WAN VPN Feature

Add WAN VPN configuration, including DNS servers, NAT, IPv4 or IPv6 static routes and service routes.

Diagram

Classes

transport_profiles (sdwan.feature_profiles)

Name	Type	Constraint	Mandatory	Default Value
wan_vpn	Class	[wan_vpn]	No

wan_vpn (sdwan.feature_profiles.transport_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[^&<>! "]{1,128}$	Yes
description	String		No
enhance_ecmp_keying	Boolean	true, false	No
enhance_ecmp_keying_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
host_mappings	List	[host_mappings]	No
ipv4_primary_dns_address	IP		No
ipv4_primary_dns_address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
ipv4_secondary_dns_address	IP		No
ipv4_secondary_dns_address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
ipv4_static_routes	List	[ipv4_static_routes]	No
ipv6_primary_dns_address	IP		No
ipv6_primary_dns_address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
ipv6_secondary_dns_address	IP		No
ipv6_secondary_dns_address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
ipv6_static_routes	List	[ipv6_static_routes]	No
nat_64_v4_pools	List	[nat_64_v4_pools]	No
services	List	Choice[TE]	No

host_mappings (sdwan.feature_profiles.transport_profiles.wan_vpn)

Name	Type	Constraint	Mandatory	Default Value
hostname	String	min: 1, max: 32	No
hostname_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
ips	List	IP	No
ips_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No

ipv4_static_routes (sdwan.feature_profiles.transport_profiles.wan_vpn)

Name	Type	Constraint	Mandatory	Default Value
administrative_distance	Integer	min: 1, max: 255	No
administrative_distance_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
gateway	Choice	nextHop, dhcp, null0	No
network_address	IP		No
network_address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
next_hops	List	[next_hops]	No
subnet_mask	Choice	255.255.255.255, 255.255.255.254, 255.255.255.252, 255.255.255.248, 255.255.255.240, 255.255.255.224, 255.255.255.192, 255.255.255.128, 255.255.255.0, 255.255.254.0, 255.255.252.0, 255.255.248.0, 255.255.240.0, 255.255.224.0, 255.255.192.0, 255.255.128.0, 255.255.0.0, 255.254.0.0, 255.252.0.0, 255.240.0.0, 255.224.0.0, 255.192.0.0, 255.128.0.0, 255.0.0.0, 254.0.0.0, 252.0.0.0, 248.0.0.0, 240.0.0.0, 224.0.0.0, 192.0.0.0, 128.0.0.0, 0.0.0.0	No
subnet_mask_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No

ipv6_static_routes (sdwan.feature_profiles.transport_profiles.wan_vpn)

Name	Type	Constraint	Mandatory	Default Value
nat	Choice	NAT64, NAT66	No
next_hops	List	[next_hops]	No
null0	Boolean	true, false	No
prefix	String	Regex: ((^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*(\/)(\b([0-9]{1,2}|1[01][0-9]|12[0-8])\b)$))	No
prefix_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No

nat_64_v4_pools (sdwan.feature_profiles.transport_profiles.wan_vpn)

Name	Type	Constraint	Mandatory	Default Value
name	String	min: 1, max: 32	No
name_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
overload	Boolean	true, false	No
overload_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
range_end	IP		No
range_end_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
range_start	IP		No
range_start_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No

next_hops (sdwan.feature_profiles.transport_profiles.wan_vpn.ipv4_static_routes)

Name	Type	Constraint	Mandatory	Default Value
address	IP		No
address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
administrative_distance	Integer	min: 1, max: 255	No
administrative_distance_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No

next_hops (sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes)

Name	Type	Constraint	Mandatory	Default Value
address	IP		No
address_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No
administrative_distance	Integer	min: 1, max: 255	No
administrative_distance_variable	String	Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$	No

Examples

sdwan:
  feature_profiles:
    transport_profiles:
      - name: transport
        description: this is a test transport profile
        wan_vpn:
          name: wan_vpn
          description: VPN 0 configuration
          host_mappings:
            - hostname: vbond.local
              ips:
                - 10.0.0.1
                - 10.0.0.2
          ipv4_primary_dns_address_variable: vpn0_dns_primary
          ipv4_secondary_dns_address_variable: vpn0_dns_secondary
          enhance_ecmp_keying: true
          ipv4_static_routes:
            - network_address: 0.0.0.0
              subnet_mask: 0.0.0.0
              next_hops:
                - address_variable: vpn0_ipv4_default_route_nexthop1_ip
                - address_variable: vpn0_ipv4_default_route_nexthop2_ip
          services:
            - TE