Solved: Re: SDA Fusion connected to an L2 Border as L2Handoff device

ezequiel7 · ‎11-08-2023

Hi all,

What are the disadvantages to use the same Fusion device to be connected as a L2Handoff in the tradional network, in addition to having a single point of failure.

Currently the fusion device is the GW for all the traditional vlans/segments so we can take advantage of it to use it as a L2handoff device

Torbjørn · ‎11-09-2023

Yes, it can be done. Since you are using separate links it should also be quite simple to provision from DNA Center.

The general recommendation is however to use separate nodes for the layer 2 and layer 3 border SDA role. As @andy!doesnt!like!uucp said you should also use a stacked switch for the layer 2 border for redundancy.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

View solution in original post

Torbjørn · ‎11-08-2023

For a L2 border to work it must also be a LISP router that can register endpoints to the LISP control plane. The traditional fusion router can hence not be a SDA L2 border. You can (probably) technically make it work by configuring LISP manually, but I would advise against doing so and to stick with a regular L2 border configuration.

The SDA Design guide states the following on L2 border node selection:

"The Border node with the Layer 2 handoff should be a dedicated role. While it is technically feasible for this device to operate in multiple roles (such as a border node with Layer 3 handoff and control plane node), it is strongly recommended that a dedicated device be used. Because this device is operating at Layer 2, it is subject to the spanning-tree (STP) design impacts and constraints of the brownfield, traditional network, and a potential storm or loop in the traditional network could impact the Layer 2 handoff border node. Dedicating this border node to the function of connecting to the traditional network separates the impact away from the remainder of the fabric network which can continue to operate normally independent of the traditional network."

The SDA Design guide is an excellent resource for SDA topics like this and I highly recommend reading it: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#L2_Border_Handoff

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

ezequiel7 · ‎11-08-2023

thanks @Torbjørn , but I mean, I already have the L2 Border configured, but I need one traditional network to have the L2 handoff link, but what happen if I use the Fusion as the switch connected to the L2 Border.

andy!doesnt!like!uucp · ‎11-09-2023

basically, fusion is not restricted from whatever u need on it. to implement this particular diagram u need pair of fusion nodes to be virtual chassis (stack-wise or stackwise virtual). in the background: hopefully your borders r also somewhat stack-wise for redundancy.

ezequiel7 · ‎11-09-2023

thank you, @andy!doesnt!like!uucp yes they are!

andy!doesnt!like!uucp · ‎11-08-2023

in addition to said by @Torbjørn i'd say that if you have single fusion u already have spof independently of LISP/non-Lisp env .

Unless it's virtual chassis of any kind. But still need to be evaluated & topology sharing would be useful :0)

Torbjørn · ‎11-08-2023

Aah okay. Sorry, I misunderstood your inital post @ezequiel7.

So your fabric site has a border node that will handle both L3 and L2 borders, and you wish to use the same device as a fusion router and the node connected to your layer 2 handoff. Please correct me if i have misunderstood this.

If your fabric site has a separate layer 2 and layer 3 border node this configuration should be OK.

I am not sure if the DNAC will allow you to provision the same interface as the L2 handoff and L3 border If you intend to do this with one border node. It can probably be done by manually configuring the L3 border, or you can simply use separate interfaces for the layer 2 and layer 3 border.

The same still applies in that you should keep separate layer 3 and layer 2 border nodes for the reasons mentioned above. I would not rely on having this on a single border node for a production network, but it should suffice as a transitory configuration during a migration if you don't have any alternative.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

ezequiel7 · ‎11-09-2023

Hi @Torbjørn, the fabric site has a border node that is handling both L3 and L2 borders, also has another SWV as a fusion, my question is, Can I use current fusion, with new links of course, to be the device that connect with L2 Border ?

Thanks for asking

Torbjørn · ‎11-09-2023

Yes, it can be done. Since you are using separate links it should also be quite simple to provision from DNA Center.

The general recommendation is however to use separate nodes for the layer 2 and layer 3 border SDA role. As @andy!doesnt!like!uucp said you should also use a stacked switch for the layer 2 border for redundancy.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev