Overview

SD-WAN brings lots of options to the table for configuring and connecting branch and cloud locations together.  However as a network grows, often does the size of the route tables used by network devices to direct traffic.  This can present a unexpected complication when large WAN and SD-WAN networks need to connect to cloud networks, specifically due to the various routing prefix limits put in place by the cloud vendors.


Specifically, with both AWS Direct Connect and Google Cloud Interconnect, each has a limit of 100 prefixes received from the "customer prem" side, after which they will shut down BGP peering. Azure ExpressRoute has a higher limit of 4,000 routes by default, and 10,000 routes with their premier SKU.


Luckily you can use of supernetting to create summary routes to merge multiple subnets into a single advertised route and reduce the size of the route tables advertised your cloud vendor's network.  Over the next few steps we will cover the modification of route maps and static routes that can be setup on a silver peak appliance to configure a supernet and reduce the amount of advertised routes.


Pre-requisites:

  • A Pureport Network
  • A provisioned, licensed, and approved Silver Peak appliance
  • Knowledge of the cloud vendor to connect to (this is optional but can be useful in guiding how many routes need to be summarized).  Be sure to check with your cloud vendor for the current quota's and limits on BGP learned prefix's.
  • Silver Peak Orchestrator access with user privilege's to add/modify routes and route maps.


Steps:

  1. Log into the Silver Peak orchestrator and access the appliance provisioned on the Pureport Fabric.



  2. Select Routes from the Configuration tab.


  3. Next you will want to prevent the new summary route from being advertised to your SD-WAN fabric. Select the pencil icon next to "Redistribute Routes to SD-WAN Fabric" to modify the route map and edit the rules.



  4. Update the route map to not advertise the summary routes you plan to create to the SD-WAN Fabric. This can be accomplished by adding new rules to the route map denying the supernet prefix you will be adding. Once the new rule is entered, click update and apply.



    • Be sure to uncheck the permit option so this rule denies advertising the new route
    • Enter in the Prefix and subnet mask matching the Supernet route you just created
    • You may have to add additional rules to match all your Supernet routes

      Note:  Ensure the priority of your rule is set low enough to prevent other rules from permitting these routes being advertised on the SD-WAN.


  5. Select "Add Route" to add the supernet (summary) route to your route table.



  6. Enter in the appropriate supernet network and netmask, and a comment of "Summary Route", leave all other options blank and click Add.



  7. Next select BGP to go to the BGP configuration page



  8. Select the Icon next to the peer to modify the BGP neighbor, to modify the peer connection.


  9. Modify your outbound route map by clicking the pencil icon.


  10. Modify the rules to no longer permit the outbound advertisement of all "Source Protocol - Local/Static" and "Source Protocol - SD-WAN (Local/Static)" routes



  11. Create a new rule by clicking "Add Rule" . Create the rule to permit the Source Protocol Local/Static with a Prefix matching your Summary Routes that was added in steps 5a.

    • You may need to add additional rules if you have added multiple summary routes

      Note:  Ensure the priority of your rule is set low enough to prevent other rules from denying these routes being advertised to the Pureport Fabric.


  12. Update your BGP peering to set the "Next-Hop-Self" check box to be enabled and click update.



  13. At this time only the supernet prefix(s) should be advertised from the the Silver Peak appliance to your Pureport Fabric and Cloud networks.  If you do not see this update reflected in your route tables, perform a soft reset of the BGP peering session on the Silver Peak appliance by clicking the "Soft Reset" button on the BGP peer.