Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
5
Helpful
3
Replies

DNA Fabric - Dual Border using SDA Transit

Xividar
Level 1
Level 1

‎09-08-2021 07:29 AM

Hi Guys,

Where we have a Fabric Domain using an SDA Transit, and we have a Fabric Site with with Dual Borders, how do we ensure that let's say Border A is preferred over Border B? By default, everything appears to be ECMP.

Thank you.

Labels:
0 Helpful
3 Replies 3

jalejand
Cisco Employee
Cisco Employee

‎09-08-2021 10:26 AM - edited ‎09-08-2021 10:27 AM

If your borders are internal borders (or anywhere [int+ext]), you can control traffic by limiting which BGP routes are learned by which Border.


For example, if you want traffic to 192.168.10.0/24 which is outside of the fabric to go out a specific Border, advertise that BGP route only to the desired border and leave the other borders relying on a default route instead (the prefix will be still reachable, but not imported into LISP). Imported prefixes (longest match) will win over pETR (external) Border.

Unknown destinations (traffic relying on default routes) will always be ECMP-ed as long as the pETR RLOC is reachable via /32 route.

 

Unfortunately, on SDA we don't modify priorities and weights for LISP TE.

0 Helpful

Xividar
Level 1
Level 1
In response to jalejand

‎09-08-2021 10:59 AM

@jalejand thanks for the reply.

 

The Borders in this case are our entry point in to DC1 and DC2 (geographically seperated) - and with that, I need all routes on both Borders - in case of failover - once we redistribute back in to BGP I am able to control TE using BGP attributes. 


0 Helpful

jalejand
Cisco Employee
Cisco Employee
In response to Xividar

‎09-08-2021 11:15 AM

Hi Xividar

If you get a longest prefix for a destination subnet imported into LISP from B1 lets say, only B1 will import it into LISP while B2 will only reach that subnet via Default route, which also works for failover. For example

 

B1 has two routes:
    0.0.0.0/0 ,  next hop 10.10.10.1
    192.168.10.0/24, next hop 10.10.10.1

B2 has one route
  0.0.0.0/0, next hop 10.10.20.1 --- it can still reach 192.168.10.0/24, using this route.

 

If these are internal borders, B1 will be the only border importing 192.168.10.0/24 (your destination) into LISP, all the Edge nodes will prefer that RLOC when resolving 192.168.10.0/24 because it will be a complete reply (instead of a negative map reply to B2)

 

In case B1 fails:

   B1 goes down entirely = B1 RLOC becomes unreachable on LISP, complete map-reply goes route-reject, will send traffic to B2 via negative map-reply
  B1 loses its uplink = BGP goes down, no longer imports prefix into LISP, traffic goes out via NMR to both B1 and B2 as pETR, traffic going to B1 will require an iBGP link to send traffic to B2 as exit point

 

 

Customers Also Viewed These Support Documents