cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!

Register for the monthly Cisco DNA Center Ask the Expert Sessions to learn about Cisco DNA Center configuration and deployment.
2654
Views
0
Helpful
2
Replies
Highlighted
Beginner

SDA deployment in Branch locations using application based routing for WAN links

This is more an architectural discussion:

 

Assume a VN as part of a SDA fabric should be extented from the campus to a small branch location which is connected by a SP using MPLS and Internet links. The SP will provide application based routing on the WAN. The intention is to place all branch client in one VN with central border + control nodes.

 

topics:

1. Could the FE node be connected to the central B+CP nodes over the WAN ?

     Or is a local B+CP Node required by Cisco design?

2. As the WAN is managed by a SP what are the requirements to support application based routing for traffic from the VN (VXLAN encapsulated) ?

 

 

Regards Holger

2 REPLIES 2
Highlighted
Beginner

Hello

Cisco has a free book about SDA, external connectivity section. Link below.

https://www.cisco.com/c/dam/en/us/products/se/2018/1/Collateral/nb-06-software-defined-access-ebook-en.pdf
Highlighted
Beginner

The main requirement is the MTU size to support SDA operation. The core fabric recommends ~9000 bytes, but realistically the size is to enable VXLAN support, so potentially doable with 1600 bytes. Looking at the VXLAN specification it is less than that, but not sure on any other overheads. I'll be confirming this soon with some work I'm doing as 1600 is a limitation of some of the intermediate nodes.

 

You don't need to have a Border at the remote site unless you want to break out locally, but you can if you want. The other option is multiple fabrics, but then you lose the portability benefits.

 

The challenge you'd have though is your provider. If it's a dedicated managed service then you may be able to get it sorted out (for a price). If you're talking about the Internet, then not sure how far you'd get with that. You can try some ping tests from HQ to Branch with DF bit set and see how you go, but that is not going to guarantee anything when contention kicks in...