👨💻Implementing a Vanilla Debian Breakout off an Agg🌐
Learn how to set up a Fusion's SD-WAN with a breakout and connect PWANs for efficient internet access using just the breakout's public
Driving SD-WAN Adoption in South Africa
The purpose is to have Fusion’s SD-WAN provisioned in a private cloud then to connect PWANs to the Agg and use it as an Internet breakout while using only the public IP of a Vanilla Debian Bookworm instance.
The first step is to install an Agg on a private cloud.
Here is the configuration for a private wan space:
ens224.900 is the interface connecting the space and ospf using managed VLANs. Any edge using the designated space via a PWAN will be able to use the CGNAT ability of the upstream breakout. Hundreds of edges can connected via spaces.
This displays a successful running configuration.
The following nft file needs to be created in nft-masquerade.nft and configured to run on startup.
table ip nat {
chain prerouting {
type nat hook prerouting priority -100; policy accept;
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
# Masquerade traffic leaving via ens192
oifname "ens192" masquerade
}
}
To enable the rules on startup use this:
The crucial configuration you need on the vanilla Debian breakout is to enable forwarding:
The next step is to have ospf running between the agg and the breakout.
And that is it, surfs up!
