Solved: SDA L2 VN - SDA Transport between sites

loger9901 · ‎01-25-2025

We have a Layer 2 Virtual Network (with gateway outside of the fabric) that we would like to stretch between SDA sites. Users would be in Site A and Site B, but the gateway would only be located in Site B. We would have SDA Transit between Site A and B. Is that an option? We only have Layer 3 links between sites. Thanks in advance!

jedolphi · ‎03-05-2025

A multisite L2VN can also be accomplished natively in SDA, but it is a relatively complex construct, if possible try not to stretch L2 between sites. If there's no other way then in SDA create anchor L3VN in site1, deploy anchor L3VN to site2, create L2VN in site1 and attach to anchor L3VN, add L2VN to site2. It will require e2e underlay multicast routing between site1 and site2 for L2VN flooding, and the underlay between sites will need to be able to accomodate VXLAN MTU.

View solution in original post

Torbjørn · ‎02-26-2025

If this topology is an absolute requirement it is possible to achieve this using L2 border handoff towards a device performing L2 tunneling across the underlay between the sites. But I would advise against going this direction and look for an alternative/more conventional solution instead.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Andrii Oliinyk · ‎02-26-2025

complementing @Torbjørn advice i'd say that L2 borders on both sites could be "equipped" with EVPN BGP peering between them. Then configuring redistribution between LISP&EVPN & VXLAN transport for EVPN between L2-BNs would make them "L2-tunneling" devices. Or with slight modification: you could make L2-handoffs on each site to the switches running EVPN BGP/VXLAN between themself.
Or other way around, let's assume in addition to local CPs on either site we managed to configure remote site CPs as MSMRs for the local site ENs. ensuring RLOCs /32 routes between 2 sites are preserved in RIBs of ENs of each sites & other VXLAN requirements for inter-site links, it also would make a deal. L2-flooding of course also must be enabled for target L2VN.
UPD. neither of mentioned options is supported by SDA officially (may be except of L2-handoff to EVPN BGP/VXLAN capable device bc SDA actually dont care what is the legacy L2 device is behind of the L2-handoff :0)

jedolphi · ‎03-05-2025

A multisite L2VN can also be accomplished natively in SDA, but it is a relatively complex construct, if possible try not to stretch L2 between sites. If there's no other way then in SDA create anchor L3VN in site1, deploy anchor L3VN to site2, create L2VN in site1 and attach to anchor L3VN, add L2VN to site2. It will require e2e underlay multicast routing between site1 and site2 for L2VN flooding, and the underlay between sites will need to be able to accomodate VXLAN MTU.

loger9901 · ‎03-17-2025

@jedolphi Thank you for the information! I did lab this up and confirmed that it works as expected. We are still in design phase with SDA so will do our best to avoid stretching L2 between sites, but does work as you described in our lab. I appreciate the information! Thank you!!

jedolphi · ‎03-18-2025

Thanks for the feedback. Most welcome

Andrii Oliinyk · ‎03-18-2025

as an extra, in the background, Anchor VN is in main aspects what i've been talking earlier (remote/local MSMR):
LISP VXLAN Fabric Configuration Guide, Cisco IOS XE Cupertino 17.9.x (Catalyst 9000 Series Switches) - Configuring a Multi-Site Remote Border [Cisco Catalyst 9300 Series Switches] - Cisco