Re: Question about ISIS redistribution into eBGP on Border nodes

hugo.girard · ‎02-05-2021

Hello,

I have implemented SDA Fabric.

According to the different cisco design guide, on Border nodes BGP should be configured like this :

router bgp [underlay AS number]
bgp router-id [interface]
bgp log-neighbor-changes
! fusion router is an eBGP neighbor
neighbor [fusion interface IP address] remote-as [external AS number]
! redundant border is an iBGP neighbor
neighbor [redundant border Lo0 address] remote-as [underlay AS number]
neighbor [redundant border Lo0 address] update-source Loopback0
!
address-family ipv4
network [Lo0 IP address] mask 255.255.255.255
! advertise underlay IP network summary in global routing table
aggregate-address [underlay IP network summary] [netmask] summary-only
redistribute isis level-2
neighbor [fusion interface IP address] activate
neighbor [redundant border Lo0 address] activate
exit-address-family

Command "redistribute isis level-2" is pushed but don't understand why it's necessary.

Someone can clarify this point ?

Many thanks

Hugo

Giuseppe Larosa · ‎02-08-2021

Hello @hugo.girard ,

the SDA fabric is actually built on IS-IS.

So by redistributing IS-IS IP routes of level 2 you are actually advertising in eBGP and iBGP AF ipv4 unicast the subnets related to your campus fabric to the fusion router.

Otherwise you would need a list of network commands matching all the IP prefixes of interest.

Hope to help

Giuseppe

hugo.girard · ‎02-08-2021

Hi Giuseppe,

ISIS is used only for underlay.

My underlay subnet is still redistributed into BGP (aggregate-address [underlay IP network summary] [netmask] summary-only). Moreover all underlay subnets (interco and loopback) are IS-IS L1, so they won't be redistributed into bgp.

The only IS-IS L2 route is the default route learned from Fusion via eBGP and then redistributed into ISIS.

For me, IS-IS L2 can only come from Border via redistribution. Into the Fabric, I only have one ISIS L1 domain.

In my design with only one exit from the Fabric (by the 2 border nodes I have), I guess the command redistribute isis level-2 is useless.

Someone is able to confirm my understanding ?

Regards,

Hugo

jalejand · ‎02-12-2021

change it to:

redistribute isis level-1-2

Lan Automation by default, leaves L1L2 level for ISIS in its process, it should be L2 only but there is no yet fix for this propossed enhancement.

hugo.girard · ‎02-16-2021

I have open TAC case for this question.

That command is only a recommendation, and the purpose of it is to advertise the Underlay Loopbacks to the Fusion (so that DNAC have reachability to these addresses). But having the “aggregate-address" command will also achieve this goal

There is no harm to remove the "redistribute isis level-2" command, further more given that Loopbacks are ISIS L1 prefixes.

So, I will remove this command to simply the configuration and to avoid routes loops.

jalejand · ‎02-16-2021

It depends, if the loopback 0 is not part of the lan automation pool (sometimes, the seed is configured manually, including the loopback 0), then there will be no child route to create the aggregate. If that is not the case, redist isis l1+2 and the aggregate is the usual suggestion, we usually don't leave the isis redistribution to be advertised with all /31s and /32s outside of the fabric, the aggregate is always a good practice.