Re: Use of SD Access Affinity-ID

bclounie · ‎04-05-2023

In reviewing Border Node selection for SD Access Transit (LISP Pub/Sub), the Affinity-ID feature determines the BN selection using the lowest value of Affinity-ID. Evaluating these values in the following manner determines the border node selected.
1. The BN with the lowest Prime value
2. If a tie with Prime, the BN with the lowest Decider value
3. If a time with both Prime, and Decider, then the BN with the lowest Priority value.

Would there be any issues with leaving the Prime and Decider values at 0 and just use the Priority value ?

jedolphi · ‎04-05-2023

Hi bclounie, I'm thrilled you're exploring these options, you're in the vanguard!

What are you trying to accomplish and what is the SD-Access Transit topology? Is it many sites connected by SD-Access Transit and many sites also connected to IP Transit? Or many sites connected to SD-Access Transit with a subset of sites connected to IP Transit?

The Affinity-ID is used to choose the "closest" default-ETR (default route) reachable over SD-Access Transit, so if you have 100 fabric sites all connected to SDA Transit, then each site Border Node could arrive at a different conclusion e.g. SITE1 uses SITE2 for internet, SITE3 uses SITE4 for internet, etc. LISP Priority is more straightforward, lowest priority value = most preferable, thus all Border Nodes connected to SDA Transit will arrive at the same preferred path conclusion. You could indeed use LISP Priority if you want all Fabric Sites to prefer the same Border Node(s) for egress from the SDA Transit. If you intend to use LISP Priority then don't bother enabling Affinity-ID, just leave it disabled.

Please also note that each Pub/Sub Border Node will prefer a locally-learned IP Transit default route over an SD-Access Transit default-ETR. In other words, a Border Node will use local internet, and if local internet goes down it will search for remote internet within the SDA Transit. If there is multiple remote Internet services in the SDA Transit then Priority and/or Affinitiy-ID will be used to determine the preferable exit points.

Does that make sense? It's quite a topic domain to fit into two paragraphs. Cheers, Jerome

bclounie · ‎04-07-2023

In reading your response, here is what I understand. If I want all sites to use Internet A as primary egress, I set its LISP priority as the lowest. Internet B would be set higher. This give me Internet A is primary for all sites, Internet B is secondary for all sites. Correct ?

If I want to specify different internet egress locations on a per site basis, then I would use Affinity-ID. Is this correct ?

thanks !

Roman Rodichev · ‎10-19-2023

Hello Sir, could you please help me understand a proper use of affinity-id? We have a fabric in each location, and then a Guest_VN Anchor Fabric in two data centers, one BN/CP in one DC connected to Inet, and another BN/CP in the second DC connected to Inet. I want some sites to prefer one DC and others the other. It sounds like I need to configure Affinity-ID on Guest BNs, do you have an example of what it would look like, and specifically how would I choose which BN is primary for which sites?

jedolphi · ‎11-06-2023

Hi Roman, sorry for the slow replies, many things on at the moment and I'm struggling to keep up. Affinity-ID is used for default route selection over SDA Transit. In your case you mentioned "MSRB", which means you have a single L3VN anchored to one Fabric Site (MSRBs) and instantiated on multiple tethered Fabric Sites. In other words, MSRB is NOT using SDA Transit, MSRB is in essence creating a single logical Fabric Site over multiple physical Fabric Sites for each anchored L3VN. This means Affinity-ID has no bearing on the selection of an MSRB in an Anchored L3VN. The use case you describe, having Edge Nodes prefer a "closer" MSRB over a less-close MSRB, is not possible today. Please do "Make a Wish" in the DNA Center UI to explain your use case and the business value of the requested functionality and we'll take consider it for future roadmap development. Please also speak to your Cisco SE or CX representative to brainstorm other design permutations. Regards, Jerome

fatalXerror · ‎01-31-2024

Hi @jedolphi , this is what I am looking for, you are a savior. Does Cisco have like documentations or video discussion on how the Affinity works?

jedolphi · ‎01-31-2024

hi @fatalXerror , depending on your level of access you **may** be able to download the following file: https://salesconnect.cisco.com/sc/s/simple-media?vtui__mediaId=a1m8c00000nisudAAA

If you cannot access that URL then your could ask your sales representative to try and retrieve the file for you, or, if you wait until after next week my Cisco Live presentation which covers Affinity ID (and other SDA Transit things) should be available on ciscolive.com, the presentation code will be BRKENS-2816 . Cheers!

fatalXerror · ‎02-01-2024

Hi @jedolphi , cool! Let my try the link.

andy!doesnt!like!uucp · ‎02-01-2024

jedolphi · ‎02-01-2024

Sorry, direct access was a long shot. Sales rep might be feeling charitable and retrieve it for an urgent need. Failing that BRKENS-2816 should be on ciscolive.com in about 2 weeks. Cheers!

fatalXerror · ‎02-02-2024

Hi @jedolphi , just want to clarify about this Affinity-ID, is this configured in the fabric BN, CP, or TC? thanks

fatalXerror · ‎02-02-2024

Hi @jedolphi , is this feature available already for use?

jedolphi · ‎02-05-2024

Yes, it was added in 17.8 and 2.3.5. Please refer to CM for recommended versions: http://cs.co/sda-compatibility-matrix

jedolphi · ‎02-05-2024

At this stage it’s applied specifically to Pub/Sub External Border Nodes for default route registration / traffic engineering. More info to be found in BRKENS-2816.

jedolphi · ‎04-26-2023

Hi bclounie, sorry I missed your reply. You are correct on the assumption sites do not have a local internet service. Local internet service at a given site is always preferred over a remote internet service.