cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
882
Views
10
Helpful
1
Replies
pdub206
Beginner

IWAN Transit sites

I'm reviewing the architecture of a two Datacenter IWAN deployment and realized we have a master transit router in the mix.  I had previously thought that we only needed a backup hub master controller in our second datacenter, so when the primary failed we could still provide policy decisions to our branch sites.


The terminology of a transit site is extremely confusing.  Several documents indicate transit sites are required in this topology , but don't actually say -what they do-.  In my likely wrong understanding, a transit site would be where a branch would "transit" to another site, but that is not the case as we have DMVPN Phase 3 working.  All branch sites should be able to query for a remote site and form a tunnel directly to it.

 

I guess I'm trying to figure out whether this additional router is necessary.  It would seem to me that the border routers at this second datacenter need to connect back to a master at the same site, but since the redundant master controller is not "in use" until the primary fails, they need to get their policy decisions from somewhere local rather than somewhere far away.

 

So what is the purpose of a transit site? 

Can a redundant hub master controller also be a master transit router?


For example this document seems to indicate that there is MC2 in your second datacenter which is also called out as a transit, but in my case I have a standalone transit router and a standalone mc router.

https://asbtechblog.wordpress.com/2017/04/18/adventures-in-iwan-part-2-intelligent-path-control/

Throwing packets since 2012
1 ACCEPTED SOLUTION

Accepted Solutions
vamikhai
Cisco Employee

Hello.

Transit site feature was developed to address design requirements of having backup/secondary data center.

"Transit site" basically a site, that MAY be a transit point for traffic flowing from one site to another. So, a DMVPN Hub router must belong either to primary Hub or to a transit site.

 

 

The major result of having MC (Transit site) on secondary DC is:

  • 1st - transit site will be created;
  • traffic leaving the transit site will be taking only local BRs into account (as exit interfaces);
  • you may expect traffic from branch -> Hub to be using site-affinity.

The major drawback of NOT having transit site is that Hub MC would see ALL BRs (in both DCs) as potential exit points, so may move traffic between them, unexpectedly loading inter-DC link.

 

***

Q: Can a redundant hub master controller also be a master transit router?

A: MC on transit site can't be a backup of primary Hub MC.

View solution in original post

1 REPLY 1
vamikhai
Cisco Employee

Hello.

Transit site feature was developed to address design requirements of having backup/secondary data center.

"Transit site" basically a site, that MAY be a transit point for traffic flowing from one site to another. So, a DMVPN Hub router must belong either to primary Hub or to a transit site.

 

 

The major result of having MC (Transit site) on secondary DC is:

  • 1st - transit site will be created;
  • traffic leaving the transit site will be taking only local BRs into account (as exit interfaces);
  • you may expect traffic from branch -> Hub to be using site-affinity.

The major drawback of NOT having transit site is that Hub MC would see ALL BRs (in both DCs) as potential exit points, so may move traffic between them, unexpectedly loading inter-DC link.

 

***

Q: Can a redundant hub master controller also be a master transit router?

A: MC on transit site can't be a backup of primary Hub MC.

View solution in original post