07-27-2019 11:26 AM
07-30-2019 01:48 PM
Recommendation is to keep it clean by using fusion device to leak routes.
Can you share the topology you are referring with DC TOR switch and Edge devices.
07-30-2019 01:48 PM
Recommendation is to keep it clean by using fusion device to leak routes.
Can you share the topology you are referring with DC TOR switch and Edge devices.
07-31-2019 01:10 AM
Thanks Tahuja ,
Please find it attached . We have more than 60 FEs
I need to know if there is a way to implement in this situation. Or is it mandatory to add additional devises ( adding two switches to DC as a distribution layer and at the same time use it as a fusion router to leak routes ).
BR
Hassan
08-12-2019 09:50 AM
I haven't had a chance to try this out yet however you can configure ports on Edge Node devices as type "Server". MY ASSUMPTION on this is that they can be trunk ports to allow your servers to talk to different gateways. Again I haven't tested this yet but it MAY be possible. Of course all of the server networks would need to be part of the current SDA Fabric.
You still need the FRs and EBNs/CPNs to get outside of the fabric (Internet, other non-fabric nodes etc.). We used 9500-16X-A switches to do this because they are a less expensive option. You could just buy another 9500-16X-A as a core switch and connect your server ToR switches to it and connect that to the SDA FRs if the server ports in the ENs don't work as I hope they do.
Good luck. If you are able to test the Server port configuration in the EN Onboarding please update this thread so we know if it was successful.
Chuck
08-23-2019 02:56 AM
While this is definitely not a design I would recommend, since it merges the DC network module and the Client Access network module into a single layer and fault domain in the overall arthitecture, it is absolutely possible if you look at it purely from a technical standpoint.
On the SDA Border routers you can do the necessary route-leaking inside BGP manually, and you can run MPLS on them and preserve path isolation between VNs (VRFs) outside of the SDA Fabric that way (then you don't need VRF-lite, and a peering for each and every VN/VRF you have). However, I suppose you have a firewall somewhere in your design, which would be a better place to do routing between VNs than just leaking routes on the Borders nodes, since you can then at the same time apply policy between them (and between external destinations, such as the Internet). Remember the SDA Fabric is NOT a firewall, even if SGT-based segmentation can give you the same type of control/isolation as old fashioned ACLs (but agnostic to IP addresses).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide