07-18-2019 08:00 PM
Hello everyone,
I have a question about DNAC that needs to be consulted. There are multiple Catalyst 9500 switches in the network. They are configured through DNAC to allow multiple switches to have the same distributed gateway address (for example, the IP addresses of loopback 1000-1050 of multiple switches are the same), and these IP addresses will be Being networked into the BGP process, is it allowed in SD-Access? What does this cause? Is there a document to explain?
Thank you
Solved! Go to Solution.
07-19-2019 12:26 AM
SYGY,
Do you mean SVIs on the Fabric Edge Nodes have the same IP Address, or are you saying that loopbacks on the 9500s have the same IP Address ? What role are these 9500s playing in the SD-Access fabric ?
SVIs with the same IP Address are expected as this is what is known as an Anycast Gateway and allows for wired and wireless roaming in SD-Access fabrics. The Cisco Live session BRKCRS-2810 (can be found in the On-Demand Library at ciscolive.com) has a few slides on this. If you are seeing Loopbacks on the 9500s acting as Border Nodes in the SD-Access Fabric, then this is also expected as part of the DHCP process within the SD-Access fabric. The Cisco Live session BRKCRS-3810 (can be found in the On-Demand Library at ciscolive.com) has a few slides on this.
Cheers,
Scott Hodgdon
Senior Technical Marketing Engineer
Enterprise Networking Group
07-19-2019 02:26 AM
That's a good question - I haven't seen any documentation specifically on it with Software-Defined Access, but this is really just a function of how Anycast was designed to work.
The first paragraph of the Anycast wiki describes the intent:
"Anycast is a network addressing and routing methodology in which a single destination address has multiple routing paths to two or more endpoint destinations. Routers will select the desired path on the basis of number of hops, distance, lowest cost, latency measurements or based on the least congested route."
A packet will take the shortest routing path towards a given Anycast address.
To bring the example back to Fabric for a moment. If a host is connected to Fabric Edge 1 and you try to ping the host from Fabric Edge 2 using the Anycast address as a source, the reply from the host will be received by Fabric Edge 1 since it is the closest interface with that address, so Fabric Edge 2 will never see it.
07-19-2019 12:26 AM
SYGY,
Do you mean SVIs on the Fabric Edge Nodes have the same IP Address, or are you saying that loopbacks on the 9500s have the same IP Address ? What role are these 9500s playing in the SD-Access fabric ?
SVIs with the same IP Address are expected as this is what is known as an Anycast Gateway and allows for wired and wireless roaming in SD-Access fabrics. The Cisco Live session BRKCRS-2810 (can be found in the On-Demand Library at ciscolive.com) has a few slides on this. If you are seeing Loopbacks on the 9500s acting as Border Nodes in the SD-Access Fabric, then this is also expected as part of the DHCP process within the SD-Access fabric. The Cisco Live session BRKCRS-3810 (can be found in the On-Demand Library at ciscolive.com) has a few slides on this.
Cheers,
Scott Hodgdon
Senior Technical Marketing Engineer
Enterprise Networking Group
07-19-2019 12:41 AM
07-19-2019 01:33 AM
This is expected behavior - As Scott mentioned, we use Anycast to allow the same default gateway to be configured on every Fabric Edge as an SVI. The Loopbacks are then configured on the Borders to allow proper advertisement of the Fabric VN Pools outside of the fabric (via network statements under BGP.) They are not intended to be used as sources or destinations beyond a default gateway from your hosts.
When you ping using one of those Loopback addresses as a source, the reply will return to the Fabric via routing based on your routing metrics, and may end up returning to an alternate Border as you are seeing in your testing.
Hope that helps!
Roddie
07-19-2019 01:39 AM
07-19-2019 02:26 AM
That's a good question - I haven't seen any documentation specifically on it with Software-Defined Access, but this is really just a function of how Anycast was designed to work.
The first paragraph of the Anycast wiki describes the intent:
"Anycast is a network addressing and routing methodology in which a single destination address has multiple routing paths to two or more endpoint destinations. Routers will select the desired path on the basis of number of hops, distance, lowest cost, latency measurements or based on the least congested route."
A packet will take the shortest routing path towards a given Anycast address.
To bring the example back to Fabric for a moment. If a host is connected to Fabric Edge 1 and you try to ping the host from Fabric Edge 2 using the Anycast address as a source, the reply from the host will be received by Fabric Edge 1 since it is the closest interface with that address, so Fabric Edge 2 will never see it.
07-19-2019 02:31 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide