The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
An edge router or border router that has connections to two networks that lack direct connectivity can function as a transport
gateway. This is helpful for enabling connectivity between routers that are configured to be within the same access region,
but which do not have direct connectivity.
Various devices assigned to the same access region may operate in networks that lack direct connectivity—so-called disjoint
networks. If there is an edge router or a border router that operates in the same access region, and has connections to the
two disjoint networks, you can configure that router to function as a transport gateway. As a transport gateway, the router
provides connectivity to the edge routers in the disjoint networks.
Figure 1. Border Router Functioning as a Transport Gateway for Edge Routers that Lack Direct Connectivity
The Problem That Transport Gateways Address
Without transport gateway functionality, one method for enabling traffic between devices that lack direct connectivity is
to create a control policy that routes traffic between the devices in disjoint networks using an intermediate device that
has connectivity to both networks, and configuring specific routes.
There are problems with this approach:
Complexity: Configuring a control policy to advertise prefixes is complicated.
Potential traffic black hole: The control policy cannot detect whether a device or a configured route is unavailable. This
can lead to packet loss if a route becomes unavailable.
Routing Mechanism
When a router is configured to function as a transport gateway, it does the following for each route between devices within
its primary region.
Installs each route that it learns from the Cisco SD-WAN Controllers for the access region.
Re-originates each route that it learns from the Cisco SD-WAN Controllers, substituting its own TLOCs as the next hop for the routes. This means that it substitutes its TLOCs as the next hop for
each route and advertises the route to the Cisco SD-WAN Controllers for its region.
Note that this process does not re-originate primary region routes into the core region, or core region routes into an access
region.
The effect of configuring a router as a transport gateway is that it can provide routes for all intra-region traffic. A device
in the network uses the transport gateway route only if it lacks a direct route to the destination.
Primary Region Only
If you configure an edge router to act as a transport gateway, the edge router re-originates only routes in a primary access
region. For information about primary and secondary regions, see Information About Secondary Regions.
If you configure a border router to act as a transport gateway, it re-originates only routes in the access region, not the
core region.
Preference for a Transport Gateway Route
After configuring a transport gateway, there may be multiple paths available between two routers in an access region. When
multiple paths are available between two routers, the overlay management protocol (OMP) applies best path selection logic
to choose the best path. The best path selection logic is biased toward paths with the smallest number of hops, which may
possibly exclude the transport gateway path. OMP best path selection logic includes the following:
By default, OMP selects a direct path if one is available.
If no direct path is available, OMP selects a path with more hops, such as through a transport gateway.
You can configure the OMP logic as follows:
Prefer a transport gateway path over a direct path.
Consider direct paths and transport gateway paths as equal.
If there are multiple transport gateways active in a region, then a device applies equal-cost multi-path routing (ECMP) across
all of the available transport gateways.
Benefits of Transport Gateways
Advantages of Using Transport Gateways
Enables easier configuration than the control policy method.
If a route becomes unavailable, the transport gateway withdraws the route to the edge router and stops re-originating the
paths to it, preventing networking black holes.
Traffic Protocols
Transport gateway routers can handle IPv4 and IPv6 traffic.
Transport gateway functionality: Cisco IOS XE Catalyst SD-WAN devices only
Ability to use transport gateway paths: Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices
Restrictions for Transport Gateways
Restrictions from Cisco IOS XE Catalyst SD-WAN Release 17.8.1a and Cisco vManage Release 20.8.1
Cloud onRamp for SaaS routes
Does not affect Cloud onRamp for SaaS routes.
Secondary regions
Transport gateway functionality is not supported on routers that have a secondary region configured.
Note
Attempting to configure transport gateway functionality on such a router results in an error.
Multiple devices within the same region
If you enable transport gateway functionality on multiple devices within the same region, providing more than one transport
gateway path between edge routers in disjoint networks, the edge routers apply best path selection logic to determine the
best path.
If there are multiple transport gateways and OMP selected transport gateway paths, then it applies ECMP to all available transport
gateway paths.
By default, OMP selects a direct path if one is available, and if not, selects a path with more hops, such as through a transport
gateway, if available. However, you can configure the OMP logic differently. See Information About Transport Gateways.
Not advertising a transport gateway route to another transport gateway
If you enable transport gateway functionality on multiple devices within the same region, the Cisco SD-WAN Controller for the region ensures that a route that is re-originated by one transport gateway is not advertised to another transport
gateway. By preventing the advertising of a transport gateway route to another transport gateway, the Cisco SD-WAN Controller helps to prevent any potential routing loops.
Resource demands
Due to the resource demands of transport gateway functionality, we recommend enabling this only on a high-performance device
with CPU and memory resources to handle the additional load. The specific resource requirements depend on your networking
environment.
Dynamic on-demand tunnels
You cannot configure dynamic on-demand tunnels for a device configured as a transport gateway. This restriction applies in
MRF- and non-MRF architectures. For information about dynamic on-demand tunnels, see Dynamic On-Demand Tunnels in the Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Release 17.x.
Edge router and a border router in the same region
Do not configure both an edge router and a border router in the same region as transport gateways.
Border router requirement
For a network using Multi-Region Fabric, Cisco IOS XE Catalyst SD-WAN Release 17.15.x and Cisco Catalyst SD-WAN Control Components Release 20.15.x are the last releases to support configuring non-border-routers as transport gateways. From Cisco IOS XE Catalyst SD-WAN Release 17.16.1a and Cisco Catalyst SD-WAN Control Components Release 20.16.1, in such a network, only configure border routers as transport gateways. Do not configure other types of routers as transport
gateways.
Configure Transport Gateways Using Cisco SD-WAN Manager
Enable Transport Gateway Functionality on a Router Using Cisco SD-WAN Manager
From the Cisco SD-WAN Manager menu, choose Configuration > Templates.
Click Feature Templates.
Do one of the following:
Create an OMP template for the device.
In the table, locate the existing OMP template for the device. In the row for the template, click … and choose Edit.
In the Best Path section, in the Transport Gateway Path Behavior field, choose Global mode and choose one of the following options:
Option
Description
Do ECMP Between Direct and Transport Gateway Paths
For devices that can connect through a transport gateway and through direct paths, apply equal-cost multi-path (ECMP) to all
available paths.
Prefer Transport Gateway Path
For devices that can connect through a transport gateway, use only the transport gateway paths, even if other paths are available.
(Optional) From Cisco IOS XE Catalyst SD-WAN Release 17.12.1a, you can click the Site Types field and choose one or more site types to which to apply the transport gateway behavior. For information about how the Site
Types parameter operates together with the Transport Gateway Path Behavior parameter, see OMP Best Path Logic and Transport Gateway Path Preference.
Click Save if creating a new template, or Update if editing an existing template.
Configure Transport Gateways Using the CLI
Enable Transport Gateway Functionality on a Router Using a CLI Template
For devices that can connect through a transport gateway and through direct paths, apply equal-cost multi-path (ECMP) to all
available paths.
prefer
For devices that can connect through a transport gateway, use only the transport gateway paths, even if other paths are available.
Beginning with Cisco IOS XE Catalyst SD-WAN Release 17.12.1a, you can specify which types of traffic use a transport gateway route. Other types of traffic do not use a transport gateway.
Use the show sdwan running-config system command on a device to check whether it is configured as a transport gateway. In the output, transport-gateway enable indicates that it is configured.
Device#show sdwan running-config system
system
system-ip 192.168.1.1
domain-id 1
site-id 11100
region 1
!
role border-router
transport-gateway enable
...
You can also use the show sdwan omp summary command on a device to check whether it is configured as a transport gateway. In the output, transport-gateway enabled indicates that transport gateway functionality is enabled.
Feedback