Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
13
Replies

Xconnect / EoMPLS within SDA

Go to solution
Pascal Lacroix
Level 1
Level 1

‎09-16-2025 07:20 AM

For a customer we are using xconnect / Ethernet over MPLS between two sites, were the SVI is located on one site. The customer wants to migrate towards an SD access solution and still needs the "xconnect feature" between those two sites. If the two site will have a seperate fabric site within SDA, is it still possible to have the L3 SVI in one fabric site and make a L2 extension towards the other fabric site (without using a L2 handoff)? 

regards,
Pascal

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to Pascal Lacroix

‎09-17-2025 03:32 AM

@Pascal Lacroix wrote:

So the L3 SVI needs to be outside the fabric? Can it also be on the for example the fusion layer?

It depends on the customer requirements. If SVI must be at just one site, then it must be outside the fabric and attached to multisite L2VN. Yes SVI could be on the fusion.

If you are happy for the SVI to be an anycast gateway (configured into all the fabric at all sites) then you can use MSRB with anchor L3VN. For anchor L3VN we have a YouTube video series to explain. If possible it's always better to use L3VN instead of L2VN because L2 carries more risk (the usual L2 limitations) and design complexity.

View solution in original post

0 Helpful
13 Replies 13

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎09-16-2025 07:55 AM

Hi Pascal, yes, we can have multisite L2VN in SDA. Create MSRB / Anchored L3VN, deploy to both sites, then create L2VN and associate it with anchored L3VN. Note that multisite L2VN requires e2e ASM signalling in underlay between site1 and site2 for L2 flooding, and the WAN transport between sites must be able to accommodate the VXLAN MTU (DF bit is set in VXLAN header). Also note that L2VN is not the same as xconnect, L2VN currently it NOT an L2 protocol tunnel, so some single-hop L2 won't be forwarded in the SDA L2VN between site1 and site2 e.g. CDP, LLDP, EAPoL, STP, etc. IP Traffic will be fine though. Finally I have to say this, sorry in advance: routing between sites is far superior to L2 between sites, if there's any way customer can use routing instead then it will make for a more scalable and reliable network. Thanks! Jerome

0 Helpful

Go to solution
Pascal Lacroix
Level 1
Level 1
In response to jedolphi

‎09-16-2025 08:02 AM

Hi Jerome,

thanks for your answer. So the L3 SVI will be in fabric site A and fabric site B will be connected with a L2VN. So if something happens in fabric site A, then fabric site B will also have an issue?



0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to Pascal Lacroix

‎09-16-2025 08:39 AM

Hi Pascal, yes the SVI IP address will be present outside of the fabric (e.g. a firewall connected to a fabric edge node) at SA (site A), and the SVI will be reachable at SB via a multisite L2VN. Yes if the L2VN fails at SA then then the SVI IP will become unrechable at SB.

0 Helpful

Go to solution
Pascal Lacroix
Level 1
Level 1
In response to jedolphi

‎09-16-2025 11:29 PM

So the L3 SVI needs to be outside the fabric? Can it also be on the for example the fusion layer?

0 Helpful

Go to solution
Andrii Oliinyk
VIP
VIP
In response to Pascal Lacroix

‎09-17-2025 01:59 AM - edited ‎09-17-2025 02:03 AM

it's only if u need it to be (like in case with L2VNIs). but in the end in most scenarios u'll have VLAN GW somewhere. it can be even on FN (this way your anchor/remote BN(s) will be also L2-BN(s).

0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to Pascal Lacroix

‎09-17-2025 03:32 AM

@Pascal Lacroix wrote:

So the L3 SVI needs to be outside the fabric? Can it also be on the for example the fusion layer?

It depends on the customer requirements. If SVI must be at just one site, then it must be outside the fabric and attached to multisite L2VN. Yes SVI could be on the fusion.

If you are happy for the SVI to be an anycast gateway (configured into all the fabric at all sites) then you can use MSRB with anchor L3VN. For anchor L3VN we have a YouTube video series to explain. If possible it's always better to use L3VN instead of L2VN because L2 carries more risk (the usual L2 limitations) and design complexity.

0 Helpful

Go to solution
Pascal Lacroix
Level 1
Level 1
In response to jedolphi

‎09-17-2025 03:43 AM

Indeed, L3VN is better then L2VN. Can you please send me the link of that YouTube video for anchor L3VN?

0 Helpful

Go to solution
Andrii Oliinyk
VIP
VIP
In response to Pascal Lacroix

‎09-16-2025 08:41 AM

for better understanding of use-case: do u have FHRP for BD served by xconnect with gateways on both sites? 

0 Helpful

Go to solution
Pascal Lacroix
Level 1
Level 1
In response to Andrii Oliinyk

‎09-16-2025 11:30 PM

Hi Andrii,

we don't use FHRP on the SVI. The SVI is only on one site.

regards,
Pascal

0 Helpful

Go to solution
Andrii Oliinyk
VIP
VIP
In response to Pascal Lacroix

‎09-17-2025 01:55 AM

but than if SVI on the "one site" dies entire VLAN gets affected. so if u need better protection develop failure scenarios & remediate :0) 

0 Helpful

Go to solution
Pascal Lacroix
Level 1
Level 1
In response to Andrii Oliinyk

‎09-17-2025 02:04 AM

that's correct That is what i need to discuss with the customer

0 Helpful

Go to solution
Andrii Oliinyk
VIP
VIP
In response to Pascal Lacroix

‎09-17-2025 02:15 AM - edited ‎09-17-2025 02:16 AM

u may create AcGW on any EN where this VN must be deployed. Ultimately endpoints flows will either start&end within this single VLAN or be served by anchor/remote BN(s) to be transferred via transit between BN(s) & FN(s)|FW(s)|whatever u need to have this flows to be delivered to/from destinations. u would need then to take care of redundant capabilities of that transit.
in summary it wont be L2VN but just anchored L3VN.

0 Helpful
Customers Also Viewed These Support Documents