Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3266
Views
15
Helpful
6
Replies

Border Node Functionality

thecompnerd
Level 1
Level 1

‎10-08-2018 06:39 PM

Is it possible for client traffic originating in the fabric and destined to a non-fabric IP, to egress out the border node, without having to go through a fusion router?  As far as I can tell, the only way for fabric clients to communicate with non-fabric IPs, is to route the traffic through an upstream fusion router.  If so, isn't this effectively another layer in the traditional 3-layer hierarchy that must be created?  Finally, if all of this is correct, why can't the border node be responsible for leaking the the routes between VNs, and directing traffic where it needs to go without a fusion router?

2 people had this problem
Labels:
0 Helpful
6 Replies 6

AndiBuchmann157
Level 1
Level 1

‎10-09-2018 04:05 AM

as far as i know you HAVE TO use the fusion router/device. you have to use it anyway regardless of your intention to connect your shared services like dns, dhcp, etc to your fabric.

please feel free to correct me if i am wrong.
0 Helpful

thecompnerd
Level 1
Level 1
In response to AndiBuchmann157

‎10-09-2018 05:21 AM - edited ‎10-11-2018 09:42 AM

Thanks for the reply.

 

I confirmed today that the fusion router is a requirement for routing client traffic to non-fabric IPs.  The border router cannot perform this function.

0 Helpful

Jayesh Singh
Cisco Employee
Cisco Employee

‎10-12-2018 12:28 PM

Is it possible for client traffic originating in the fabric and destined to a non-fabric IP, to egress out the border node, without having to go through a fusion router?  

Yes. In case there is no need of route leaking. eg. your LAN and external connect (router/FW) are in the same VN.

 

As far as I can tell, the only way for fabric clients to communicate with non-fabric IPs, is to route the traffic through an upstream fusion router.  If so, isn't this effectively another layer in the traditional 3-layer hierarchy that must be created?  Finally, if all of this is correct, why can't the border node be responsible for leaking the the routes between VNs, and directing traffic where it needs to go without a fusion router?

Fusion router is needed where there is need of inter vrf communication. Eg. Shared services, user VN might require access to shared services hosted in seperate vrf and fusion router facilitates that inter vrf communication.

 

It is not mandatory to have fusion router for fabric to non fabric connectivity. But for inter vrf communication you need some external device to do that inter vrf routing as border doesn't support inter vrf route leaking. One type of the external device is fusion router.

 

Hope this helps!

 

Thanks,

Jayesh

thecompnerd
Level 1
Level 1
In response to Jayesh Singh

‎10-15-2018 06:08 AM

Thanks for the reply, Jayesh.

 

Let's assume your non-fabric part of the network doesn't have VRFs so everything is in the GRT.  In this case a fusion router is required.  However, if you have a VRF in your non-fabric network that is also in SDA, the fusion router is not needed for the two to have IP connectivity?

0 Helpful

Jayesh Singh
Cisco Employee
Cisco Employee
In response to thecompnerd

‎10-15-2018 10:01 AM

Hello,

External network connects to border node just like we connect them to our traditional core switch. 

 

Fusion router is required in below scenario:

In SDA if I have shared services and connectivity to those resources are through say VN named Shared. There is dedicated customer VN named CustA and the users belonging to that VN needs to access shared services, since the VRFs are different there is need of route leaking. In Non-SDA setup this could be achieved via 2 methods:

1. Configure Route leaking between Shared VN and CustA VN on the core switch.

2. Have an external device(eg. Firewall - which might have just GRT) and use it for inter VN communication.

However, in case of SDA,  option 1 is not supported. So, for such kind of requirement we are left out with option 2 and job of fusion router is to enable that inter VN communication. Please note that external device can be any L3 device, not necessary or mandatory to be a fusion router. This will work just like traditional network with same concept.

 

Coming to other part where you have mentioned external device might have vrf corresponding to the VN in SDA, 

Eg. Dedicated Customer VN CustA bring his WAN link and wants it to connect to the border so that users belonging to the VN CustA could access customer network. Having vrf at both the sides i.e. in SDA and in external network, what essentially it will provide is end to end segmentation.

 

Any external network connects to border just like we connect in traditional network. Since inter vrf route leaking is not suppported on border, concept of fusion has been brought. Solution choice depends on what exactly we want to achieve.

Just check out below link, it should be helpful:

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/dna-center/213525-sda-steps-to-configure-fusion-router.html

 

Regards,

Jayesh

 

Make sure you rate this post and mark it as a solution if that solves your query. This will help other users in case they have similar query.

Simon Hill
Level 1
Level 1
In response to Jayesh Singh

‎01-11-2019 10:35 AM - edited ‎01-11-2019 10:37 AM

deleted

0 Helpful
Customers Also Viewed These Support Documents