The Umbrella virtual appliance (VA) enables the use of Anycast DNS addressing within an enterprise.
The advantage of using Anycast is that all your endpoints can use the same DNS IP address irrespective of the site to which they belong. Configuring an Anycast IP address on the VA adds resiliency for DNS resolution.
The VA currently supports enabling Anycast using the BGP protocol. This requires support for BGP on the VA’s neighboring router.
Two VAs in different branches can also be configured with the same Anycast IP address, ensuring resiliency across branches. However, if AD integration is required, these VAs must be in the same Umbrella site, since the AD Connector propagates IP-AD user mappings only to VAs in its Umbrella site.
- Enter the Configuration Mode on the VA.
- Enable Anycast support on the VA. Enter config anycast bgp <options>
Command returns an ASN for the VA.
- enable <anycast_ip> <bgp_info>—Enable the anycast mode
- <anycast_ip>—Anycast IP address
- <bgp_info>—ASN:IPAddress of the BGP router to publish
- disable—Disable anycast mode
- status—Show status of anycast
- test—test Anycast connectivity
- help—Display this usage information
- Validate status. Enter config anycast bgp status
- On the router, add the VA’s ASN from step 2 as the neighbour of the router.
Note: If your VA is running version 2.3.1 or earlier, use the command support anycast bgp <options>.
In the following configuration, the VA needs to be configured with Anycast IP 192.168.1.22, the BGP router’s ASN is 7105, and IP address is 10.1.0.1.
- Enable Anycast support on the VA. Enter:
config anycast bgp enable 192.168.1.22 7105:10.1.0.1
config anycast bgp status
Anycast is Enabled:
BGP ASN => 787744
BGP Router id => 10.78.77.44
Anycast IP => 192.168.1.22/32
IP => 10.1.0.1
ASN => 7105
- On the router, configure the neighbour as the VA's ASN (787744).
Updated 10 months ago