Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1062
Views
10
Helpful
5
Replies

Catalyst 9000 EVPN and SGT

Go to solution
Johannes Luther
Level 4
Level 4

‎10-10-2021 11:26 PM

Hi board,

Is there a way to transport SGT information in a EVPN network?

In SDA, the VXLAN header is slightly modified in the reserved bits to transport the SGT.

Is there a way to do this in EVPN as well? Haven't found any documentation on this.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee
In response to Johannes Luther

‎10-11-2021 06:04 AM

@Johannes Luther and @Georg Pauwen ,

We do not support EVPN + SGT with Cat9K and as far as I know there are no plans for this.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

View solution in original post

5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎10-11-2021 12:36 AM

Hello,

 

interesting question and subject. I (think I) really looked all over the place, but could not find a single reference to SGT over EVPN, so it looks like a bridge too far for now. In the Cisco world, even SGT over VXLAN seems to be limited to the newer Nexus 7/9K and Catalyst 9K switches.

 

The closest reference I could find is in the Juniper document linked below, where they talk about EVPN-VXLANs, so maybe that is where the future development will be...

 

https://manuals.plus/m/aec8eed5cb4683320544d4ad586d7e57f1cc1525a3a936ba68f4ac6a863bfbe3.pdf

0 Helpful

Go to solution
Johannes Luther
Level 4
Level 4
In response to Georg Pauwen

‎10-11-2021 12:43 AM

Hi Georg,

thanks for the reply. My main focus is Cat9k. I don't consider older platforms like Cat3k, 6k etc. So from my point of view, even if it's supported, it's only supported on C9k Campus platforms.

 

I found out another potential source for information:

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/software-platform-capability-matrix.pdf

 

For the C9k platform the SGT inline tagging support is: "SGT over VXLAN"

However, it's not clear whether this refers to SDA only or if it's supported with EVPN as well.

0 Helpful

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee
In response to Johannes Luther

‎10-11-2021 06:04 AM

@Johannes Luther and @Georg Pauwen ,

We do not support EVPN + SGT with Cat9K and as far as I know there are no plans for this.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

Go to solution
Johannes Luther
Level 4
Level 4
In response to Scott Hodgdon

‎10-11-2021 06:27 AM

Hi Scott,

thank you for the answer.

So if someone seeks for SGT-based microsegmentation within a VRF (VN), SDA would be the correct solution.

If someone wants a fabric in the Campus, but does not need SGT-based microsegmentation, SDA or EVPN would be a viable solution.

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee
In response to Johannes Luther

‎10-11-2021 06:39 AM

@Johannes Luther ,

Correct.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking and Cloud Group

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card