Cisco Catalyst SD-WAN Network Configuration Guide, Releases 26.x and Later

PDF

System IP address

Want to summarize with AI?

Log in

Details the system interface’s role in TLOC configuration, including attributes and integration with TLOCs in SD-WAN systems.


A system interface IP address is a persistent address that

  • identifies the Cisco IOS XE Catalyst SD-WAN device,

  • is similar to a router ID on a regular router, and

  • is used to identify the router from which packets originated.

System IP address configuration

You configure a system interface for each Cisco IOS XE Catalyst SD-WAN device using the system system-ip command. Specify the system IP address as an IPv4 address in decimal four-part dotted notation, without including the prefix length; the /32 prefix is implicit. The system IP address must not be within the following ranges: 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/4, or 240.0.0.0/4 and later. Assign a unique system IP address to each device in the overlay network. You cannot assign this address to another interface in VPN 0.

The system interface is placed in VPN 0 as a loopback interface named system. This loopback is not the same as a loopback address that you configure for a specific interface. To display information about the system interface, use the show interface command.

Role in OMP TLOC identification

The system IP address is used as one of the attributes of the OMP TLOC (Overlay Management Protocol Transport Locator). Each TLOC is uniquely identified by a 3-tuple: the system IP address, a color, and an encapsulation. Use the show omp tlocs command to display TLOC information.

Device management

For device management, configure the same system IP address on a loopback interface located in a service-side VPN appropriate for management purposes. Use a loopback interface because it remains reachable whenever the router is operational and the overlay network is up. Avoid configuring the system IP address on a physical interface, since both the router and the interface must be up for reachability in that case.

Assign the loopback interface to a service-side VPN, which is any VPN other than VPN 0 (the WAN transport VPN) or VPN 512 (the management VPN). Service-side VPNs are used to route data traffic and remain reachable from the data center.