Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5257
Views
6
Helpful
9
Replies

SDA fabric-L3 handoff HA

Go to solution
jendoubi Abdelbasset
Level 1
Level 1

‎06-22-2020 02:58 AM

hello,
I have a switch 9500 which will be the border node of SDA fabric also I have two switches 9300 (no stack ) which will be two fusion routers, how I can ensure redundancy for the L3 handoff in my design

 

Cdlt,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
willwetherman
Spotlight
Spotlight
In response to jendoubi Abdelbasset

‎06-25-2020 05:42 AM

Hi,

 

When you say '2 bgp session with the 2 edge switches' I'm assuming that you mean the 2 fusion switches as per your first post?

 

If so, L3 handoff automation will automate the basic BGP parameters to establish an eBGP peering between the border and each fusion switch for each selected VN. You will need configure the necessary VRFs, SVIs, BGP parameters etc on the fusion switches manually.

 

Path selection between the fabric border and the two fusion switches will be based on standard BGP best path selection process. As far as I know, If you need to manipulate the path selection then you will need to configure any required policies on the borders manually or by using DNAC center templates. Alternatively, you could configure BGP policy on the fusion switches to influence border<->fusion ingress/egress path selection without changing the configuration on the borders themselves.

View solution in original post

9 Replies 9

Go to solution
willwetherman
Spotlight
Spotlight

‎06-22-2020 08:29 AM - edited ‎06-23-2020 11:53 AM

Hi,

 

Will your 9500 fabric border be deployed in a pair using Stackwise Virtual (which is now supported as of DNAC version 1.3.3.x) or will it be a single device? 

 

The recommended method to provide L3 handoff redundancy will be to connect a link between the border node and each 9300 fusion switch (connecting from a separate physical 9500 switch if using SWV) and then configure eBGP peering between the border and each fusion switch for both the underlay and for each overlay VN that requires external connectivity. Using BGP for both the underlay and overlay keeps everything consistent (Border Handoff Automation uses BGP) plus BGP provides inherent loop prevention (using as-path) and is policy rich if you need to implement any traffic engineering. Depending on your requirements, you may also need to configure iBGP between the fusion switches to provide additional path resiliency.

 

The following Cisco Live slides (that are available from the on-demand library) provide really good examples of the supported border handoff resiliency designs (for both fusion switches and firewalls)

 

BRKCRS-3493 Real World Route/Switch to Cisco SD-Access – see slides 25 to 36

 

I hope that this helps

Go to solution
tukaram.darvesh@coats.com
Level 1
Level 1
In response to willwetherman

‎06-22-2020 07:01 PM - edited ‎06-22-2020 07:10 PM

Thank you willwetherman

0 Helpful

Go to solution
jendoubi Abdelbasset
Level 1
Level 1
In response to willwetherman

‎06-23-2020 01:56 AM

hello,

thank you for your replay ,

can you share the BRKCRS-3493 please ?

 

Best regards

 

0 Helpful

Go to solution
willwetherman
Spotlight
Spotlight
In response to jendoubi Abdelbasset

‎06-23-2020 06:44 AM

You can access the slides from the following link. The session presentation is also worth watching.

 

https://www.ciscolive.com/global/on-demand-library.html?search=3493#/session/1571888607137001yDeW

0 Helpful

Go to solution
jendoubi Abdelbasset
Level 1
Level 1
In response to willwetherman

‎06-25-2020 02:12 AM

hello,

thank you for your support ,

so if i will 2 bgp session with the 2 edge swicth which attribute will be used by the SDA fabric  to select the path ?

or i must configure manually under the SDA border in CLI

 

Regards

0 Helpful

Go to solution
willwetherman
Spotlight
Spotlight
In response to jendoubi Abdelbasset

‎06-25-2020 05:42 AM

Hi,

 

When you say '2 bgp session with the 2 edge switches' I'm assuming that you mean the 2 fusion switches as per your first post?

 

If so, L3 handoff automation will automate the basic BGP parameters to establish an eBGP peering between the border and each fusion switch for each selected VN. You will need configure the necessary VRFs, SVIs, BGP parameters etc on the fusion switches manually.

 

Path selection between the fabric border and the two fusion switches will be based on standard BGP best path selection process. As far as I know, If you need to manipulate the path selection then you will need to configure any required policies on the borders manually or by using DNAC center templates. Alternatively, you could configure BGP policy on the fusion switches to influence border<->fusion ingress/egress path selection without changing the configuration on the borders themselves.

Go to solution
jendoubi Abdelbasset
Level 1
Level 1
In response to willwetherman

‎07-03-2020 01:10 AM

hello,

thank you for the support

 

best ragards

0 Helpful

Go to solution
jendoubi Abdelbasset
Level 1
Level 1
In response to jendoubi Abdelbasset

‎09-04-2020 04:32 AM

hello,

 

the two 9500 swith will not be stack , so i must configure l3 hand off for each switch with DNAC ??

 

regards

0 Helpful

Go to solution
willwetherman
Spotlight
Spotlight
In response to jendoubi Abdelbasset

‎09-04-2020 05:08 AM - edited ‎09-04-2020 09:42 PM

Yes, if you have 2 x 9500 fabric border nodes then you will need to configure at least one L3 handoff on each node to provide external network connectivity which is standard design. When doing so, DNAC will allocate a unique VLAN/SVI per VN that you handoff per border

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card