Solved: SD-Access Intermediate Node

techno.it · ‎11-08-2024

We are doing a SDA deployment with the following design

2x Cat 9600 border nodes BN/CP
2x 9500 Fusion Switches
2x Cat 9500 intermediate nodes configured in VSS ( Building A)
2x Cat 9500 intermediate nodes configured in VSS ( Building B)

50+ Fabric edge nodes

BN/CP nodes are two separate nodes and connected to upstream Fusion switches. No VSS or SVL between border nodes

I have a some questions regarding this topology:

1- Can we perform LAN automation for the Fabric Edge Nodes when they are connected to the intermediate nodes and not directly to the border routers?

2- Since the intermediate nodes are configured in VSS, how should we set up the links between: a) Intermediate nodes and BN/CP b) Intermediate nodes and the fabric edge nodes? L2 Port channels or L3 routed links over L2 port channels

3- Apart from Edge nodes, does border and intermediate nodes links can configured by LAN automation.

Border <---> Intermediate

Intermediate <---> Fabric Edge

Any advise would be greatly appreciated

Torbjørn · ‎11-10-2024

"Can we make just Border nodes only as seed devices. Can DNAC do LAN automation for intermediate devices?"
Yes, you automate intermediate node configuration by using the borders as seed devices. You can also bring up the edge nodes through LAN automation at the same time as the intermediate nodes if you wish to do so. Alternatively or you can run LAN automation a second time from your intermediate nodes to bring up the edges. The LAN Automation deployment guide describes how you can go about this in more detail.

"Does it required separate configuration steps to setup underlay network between border and intermediate nodes."
No additional configuration is required for the underlay network between your border and intermediate nodes if you use LAN automation.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

View solution in original post

Torbjørn · ‎11-08-2024

Hi @techno.it,

Question 1: Yes, you can use intermediate nodes as seed devices.

Question 2 and 3: According to the SDA design guide you should ideally avoid using SVL and rather implement L3 routed links instead of using portchannels. This would allow you to use LAN Automation to provision your whole underlay network once your borders are up.

See the following sections of the design guide:

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

techno.it · ‎11-08-2024

Many thanks for you response @Torbjørn

I have a couple of questions regarding our current network setup:

1. Is it possible to add multiple seed devices Specifically, I have intermediate nodes installed in each building.

2. I forgot to mention we have another Building C, which does not have any intermediate nodes. Instead, it has fabric edge nodes that will directly connect to the border. Along with Intermediate device, same time Can I configure the border as a seed device and push configurations to those directly connected fabric edge nodes?

3- could you please clarify what should be basic configuration done border nodes and the intermediate nodes to build underlay so DNAC can reach the edge devices?

Thanks

Torbjørn · ‎11-08-2024

1. You specify a primary and optionally a secondary seed device each time you run LAN automation. If your topology calls for it you should run LAN automation in multiple rounds(one run per building maybe?) to onboard all of your devices.

2. Yes, that should work the same as running LAN automation elsewhere in your topology.

3. If this is a single fabric setup you would typically apply a bare-essentials configuration on your borders manually to be able to add it to your Cat-C inventory, then provision any other settings through templates. For your underlay network you can either configure routing manually, or you can temporarily set up routing on a separate interface such that you can use border handoff automation to set up BGP against your fusion device later.

I can recommend reading the SDA book from Cisco Press if you wish to learn more about SDA border configuration. I unfortunately don't know of any shorter-form litterature/good documentation for this.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

techno.it · ‎11-09-2024

@Torbjørn

Can we make just Border nodes only as seed devices. Can DNAC do LAN automation for intermediate devices? Does it required separate configuration steps to setup underlay network between border and intermediate nodes.

Torbjørn · ‎11-10-2024

"Can we make just Border nodes only as seed devices. Can DNAC do LAN automation for intermediate devices?"
Yes, you automate intermediate node configuration by using the borders as seed devices. You can also bring up the edge nodes through LAN automation at the same time as the intermediate nodes if you wish to do so. Alternatively or you can run LAN automation a second time from your intermediate nodes to bring up the edges. The LAN Automation deployment guide describes how you can go about this in more detail.

"Does it required separate configuration steps to setup underlay network between border and intermediate nodes."
No additional configuration is required for the underlay network between your border and intermediate nodes if you use LAN automation.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

techno.it · ‎11-10-2024

Thank you @Torbjørn for the detailed response and sharing the Cisco article. It was very informative and answered all my questions. I appreciate it.

Closing the thread.