SD Access Transit / BGP?

Xividar · ‎03-25-2020

Hi all,

If I am running a Distributed Campus, with an SD Access Transit, is there any reason why I can't run BGP instead of IS-IS? The access network belongs to me, so I can tune BGP right down, and enable BFD. The reason for not running IS-IS, is that on my Border, I have x2 VRF, with x2 ISIS process, and I understand we can't inter VRF route leak betweek ISIS instances.

Cheers

ammahend · ‎03-26-2020

if you want route leak between VRF, it has to be done on fusion, since border and fusion will run BGP, border will install the leaked route in specific routing table using bgp.

you can follow this Cisco guide.

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/213525-sda-steps-to-configure-fusion-router.html#anc12

-hope this helps-

ChuckMcF · ‎03-26-2020

From here: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/sda-sdg-2019oct.html

Using the SD-Access transit, packets are encapsulated between sites using the fabric VXLAN encapsulation.

and

Key considerations

The transit between sites is best represented and most commonly deployed as direct or leased fiber over a Metro Ethernet system. While Metro-E has several different varieties (VPLS, VPWS, etc.), the edge routers and switches of each site ultimately exchange underlay routes through an Interior Gateway Routing (IGP) protocol. In SD-Access, this is commonly done using the IS-IS routing protocol, although other IGPs are supported.

IP reachability must exist between fabric sites. Specifically, there must be a known underlay route between the Loopback 0 interfaces on all fabric nodes. Existing BGP configurations and peering on the transit control plane nodes could have complex interactions with the Cisco DNA Center provisioned configuration and should be avoided. BGP private AS 65540 is reserved for use on the transit control plane nodes and automatically provisioned by Cisco DNA Center. The transit control plane nodes should have IP reachability to the fabric sites through an IGP before being discovered or provisioned.

Traversing the transit control plane nodes in the data forwarding path between sites is not recommended. Transit control plane nodes should always be deployed as a pair of devices to provide resiliency and high availability.

HTH,

Chuck McFadden

ChuckMcF · ‎03-26-2020

Further thoughts, SDA networks segment in two ways, micro and macro segmentation. There are three transport methods, Distributed Campus, SD-WAN and IP. The following happens to each over the different transport types.

Macro segmentation (VN/VRF):
Distributed Campus: Carries the VN natively
SD-WAN: Carries the VN natively
IP: De-encapsulates and therefore does not carry the VN natively. You can use VRF-lite or MP-BGP between sites to retain VNs.

Micro segmentation (SGT):
Distributed Campus: Carries the SGT natively
SD-WAN: Carries the SGT natively
IP: If you control the link you can use inline tagging between sites. Alternately you could use SXP to carry the IP to SGT between sites.

Given the above you may wish to use IP as your transist method if you only want to configure BGP between sites.

Two links that may prove helpful:

Software-Defined Access Solution Design Guide:
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/sda-sdg-2019oct.pdf

SD-Access Segmentation Design Guide:
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Segmentation-Design-Guide-2018MAY.pdf

Hope this is helpful!
Chuck McFadden