an unlabeled underlay network. Tunnels can be created between unlabeled interfaces, however it is not possible to combine interfaces with Path Labels with those without.

In the upcoming flexiWAN versions, we will greatly enhance the Path Labels functionality with more SD-WAN capabilities such as policies for enabling traffic classification and filtering (L3/L4 as well as L7/application). Users will be able to use Path Labels for routing, failover or load balancing by applications.

Creating Path Labels

To create a new underlay network, first define a new path label in the Inventory -> Path Labels menu.

Token Created

Click on the “New Label” button to create a new path label.

Token Created

Fill in the name and description, choose a color or even add your own color (in hex). It’s important to note the “Direct Internet access” option, which allows reserving the label strictly for internet breakout. This means that all traffic going through this path label will be using internet breakout, and will not go over a tunnel. If an interface has “Direct Internet Access” Path Label assigned to it, it will not be possible to use it for tunnels.

Below is an example Path Labels can be configured, where Path Labels have been created to differentiate between ISPs as well as connection types.

Token Created

For a real-world example, let’s say there are several remote sites (stores) and a single datacenter site. We want to connect each remote site to the datacenter. Create the Path Labels as shown in the following image.

Token Created

In this example, both remote sites and the datacenter site have two WAN connections, each connected to two different ISPs. After creating tunnels between the sites and datacenter, the tunnel page will show 6 tunnels.

Token Created

Assigning Path Labels

After creating Path Labels, assign them to the device interfaces to associate them to the underlay network. Navigate to the Inventory > Devices and open Device Info. From there go to the “Interfaces” tab.

The device interfaces without any assigned Path Labels will look as the following screenshot.

Token Created

In order to assign a Path Labels, select the desired label from the drop down menu. Do the same for all the interfaces you want to label and then click the “Update Interfaces” button.

Token Created

For the purpose of this documentation, we have assigned separate Path Labels for each of the two WAN interfaces on this device, defining each interface with its own ISP label.

Token Created

Path Labels and Tunnels

After creating and assigning Path Labels to the device interfaces, creating tunnels offers greater functionality. Selecting two or more devices from Inventory and creating tunnels will offer an option to select path labels.

Token Created

Within the “Select path labels…” drop down menu all previously created path labels are displayed.

Token Created

For the purpose of this document, we have two flexiEdge devices with two WAN interfaces each. On each device WAN1 has an ISP1 label assigned to it and WAN2 is using ISP2. We will use these devices in the next three examples.

Creating tunnels with a specific Path Label

Selecting a specific Path Label will create a full mesh tunnel for all selected devices that are assigned with the selected label. In this case we have added a single tunnel using the ISP1 label, while ISP2 Path Label and interface was not used.

Token Created

Creating tunnels with “ALL” Path Labels

Selecting “ALL” will create tunnels using all Path Labels assigned to the devices interfaces. In this case, it will add two tunnels as each flexiEdge device has two WAN interfaces, with assigned Path Labels ISP1 and ISP2 respectively.

Token Created

Creating tunnels without Path Labels

Creating tunnels without selecting any Path Labels is possible. In this case, the tunnels are being created for all selected devices between the unlabeled interfaces.

Token Created