Re: LAN Automation IP pool

techno.it · ‎11-10-2024

Hi,

Campus LAN with a pair of CP/BN (for the entire campus) and Single fabric site.

Building A & B with Dist switches (Intermediate nodes) and Fabric Edge (FE) nodes.

Building C with only fabric edge nodes

LAN Automation will be building by building - first intermediate then fabric edge nodes.

Questions:

We created a Global pool for LAN automation 10.1.1.0/24. Every time we run LAN automation, we will choose this pool. Can this single IP pool for LAN automation be re-used for discovery and LAN automation of the entire Campus or each building will require its own Underlay pool. How does DNAC track what IPs been used from the pool and what are remaining to be used later as we progress building by building
From the same pool, we configured border node loopback interfaces during their basic setup. How to ensure these IPs are not allocated on underlay devices with regards to temporary DHCP IP assignment or underlay routed link or underlay loopback during LAN automation. There might be IP conflict.

What is the advised approach in such a scenario?

Flavio Miranda · ‎11-10-2024

@techno.it

I believe this is explained here:

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/tech_notes/b_dnac_sda_lan_automation_deployment.html#id_89821

"IP Pool Planning

IP pools for LAN automation are created by first creating a global pool in Catalyst Center, followed by a site-specific LAN IP pool, which LAN automation allocates internally, as follows:

One part of the IP pool is reserved for a temporary DHCP server. The size of this pool depends on the size of the parent LAN pool. For example, if the parent pool is 192.168.10.0/24, a subpool of size /26 is allocated for the DHCP server. If the pool size is larger than /24, the algorithm keeps increasing the size of the DHCP pool, up to a maximum of a /23 subpool (512 IP addresses). Therefore, a /24 pool reserves 64; a /23 pool reserves 128; a /22 pool reserves 256; and anything larger reserves 512 IP addresses for the DHCP server. The minimum pool size to start LAN automation is /25; that reserves /27 or 32 IP addresses for the DHCP pool. This IP pool is reserved temporarily for the duration of the LAN automation discovery session. After the LAN automation discovery session completes, the DHCP pool is released, and the IPs are returned to the LAN pool. Because the DHCP pool is usually the largest contiguous segment of IPs required, the pool should have at least one such segment available. If the pool is too fragmented, it cannot allocate the DHCP pool and the LAN automation session ends with an IP pool allocation error.
Another part of the IP pool is reserved internally with a subpool size of /27. This subpool is for allocating single IPs for Loopback0 and Loopback60000 always. Also, two consecutive IPs for point-to-point L3 links are allocated from this subpool if no separate overlapping IP pool is provided. This internally reserved subpool is used throughout the LAN automation sessions for providing IPs as long as it has IPs available. In case the IPs are exhausted, a new /27 subpool is created and IPs are allocated from that subpool. These subpools are released only when all the allocated IPs are released as part of the devices being deleted from Catalyst Center. Otherwise, the subpools remain throughout the process and are not allowed to be removed. Due to this internal subpool allocation logic, the IP pool usage in IPAM counts the subpools instead of the actual IPs allocated to the devices.
If a shared or link overlapping IP pool is provided for the point-to-point L3 links, then the subpool of size /27 is reserved internally from the shared pool instead of the main IP pool. The subpools are automatically deleted when all the allocated IPs from the pool are released."

Torbjørn · ‎11-10-2024

Hello @techno.it,

Depending on the size of your fabric I would consider making a larger IP pool for this. As you see from the excerpt @Flavio Miranda posted, LAN automation consumes quite a few addresses and you won't be able to start LAN auto with the same pool once you have consumed too many addresses.

As for the border loopback addresses: LAN automation only keeps track of the addresses it itself has consumed, it hence won't be able to assert that these addresses are in use and will attempt to allocate them to other purposes. You should configure the border loopback addresses from a separate ip range, and maybe consider specifying the loopback addresses of your other nodes within the same range when you claim them in LAN automation.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

techno.it · ‎11-10-2024

Many thanks @Torbjørn @Flavio Miranda

Basically I'd need following different subnets

1 Subnet Border Nodes Loopback Interface - 10.1.2.0/24

1 Subnet for LAN Automation - 10.1.1.0/24

Later if I need to configure the link between borders or intermediate devices to run ISIS I can use Add Link feature and use same IP Pool used for LAN automation?

Flavio Miranda · ‎11-10-2024

I would not do that unless you are really running out of IP address space. As you have to create the pool for lan automation globably and then alocate it to site specifc, I would get a new Pool for new links.

And, if I understood properly the cisco doc, the pool for lan automation and the pool for loopback will be picked up from the same network and not different networks as you suggest.

Read this:

"One part of the IP pool is reserved for a temporary DHCP server. "

"Another part of the IP pool is reserved internally with a subpool size of /27"

techno.it · ‎11-10-2024

Sorry if misunderstood

I was saying I will be using dedicated IP ranges as follows:

• Border Node’s Loopback Interface: 10.1.2.0/24. Please advise if this ok or any other suggestion

• LAN Automation: 10.1.1.0/24

In the future, if I need to configure a P2P link between the border nodes (seed devices) to run underlay ISIS, I can utilize the Add Link feature and use the same IP pool that was designated for LAN automation.

Flavio Miranda · ‎11-10-2024

Got it. Yeah, seems to be correct to me.

Torbjørn · ‎11-10-2024

"I was saying I will be using dedicated IP ranges as follows: ...", That looks good to me. Just to make sure we're on the same page, you select the LAN automation pool when starting LAN auto, and then allocate single addresses within 10.1.2.0/24 to the loopbacks when you claim the devices(not strictly necessary, but it allows you to have all management addresses within the same range).

"In the future, if I need to configure a P2P link between the border nodes (seed devices) to run underlay ISIS, I can utilize the Add Link feature and use the same IP pool that was designated for LAN automation." That is correct.

Good luck @techno.it!

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Andrii Oliinyk · ‎11-10-2024

1. u use suspiciously disbalanced subnets for Loopbacks for BNs (Subnet Border Nodes Loopback Interface - 10.1.2.0/24 - why do u reserve /24 for maximum of 2xLoopbacks for BNs if we say about LAN-A only?) & for the remaining addressing (Subnet for LAN Automation - 10.1.1.0/24 - as Colleagues said it doesnt look suitable for big fabric) which in my understanding will exactly be used for interconnects & loopbacks (RLOCs) downward to Edge-layer from BNs.
2. i'm not aware of any mean to explicitly instruct DNAC to use dedicated pool within LAN-A workflow for Loopbacks.
Moreover when u do LAN-A it will allocate Loopbacks for RLOCs unavoidably

Torbjørn · ‎11-11-2024

The ability to assign specific loopback addresses is new in 2.3.7.X, forgot that it was so new for a moment. @techno.it, if you are still running 2.3.5.X you will have to accept the addresses LAN automation selects for you.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

techno.it · ‎11-11-2024

Thanks @Andrii Oliinyk @Andrii Oliinyk @Flavio Miranda for clarification

1- @Andrii Oliinyk I'd use same IP range 10.1.1.0/24 for my data center switches as well for Loopback interfaces only such as dc distribution and access switches and border nodes. Is that ok? Any better approach?

2- @Torbjørn Since this is greenfield deployment will deploy latest version 2.3.7. I will give 10.1.2.0/24 pool for LAN automation then automatically sub-divides it and uses it for three things

Pool for a temporary DHCP server for devices
Pool for underlay link addressing
Pool for assigning a loopback per device

I was saying that I will use 10.1.1.0/24 for Border Loopbacks only.

Hope this clear the confusion.

3- If I need to a add a link between border nodes, can I use the same LAN automation pool to let DNAC automatically pick the IPs and assign on the P2P interfaces? Please clarify

Torbjørn · ‎11-11-2024

2. OK, I misunderstood. Thank you for clarifying!

3. That is correct. It will automatically pick available addresses from the pool.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev