cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2299
Views
0
Helpful
16
Replies

Central DNA deployment

Hamada Ahmed
Level 1
Level 1

I am looking for Centralized DNAC deployment for Assurance purposes and Sd-Access. We have 3 sites and each site has 2000+ endpoints and 50 network devices. Sites are connected over IPsec with 50-70ms latency. So, what are the best deployment strategies for such cases considering Assurance & Sd-access together?

1 Accepted Solution

Accepted Solutions

Hamada,

1. You will create on fabric domain, and in tat fabric domain you will have multiple sites (1 site for each location). This is done with a centralized DNA Center.

2. There are several options for transit here, which is why it is best to review the Cisco Live sessions I referenced. They go into great detail on these options.

3. This depends on the kind of transit you use.

4. If you want to create one fabric site to cover all your physical locations across a geography (what we call a stretch fabric), then you would need to ensure that the VXLAN header can be maintained from the fabric edge nodes in the branches to the borders in the main site. I have a customer in Ireland running this way for almost 3 years now.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

 

 

View solution in original post

16 Replies 16

balaji.bandi
Hall of Fame
Hall of Fame

This one of issue and good questions. There is no clear instructions mentioned or deployment use case i have seen any where, where the Latency go up as you mentioned how does DNAC react. Requirement always says minimum RTT and 3 Node Cluster is minimum, and 2 should be in one site as i hear all the time  and 1 can be other place with in the limited Latency, they need to alwyas on Layer 2 since they user Quorum 3 node.

 

If i were you - i think setup like  i can think can i  deploy each site have each node make 3 mode cluster, but there are lot of hidden notes how thisw going to work.

 

Hope you can mix with SD-WAN with SD-accesss.  Not sure or seen any document you can extend over IPSEC .

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

 

I don't understand the benefit of spreading the DNAC appliances across multiple sites when at least two should be associated with a site.

Assuming the site with two appliances would fail, according to the quorum principle it would mean that the Single DNA Center cannot become an Active Node either.

I don't understand the benefit of spreading the DNAC appliances across multiple sites when at least two should be associated with a site.

Not sure how i can answer, this questions to Cisco BU. ( as per Cisco 1 or 3) there is no 2 node cluster. i guess here.

 

I am more intrested, if you put all eggs in basket, how does the Faulure works ? if the site isolated.

 

May be this is just orchestration tool, But how about the assurance other things works if you deploy all in one site ?

 

There is some Limitations i can see here the deployment  need to be with Limited contrains here like RTT to be maintaining between the nodes or part of cluster.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

 

this is documented at Cisco DNA Center High Availability Guide, Release 2.1.2 - Cisco

 

Frist of all it is a requirement that all DNA Center Appliances must be on the same site and network.:

Multinode cluster deployments require all of the member nodes to be in the same network and at the same site. The Cisco DNA Center appliance does not support the distribution of nodes across multiple networks or sites.

 

If only the site is disconnected and there is no error on DNA Center itself it will just result in loss of management of the network devices in other sites. This includes for example SWIM, assurance and configuration changes. The general network operability in the other sites will still remain. 

 

Cisco DNA Center Administrator Guide, Release 2.1.2 - Implement Disaster Recovery [Cisco DNA Center] - Cisco

 

Here, however, you should carefully weigh up whether this is worth the cost and effort.

Maybe that is the deployment method DNA.  Personally, I do not like all kits in one place make it a disaster (if you like to deploy more clusters in each site) is this worth in terms of cost for orchestration tool required many clusters for small deployment (no I guess here).

Personally, DNAC is not for small deployment for a few hundred switches (not feasible or ROI model personally).

 

If only the site is disconnected and there is no error on DNA Center itself it will just result in loss of management of the network devices in other sites. This includes for example SWIM, assurance and configuration changes. The general network operability in the other sites will still remain. 

yes, I heard and read those links as part of my evaluation and understanding of how SD-Access Cisco moving. ( what was not told many here gotchas (pros and cons - that need to be done by business case to case ).

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I agree. You have to evaluate the requirements and then decide whether you need a cluster at all. I think you can also connect different sites if the RTT is low (e.g. via DWDM routes) and you can span L2.

1- So between 3 sites , need to have L2 connection ? or is it ok if I have L3 connection?

2- Also If DNA will be in one site, DNA will create one Fabric for all 3 sites?, or will create one Fabric for each site? 

3- If will create one fabric for each site, How to configure the interconnection between 3 Fabrics?

 

 

1- So between 3 sites , need to have L2 connection ? or is it ok if I have L3 connection?

 

BB -Cluster requirement L2 Only as per i know

 

2- Also If DNA will be in one site, DNA will create one Fabric for all 3 sites?, or will create one Fabric for each site?

 

BB - that was cisco suggested all clusters to be in one place of you do not meet the RTT requirement., if the remote site not a large site its not suggested a Cluster of 3 nodes not cheap.

 

3- If will create one fabric for each site, How to configure the interconnection between 3 Fabrics?

 

BB - How is your exiting arrangement between sites Layer2 or Layer 3  - with 1 DNAC cluster you can manage remote site Fabirc.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

1. For my 3 branches, I have only one cluster in one branch, this cluster prefer to create fabric for each branch or create one fabric and add branch in this fabric?

 

2. If create one fabric for each branch, how policy will be transit between fabric?

If user go to another branch and want to access his resources?

 

3. If create one fabric for each branch, connection between branch should be L2 or L3?

 

3. If create one fabric for all branches, what required connections between branches? Some documents wrtoe private line? What it's meant if private line? 

Hamada,

1. Deploying a DNA Center cluster between multiple sites is not supported.

2. Yes, you can have a centralized DNA Center and build an SD-Access fabric domain that consists of multiple sites. 

3. You have two options for transit between sites: IP Transit and SD-Access transit. Which one you choose is dependent on a few factors.

I would highly recommend that you watch the following Cisco Live sessions that can be found in the on-demand library of ciscolive.com:

  • BRKCRS-2810
  • BRKCRS-2811
  • BRKCRS-2815
  • BRKCRS-2502

These resources are free.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

Scott Hodgdon
Cisco Employee
Cisco Employee

Hamada,

According to the numbers you have provided, you are well within the scale of the standard DNA Center appliance, so there should bee no need for the L or XL models.

Whether you use a single appliance or a cluster of three is dependent on your requirements for HA with the appliance. Keep in mind that DNA Center is out-of-band as far as traffic flow, so if it goes offline the network will not be impacted. I had this situation with a customer that had SD-Access deployed and a single DNA Center. Their DNA Center failed and they had to get a replacement. During that time, the network was not impacted at all. We have a process for replacing a single failed DNA Center with another.

If you decide to use a cluster of three, then you must deploy the cluster in one data center. We do not support splitting the cluster members between data centers regardless of how low the latency between data centers happens to be. 

If you want to have a more automated Disaster Recovery (DR) scenario with a single active DNA Center and another single DR DNA Center, then we will have that in a future software release this year. 

As far as placement of DNA Center (single or cluster), we require no more than 200ms RTT between the DNA Center and the Fabric Edge nodes of an SD-Access deployment, so the DNA Center should be in the location where this can be achieved to all your locations.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

If you decide to use a cluster of three, then you must deploy the cluster in one data center. We do not support splitting the cluster members between data centers regardless of how low the latency between data centers happens to be. 

Scott that good explanation, can you explain and clarify, what if the Datacenters across 5-10miles have DWDM Links  or Dark Fibre, split the 3 nodes  is adviceble ? XL deployment with DNAC 2.1.2X code ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Please I am not taking about cluster deployment.

It's only one DNA "centerlize DNA".

I asking about multi site deployment.

 

 

1. For my 3 branches, I have only one cluster in one branch, this cluster prefer to create fabric for each branch or create one fabric and add branch in this fabric?

 

2. If create one fabric for each branch, how policy will be transit between fabric?

If user go to another branch and want to access his resources?

 

3. If create one fabric for each branch, connection between branch should be L2 or L3?

 

3. If create one fabric for all branches, what required connections between branches? Some documents wrtoe private line? What it's meant if private line? 

Hamada,

1. You will create on fabric domain, and in tat fabric domain you will have multiple sites (1 site for each location). This is done with a centralized DNA Center.

2. There are several options for transit here, which is why it is best to review the Cisco Live sessions I referenced. They go into great detail on these options.

3. This depends on the kind of transit you use.

4. If you want to create one fabric site to cover all your physical locations across a geography (what we call a stretch fabric), then you would need to ensure that the VXLAN header can be maintained from the fabric edge nodes in the branches to the borders in the main site. I have a customer in Ireland running this way for almost 3 years now.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: