{"id":448,"date":"2021-09-28T02:51:39","date_gmt":"2021-09-28T02:51:39","guid":{"rendered":"https:\/\/www.sdwan2.com\/?p=448"},"modified":"2021-09-28T02:51:39","modified_gmt":"2021-09-28T02:51:39","slug":"bgp-over-ipsec-between-vmware-sd-wan-edge-and-cisco-ios","status":"publish","type":"post","link":"https:\/\/www.sdwan2.com\/index.php\/2021\/09\/28\/bgp-over-ipsec-between-vmware-sd-wan-edge-and-cisco-ios\/","title":{"rendered":"BGP over IPSec between VMware SD-WAN Edge and Cisco IOS"},"content":{"rendered":"\n

Background<\/h3>\n\n\n\n

For VMware SD-WAN Edge, starting from version 4.3, the feature of BGP over IPSec is introduced. This post documents how to configure VMware SD-WAN Edge to form BGP over IPSec with Cisco IOS device. Although the major use cases of BGP over IPSec on VMware SD-WAN Edge is to allow connect to public cloud VPN gateway, lab testing will be easier with traditional router\/firewall, such as Cisco IOS device. Hence, this is the major reason for this post.<\/p>\n\n\n\n

Versioning<\/h3>\n\n\n\n

The VMware SD-WAN Edge is with version 4.3.0 [R430-20210702-GA-61583-76361fa920].<\/p>\n\n\n\n

Topology and Diagram<\/h3>\n\n\n\n

The following is topology being used in the lab environment for this post:<\/p>\n\n\n\n

\"\"
Figure 1 – Topology Diagram<\/figcaption><\/figure>\n\n\n\n

In this lab environment, there is a SD-WAN Edge called ABCD-VCE1. ABCD-VCE1 is having a public IP address 24.5.2.39 connected to the Internet. There are two routers called R-IPSec1 and R-IPSec2, R-IPSec1 is having public IP 98.1.2.212 connected to the Internet while R-IPSec2 is having public IP 184.1.2.212 connected to the Internet.<\/p>\n\n\n\n

ABCD-VCE1 will establish IPSec tunnel to R-IPSec1 and R-IPSec2. That means there will be two IPSec tunnels. The first one is between 24.5.2.39 (169.254.80.2) and 98.1.2.212 (169.254.80.1), the 169.254.x.x IP address in the bracket is the corresponding tunnel IP address. The second IPSec tunnel is between 24.5.2.39 (169.254.80.6) and 184.1.2.212 (169.254.80.5), again, the 169.254.x.x IP address in the bracket is the corresponding tunnel IP address.<\/p>\n\n\n\n

The BGP peers are eBGP, here is the AS number of each device:<\/p>\n\n\n\n

  • ABCD-VCE1: AS65123<\/li>
  • R-IPSec1: AS65100<\/li>
  • R-IPSec2: AS65101<\/li><\/ul>\n\n\n\n\n\n\n\n

    Configurations<\/h3>\n\n\n\n

    Configuration of the SD-WAN Edge ABCD-Edge1<\/h4>\n\n\n\n

    Under Configure –> Network Services, define the two Non SD-WAN Destinations via Edge. Please note in this POST, it is Generic IKEv2 (not IKEv1).<\/p>\n\n\n\n

    \"\"
    Figure 2 – IPSec Configuration to R-IPSec1<\/figcaption><\/figure><\/div>\n\n\n\n
    \"\"
    Figure 3 – IPSec Configuration to R-IPSec2<\/figcaption><\/figure><\/div>\n\n\n\n
    \"\"
    Figure 4 – Enable Branch to Non SD-WAN Destination via Edge under Cloud VPN<\/figcaption><\/figure>\n\n\n\n

    Figure 4 shows in order to enable the IPSec from the ABCD-VCE1, under “Cloud VPN –> Branch to Non SD-WAN Destination via Edge”, create the two corresponding tunnels by selecting “IPSec1” and “IPSec2” created previously. If you wonder where to put the pre-shared key, it is at the window by clicking either “Add” or “Edit” under the action column.<\/p>\n\n\n\n

    \"\"
    Figure 5 – The “Edit” or “Add” button allows configure the Pre-Shared Key<\/figcaption><\/figure><\/div>\n\n\n\n

    At this point, the IPSec configurations are completed. The next configuration we have to perform is the BGP over IPSec, check Figure 6 below:<\/p>\n\n\n\n

    \"\"
    Figure 6 – BGP configuration of ABCD-Edge1<\/figcaption><\/figure><\/div>\n\n\n\n

    The area I would like to highlight are, firstly, for BGP over IPSec, the neighbors are created under “NSD Neighbors” instead of the normal “Neighbors”. Secondly, the tunnel IP address 169.254.80.2 and 169.254.80.6 are configured under the option called “Local IP” of “Additional Options”. The other fields of the GUI I believe they are self-explanatory. <\/p>\n\n\n\n\n\n\n\n

    Configuration of the two Cisco routers R-IPSec1 and R-IPsec2 <\/h4>\n\n\n\n

    Since the focus is on the VMware SD-WAN Edge, not the Cisco routers, the Cisco configurations will be pasted below for your reference<\/p>\n\n\n\n

    R-IPSec1 Configuration:<\/p>\n\n\n\n

    R-IPSec1#sh run\nBuilding configuration...\n\nCurrent configuration : 2192 bytes\n!\n! Last configuration change at 09:54:21 HKT Wed Sep 1 2021\n!\nversion 15.7\nservice config\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nno service password-encryption\n!\nhostname R-IPSec1\n!\nboot-start-marker\nboot-end-marker\n!\n!\n!\nno aaa new-model\n!\n!\n!\nclock timezone HKT 8 0\nmmi polling-interval 60\nno mmi auto-configure\nno mmi pvc\nmmi snmp-timeout 180\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n\n\n!\n!\n!\n!\nip cef\nno ipv6 cef\n!\nmultilink bundle-name authenticated\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nredundancy\n!\n!\n!\n!\ncrypto ikev2 proposal velo_prop\n encryption aes-cbc-256\n integrity sha256\n group 14\n!\ncrypto ikev2 policy velo_pol_ikev2\n proposal velo_prop\n!\ncrypto ikev2 keyring velo_key\n peer ALL\n  address 24.5.2.39\n  pre-shared-key local vmware1234\n  pre-shared-key remote vmware1234\n !\n!\n!\ncrypto ikev2 profile velo_profile_ikev2\n match identity remote address 24.5.2.39 255.255.255.255\n identity local address 98.1.2.212\n authentication remote pre-share\n authentication local pre-share\n keyring local velo_key\n dpd 20 3 on-demand\n!\n!\n!\ncrypto ipsec transform-set velo_ts esp-aes 256 esp-sha256-hmac\n mode transport\n!\n!\ncrypto ipsec profile velo_ipsec_profile\n set transform-set velo_ts\n set ikev2-profile velo_profile_ikev2\n!\n!\n!\n!\n!\n!\ninterface Tunnel1\n ip address 169.254.80.1 255.255.255.252\n tunnel source Ethernet0\/0\n tunnel mode ipsec ipv4\n tunnel destination 24.5.2.39\n tunnel protection ipsec profile velo_ipsec_profile\n!\ninterface Ethernet0\/0\n ip address 98.1.2.212 255.255.255.0\n duplex auto\n!\ninterface Ethernet0\/1\n ip address 10.101.1.1 255.255.255.0\n duplex auto\n!\ninterface Ethernet0\/2\n no ip address\n shutdown\n duplex auto\n!\ninterface Ethernet0\/3\n no ip address\n shutdown\n duplex auto\n!\nrouter bgp 65100\n bgp log-neighbor-changes\n network 10.101.1.0 mask 255.255.255.0\n neighbor 169.254.80.2 remote-as 65123\n neighbor 169.254.80.2 send-community both\n neighbor 169.254.80.2 soft-reconfiguration inbound\n!\nip forward-protocol nd\n!\n!\nno ip http server\nno ip http secure-server\nip route 0.0.0.0 0.0.0.0 98.1.2.1\n!\nipv6 ioam timestamp\n!\n!\n!\ncontrol-plane\n!\n!\n!\n!\n!\n!\n!\n!\nline con 0\n logging synchronous\nline aux 0\nline vty 0 4\n login\n transport input none\n!\n!\nend<\/code><\/pre>\n\n\n\n
     R-IPSec2 Configuration: <\/p>\n\n\n\n
    R-IPSec2#sh run\nBuilding configuration...\n\nCurrent configuration : 2289 bytes\n!\n! Last configuration change at 09:58:52 HKT Wed Sep 1 2021\n! NVRAM config last updated at 09:58:53 HKT Wed Sep 1 2021\n!\nversion 15.7\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nno service password-encryption\n!\nhostname R-IPSec2\n!\nboot-start-marker\nboot-end-marker\n!\n!\n!\nno aaa new-model\n!\n!\n!\nclock timezone HKT 8 0\nmmi polling-interval 60\nno mmi auto-configure\nno mmi pvc\nmmi snmp-timeout 180\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n\n\n!\n!\n!\n!\nip cef\nno ipv6 cef\n!\nmultilink bundle-name authenticated\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nredundancy\n!\n!\n!\n!\ncrypto ikev2 proposal velo_prop\n encryption aes-cbc-256\n integrity sha256\n group 14\n!\ncrypto ikev2 policy velo_pol_ikev2\n proposal velo_prop\n!\ncrypto ikev2 keyring velo_key\n peer ALL\n  address 24.5.2.39\n  pre-shared-key local vmware1234\n  pre-shared-key remote vmware1234\n !\n!\n!\ncrypto ikev2 profile velo_profile_ikev2\n match identity remote address 24.5.2.39 255.255.255.255\n identity local address 184.1.2.212\n authentication remote pre-share\n authentication local pre-share\n keyring local velo_key\n dpd 20 3 on-demand\n!\n!\n!\ncrypto ipsec transform-set velo_ts esp-aes 256 esp-sha256-hmac\n mode transport\n!\n!\ncrypto ipsec profile velo_ipsec_profile\n set transform-set velo_ts\n set ikev2-profile velo_profile_ikev2\n!\n!\n!\n!\n!\n!\ninterface Tunnel1\n ip address 169.254.80.5 255.255.255.252\n tunnel source Ethernet0\/0\n tunnel mode ipsec ipv4\n tunnel destination 24.5.2.39\n tunnel protection ipsec profile velo_ipsec_profile\n!\ninterface Ethernet0\/0\n ip address 184.1.2.212 255.255.255.0\n duplex auto\n!\ninterface Ethernet0\/1\n ip address 10.102.2.1 255.255.255.0\n duplex auto\n!\ninterface Ethernet0\/2\n no ip address\n shutdown\n duplex auto\n!\ninterface Ethernet0\/3\n no ip address\n shutdown\n duplex auto\n!\nrouter bgp 65101\n bgp log-neighbor-changes\n network 10.102.2.0 mask 255.255.255.0\n neighbor 169.254.80.6 remote-as 65123\n neighbor 169.254.80.6 send-community both\n neighbor 169.254.80.6 soft-reconfiguration inbound\n!\nip forward-protocol nd\n!\n!\nno ip http server\nno ip http secure-server\nip route 0.0.0.0 0.0.0.0 184.1.2.1\n!\nipv6 ioam timestamp\n!\n!\n!\ncontrol-plane\n!\n!\n!\n!\n!\n!\n!\n!\nline con 0\n logging synchronous\nline aux 0\nline vty 0 4\n login\n transport input none\n!\nntp server 34.202.215.187\nntp server pool.ntp.org\n!\nend<\/code><\/pre>\n\n\n\n\n\n\n\n
    Verification of the IPSec and BGP status<\/h3>\n\n\n\n
    IPSec Status of ABCD-VCE1<\/h4>\n\n\n\n
    \"\"
    Figure 7 – IPSec Tunnel status of ABCD-VCE1<\/figcaption><\/figure>\n\n\n\n
    \"\"
    Figure 8 – IPsec Tunnel status of ABCD-VCE1 by debug.py<\/figcaption><\/figure>\n\n\n\n
    BGP status of ABCD-VCE1:<\/h4>\n\n\n\n
    \"\"
    Figure 9 – BGP status between ABCD-VCE1 with R-IPSec1 and R-IPSec2<\/figcaption><\/figure>\n\n\n\n
    \"\"
    Figure 10 – BGP status by debug.py<\/figcaption><\/figure><\/div>\n\n\n\n
    Routes (10.101.1.0\/24 and 10.102.2.0\/24) learnt from BGP peer:<\/p>\n\n\n\n
    \"\"
    Figure 11 – List BGP Routes from Remote Diagnostics<\/figcaption><\/figure>\n\n\n\n
    \"\"
    Figure 12 – List of BGP routes from debug.py command<\/figcaption><\/figure><\/div>\n\n\n\n\n\n\n\n
     IPSec Status of R-IPSec1 and R-IPSec2<\/h4>\n\n\n\n
    R-IPSec1#show crypto ikev2 sa\n IPv4 Crypto IKEv2  SA\n\nTunnel-id Local                 Remote                fvrf\/ivrf            Status\n5         98.1.2.212\/4500       24.5.2.39\/20001       none\/none            READY\n      Encr: AES-CBC, keysize: 256, PRF: SHA256, Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK\n      Life\/Active Time: 86400\/60082 sec\n\n IPv6 Crypto IKEv2  SA\n\nR-IPSec1#show crypto ipsec sa\n\ninterface: Tunnel1\n    Crypto map tag: Tunnel1-head-0, local addr 98.1.2.212\n\n   protected vrf: (none)\n   local  ident (addr\/mask\/prot\/port): (0.0.0.0\/0.0.0.0\/0\/0)\n   remote ident (addr\/mask\/prot\/port): (0.0.0.0\/0.0.0.0\/0\/0)\n   current_peer 24.5.2.39 port 20001\n     PERMIT, flags={origin_is_acl,}\n    #pkts encaps: 2644905, #pkts encrypt: 2644905, #pkts digest: 2644905\n    #pkts decaps: 2702789, #pkts decrypt: 2702789, #pkts verify: 2702789\n    #pkts compressed: 0, #pkts decompressed: 0\n    #pkts not compressed: 0, #pkts compr. failed: 0\n    #pkts not decompressed: 0, #pkts decompress failed: 0\n    #send errors 0, #recv errors 0\n\n     local crypto endpt.: 98.1.2.212, remote crypto endpt.: 24.5.2.39\n     plaintext mtu 1422, path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0\/0\n     current outbound spi: 0x9083DD51(2424560977)\n     PFS (Y\/N): N, DH group: none\n\n     inbound esp sas:\n      spi: 0x7910D585(2031146373)\n        transform: esp-256-aes esp-sha256-hmac ,\n        in use settings ={Tunnel UDP-Encaps, }\n        conn id: 148, flow_id: SW:148, sibling_flags 80000040, crypto map: Tunnel1-head-0\n        sa timing: remaining key lifetime (k\/sec): (4255655\/3183)\n        IV size: 16 bytes\n        replay detection support: Y\n        Status: ACTIVE(ACTIVE)\n\n     inbound ah sas:\n\n     inbound pcp sas:\n\n     outbound esp sas:\n      spi: 0x9083DD51(2424560977)\n        transform: esp-256-aes esp-sha256-hmac ,\n        in use settings ={Tunnel UDP-Encaps, }\n        conn id: 147, flow_id: SW:147, sibling_flags 80000040, crypto map: Tunnel1-head-0\n        sa timing: remaining key lifetime (k\/sec): (4255655\/3183)\n        IV size: 16 bytes\n        replay detection support: Y\n        Status: ACTIVE(ACTIVE)\n\n     outbound ah sas:\n\n     outbound pcp sas:\nR-IPSec1#<\/code><\/pre>\n\n\n\n
    R-IPSec2#show crypto ikev2 sa\n IPv4 Crypto IKEv2  SA\n\nTunnel-id Local                 Remote                fvrf\/ivrf            Status\n5         184.1.2.212\/4500      24.5.2.39\/20001       none\/none            READY\n      Encr: AES-CBC, keysize: 256, PRF: SHA256, Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK\n      Life\/Active Time: 86400\/60137 sec\n\n IPv6 Crypto IKEv2  SA\n\nR-IPSec2#show crypto ipsec sa\n\ninterface: Tunnel1\n    Crypto map tag: Tunnel1-head-0, local addr 184.1.2.212\n\n   protected vrf: (none)\n   local  ident (addr\/mask\/prot\/port): (0.0.0.0\/0.0.0.0\/0\/0)\n   remote ident (addr\/mask\/prot\/port): (0.0.0.0\/0.0.0.0\/0\/0)\n   current_peer 24.5.2.39 port 20001\n     PERMIT, flags={origin_is_acl,}\n    #pkts encaps: 2696208, #pkts encrypt: 2696208, #pkts digest: 2696208\n    #pkts decaps: 2635720, #pkts decrypt: 2635720, #pkts verify: 2635720\n    #pkts compressed: 0, #pkts decompressed: 0\n    #pkts not compressed: 0, #pkts compr. failed: 0\n    #pkts not decompressed: 0, #pkts decompress failed: 0\n    #send errors 0, #recv errors 0\n\n     local crypto endpt.: 184.1.2.212, remote crypto endpt.: 24.5.2.39\n     plaintext mtu 1422, path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0\/0\n     current outbound spi: 0xF2646860(4066666592)\n     PFS (Y\/N): N, DH group: none\n\n     inbound esp sas:\n      spi: 0xD6535A7A(3595786874)\n        transform: esp-256-aes esp-sha256-hmac ,\n        in use settings ={Tunnel UDP-Encaps, }\n        conn id: 148, flow_id: SW:148, sibling_flags 80000040, crypto map: Tunnel1-head-0\n        sa timing: remaining key lifetime (k\/sec): (4328086\/2072)\n        IV size: 16 bytes\n        replay detection support: Y\n        Status: ACTIVE(ACTIVE)\n\n     inbound ah sas:\n\n     inbound pcp sas:\n\n     outbound esp sas:\n      spi: 0xF2646860(4066666592)\n        transform: esp-256-aes esp-sha256-hmac ,\n        in use settings ={Tunnel UDP-Encaps, }\n        conn id: 147, flow_id: SW:147, sibling_flags 80000040, crypto map: Tunnel1-head-0\n        sa timing: remaining key lifetime (k\/sec): (4328086\/2072)\n        IV size: 16 bytes\n        replay detection support: Y\n        Status: ACTIVE(ACTIVE)\n\n     outbound ah sas:\n\n     outbound pcp sas:\nR-IPSec2#<\/code><\/pre>\n\n\n\n
    BGP status of R-IPSec1 and R-IPSec2<\/h4>\n\n\n\n
    R-IPSec1#show ip bgp summary\nBGP router identifier 169.254.80.1, local AS number 65100\nBGP table version is 70, main routing table version 70\n5 network entries using 720 bytes of memory\n5 path entries using 420 bytes of memory\n3\/3 BGP path\/bestpath attribute entries using 480 bytes of memory\n2 BGP AS-PATH entries using 48 bytes of memory\n0 BGP route-map cache entries using 0 bytes of memory\n0 BGP filter-list cache entries using 0 bytes of memory\nBGP using 1668 total bytes of memory\nBGP activity 16\/11 prefixes, 37\/32 paths, scan interval 60 secs\n\nNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up\/Down  State\/PfxRcd\n169.254.80.2    4        65123  144782  152103       70    0    0 2w2d            4\nR-IPSec1#show ip bgp\nBGP table version is 70, local router ID is 169.254.80.1\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,\n              x best-external, a additional-path, c RIB-compressed,\n              t secondary path,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *>   10.101.1.0\/24    0.0.0.0                  0         32768 i\n *>   10.102.2.0\/24    169.254.80.2                           0 65123 65101 i\n *>   24.17.0.53\/32    169.254.80.2             0             0 65123 ?\n *>   192.168.7.0      169.254.80.2             0             0 65123 ?\n *>   192.168.7.253\/32 169.254.80.2             0             0 65123 ?\nR-IPSec1#<\/code><\/pre>\n\n\n\n
    R-IPSec2#show ip bgp summary\nBGP router identifier 184.1.2.212, local AS number 65101\nBGP table version is 64, main routing table version 64\n5 network entries using 720 bytes of memory\n5 path entries using 420 bytes of memory\n3\/3 BGP path\/bestpath attribute entries using 480 bytes of memory\n2 BGP AS-PATH entries using 48 bytes of memory\n0 BGP route-map cache entries using 0 bytes of memory\n0 BGP filter-list cache entries using 0 bytes of memory\nBGP using 1668 total bytes of memory\nBGP activity 17\/12 prefixes, 34\/29 paths, scan interval 60 secs\n\nNeighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up\/Down  State\/PfxRcd\n169.254.80.6    4        65123  195984  205878       64    0    0 3w1d            4\nR-IPSec2#show ip bgp\nBGP table version is 64, local router ID is 184.1.2.212\nStatus codes: s suppressed, d damped, h history, * valid, > best, i - internal,\n              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,\n              x best-external, a additional-path, c RIB-compressed,\n              t secondary path,\nOrigin codes: i - IGP, e - EGP, ? - incomplete\nRPKI validation codes: V valid, I invalid, N Not found\n\n     Network          Next Hop            Metric LocPrf Weight Path\n *>   10.101.1.0\/24    169.254.80.6                           0 65123 65100 i\n *>   10.102.2.0\/24    0.0.0.0                  0         32768 i\n *>   24.17.0.53\/32    169.254.80.6             0             0 65123 ?\n *>   192.168.7.0      169.254.80.6             0             0 65123 ?\n *>   192.168.7.253\/32 169.254.80.6             0             0 65123 ?\nR-IPSec2#<\/code><\/pre>\n\n\n\n
    Conclusion<\/h3>\n\n\n\n
    This post documented how VMware SD-WAN Edge can form IPSec tunnel with Cisco IOS, and there is BGP running on top of the IPSec tunnel. This is the end of this post.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Background For VMware SD-WAN Edge, starting from version 4.3, the feature of BGP over IPSec is introduced. This post documents how to configure VMware SD-WAN Edge to form BGP over IPSec with Cisco IOS device. Although the major use cases of BGP over IPSec on VMware SD-WAN Edge is to allow connect to public cloud […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"zakra_sidebar_layout":"customizer","zakra_remove_content_margin":false,"zakra_sidebar":"customizer","zakra_transparent_header":"customizer","zakra_logo":0,"zakra_main_header_style":"default","zakra_menu_item_color":"","zakra_menu_item_hover_color":"","zakra_menu_item_active_color":"","zakra_menu_active_style":"","zakra_page_header":true,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-448","post","type-post","status-publish","format-standard","hentry","category-velocloud"],"_links":{"self":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts\/448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/comments?post=448"}],"version-history":[{"count":19,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts\/448\/revisions"}],"predecessor-version":[{"id":481,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/posts\/448\/revisions\/481"}],"wp:attachment":[{"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/media?parent=448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/categories?post=448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sdwan2.com\/index.php\/wp-json\/wp\/v2\/tags?post=448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}