Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
844
Views
0
Helpful
2
Replies

SDA several questions

ToghrulAghayev3544
Level 1
Level 1

‎11-25-2019 04:40 AM

Hi,

suppose there is customer with 3 separate building (each has several floors). Access switches at floors and they connected to distribution switches. There is one room in one building acting as central place, so central core switches (connect all distribution switches), internet firewall, internet border routers, WLC, ISE etc. Central switches are modular and several server type devices may connect to them.

Now, if we deploy SDA for this type of network several design questions comes.

 

Design Option1:

First of all, customer distribution switches have line cards for internal server devices (inside building). In this case, can intermediate devices (distribution modular switches) be edge as well? Or let's re-phrase question, can edge device be transit for other edge devices in underlay? If it will be OK, then border devices will be central core switches. Now, another question can I connect server equipments to these core using L2 trunk (like in traditional network)? If yes, then for inter-vn traffic I need fusion device, right? Because for now inter-vn traffic leaking is not supported on border. Can I use internet border router as fusion device at the same time (using VRF in router)? Suppose router will be ASR1001X, I see 2 part numbers, with DNA and without DNA (traditional licenses). AFAIK, fusion device is a router for route leaking and used in SDA, but not true part of SDA. Hence, I can skip router with DNA license (ASR1001X with DNA license  is more expensive).

 

Design Option2:

Divide network to 3 sites and use building distribution layer as control/border node. Central core switches will be control node for SD access transit (traffic between sites,if needed) and will act as fusion device. Since distribution switches have directly connected server equipments, traffic between this network and users will be over central core (fusion device), is it OK?

Can this fusion device be control node (not border) for inter-site connectivity (base don SDA transit option)?

 

Honestly, I have never deployed any SDA network. I have read ciscolive/docs and know general requirements/restriction. But whether my options valid -  can be deployed or not I'm not sure. So, need your advance information,knowledge,help.

 

Kind regards,

 

 

 

 

Labels:
0 Helpful
2 Replies 2

Scott Hodgdon
Cisco Employee
Cisco Employee

‎11-25-2019 05:28 AM

ToghrulAghayev3544,

In a topology such as this, we would usually design a single fabric site unless there was some reason to break it up into multiple sites. These reasons could be scale or the desire to have each site reliant on its own Border / Control Plane instead of a single Border / Control Plane for all buildings. From your description, I don't get the feeling that either scale or site survivability is an issue, so it would probably be a single site.

As to your questions, yes a Fabric Edge can be connected to a Fabric Edge. If you have servers that must connect into the fabric for clients to access in their virtual networks, then you can have a design such as : Fabric Border >>> Fabric Edge >>> Fabric Edge. You can create "Server" ports on the middle Fabric Edge to connect the servers.

You can also connect Servers via L2 at the border, but then here is where we need to decide what your border device will be. If the servers are dual-homed, then we do not yet support StackWise Virtual with Catalyst 9500 as a Border (although that is coming in a future release that is TBD at the moment). If your Border is a chassis, then you can dual-home the servers to different modules in the chassis. It is still our recommendation to attach servers on devices that connect to the Border instead of the Border itself. 

As for the ASA, I am not sure how the licensing works on that when it is outside the fabric.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

0 Helpful

ToghrulAghayev3544
Level 1
Level 1
In response to Scott Hodgdon

‎11-25-2019 10:35 AM

Thanks Sir!

 

Honestly, there is no special need for multi-site deployment. I just gave my opinion, if the first option would not work.

9500 is not choice, because this is not modular. 9600 does not have RJ45 line cards, so most probably 9400 (which I dont want) will be offered. (I'll check 9400 with 9500 as well).

Let's say 9400 are deployed as border+control plane (at core layer), servers are also connected to these 9400. We cant do Stackwise Virtual, so can I do HSRP based gateway option at these 9400 devices?

The same problem will be at distribution layer, since 9400 are distro swiches (intermediate) and building servers connected to these distro switches (acting as edge and intermediate), can we run HSRP?

 

regards,

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card