Solved: Re: Stretched Fabric Site over L3 WAN

gbieli · ‎01-27-2020

Hi,

According to the SDA validated designs and best practices you would create an IP Transit between the fabric sites and deploy a C, B, E and WLC function at every site if you have a L3 WAN in between. But you then have to manually configure the WAN peering with VRF lite for every VN and have to use SXP to exchange SGT information.

Is it also supported to stretch a headquarter fabric site over a L3 WAN (e.g. MPLS VPN) with a manual intervention into the underlay routing so that you have end to end VXLAN encapsulation and SGT information and use the WLC at the HQ (head quarter)?

For Example like this: HQ Border (BGP Peering) -> HQ CE (BGP Peering) -> MPLS WAN - > Site CE (BGP Peering) -> Fabric Edge Switch (BGP Peering).

Regards,
G

Mike.Cifelli · ‎01-27-2020

According to the Cisco reps I have spoke with about the same concern they have explained that you have 3 options for extending your SDA fabric. Those options are:
IP transit - downfall here is like you mentioned, a lot of manual configuration to establish peering etc.
VXLAN extension - Not recommended unless you own the dedicated links.
SD-WAN - preferred method since one of the main advantages is that it does not matter what is used as a means of transport.
My recommendation would be to engage your reps to identify your unique requirements. If you go the SD-WAN route they will be able to provide you instructions on how to setup a test lab with the required components (vmanage, vbond, vsmart, vegdes). Something else to consider is that you will probably want to deploy an ISE PSN/s (depending on requirements) at the remote locations. HTH!

View solution in original post

Mike.Cifelli · ‎01-27-2020

According to the Cisco reps I have spoke with about the same concern they have explained that you have 3 options for extending your SDA fabric. Those options are:
IP transit - downfall here is like you mentioned, a lot of manual configuration to establish peering etc.
VXLAN extension - Not recommended unless you own the dedicated links.
SD-WAN - preferred method since one of the main advantages is that it does not matter what is used as a means of transport.
My recommendation would be to engage your reps to identify your unique requirements. If you go the SD-WAN route they will be able to provide you instructions on how to setup a test lab with the required components (vmanage, vbond, vsmart, vegdes). Something else to consider is that you will probably want to deploy an ISE PSN/s (depending on requirements) at the remote locations. HTH!

Scott Hodgdon · ‎02-03-2020

gtcat,

You an absolutely stretch a fabric between sites if you have the appropriate MTU, aren't running other services that may not work with VXLAN encap and have no firewall blocking the VXLAN UDP port. There are other design considerations (Internet breakout, site survivability, etc) where a stretched fabric may not make sense, so it would be best to review your design with Cisco.

I have a customer running a stretched fabric across Ireland. They have only Fabric Edge nodes in Cork and Gallway, while they have Fabric Border, Control and Edge nodes in Dublin. They use their provide WAN backbone as their fabric underlay and maintain the VXLAN header encap between all sites. They have been deployed in production like this for 18+ months.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group