Download Cisco Live 2019 Break Down Session SD-Access1 and more Slides Computer Networks in PDF only on Docsity!
Michel Peters,
Technical Leader Engineering
BRKARC- 2020
SD Access:
Troubleshooting the fabric
Fabric
The basic fabric Edge Edge CP (^) Border Underlay
Connection to outside
Endpoint connectivity
Control Plane
5
SD Access Fabric Key Technologies
- Locator/ID Separation Protocol, Control plane protocol inside the fabric
- Cisco TrustSec, Allows traffic policies to be deployed and enforced inside the fabric
- Authentication, Assigns endpoints using Dot1x/MAB with their respective authentication parameters and VN
- VXLAN, Dataplane protocol. Encapsulates traffic inside the Fabric
LISP Basic operation
- LISP is a routing architecture.
- LISP creates a level of indirection by using two spaces: “locators” (RLOC) and “endpoints” (EID)
- Advertise “locators” in core routing. Removes “hosts” from routing tables. Host prefixes moved to an alternative system database
- Routers in Underlay only need routing information to RLOC space, simplifies Underlay network
- To get path information to end hosts, routers query locator-end host map servers. Mapping analogous to DNS.
- Routers hold map-cache of locator-hosts.
Mappings
Cisco DNA Center Switch Side LISP
Virtual network (VN) VRF Instance ID
Underlay Network Global Routing Table Global Routing Table
IP Pool Vlan/SVI with IP Subnet EID space
Default Gateway of Pool Anycast IP address -
Scalable Groups Secure Group Tag Policy Label in vxlan
Policy Contract SGACL -
10
LISP basic operation, registering with CP Edge Edge CP (^) Border
- Edge detect IP Address of Endpoint in Dynamic EID space
- Edge registers Endpoint IP with CP
- CP maintains database with EID to RLOC information /32 for Endpoints , subnets from Borders RLOC EID Edge_1 192.168.100. Edge_2 192.168.100. Underlay 11
LISP basic operation, packet forwarding Edge Edge CP (^) Border
- Edge_1 encapsulates packet in vxlan and sends it to RLOC of edge_
- Edge_2 de-encapsulates packet and forwards to endpoint 2 RLOC EID Edge_1 192.168.100. Edge_2 192.168.100. Underlay 13
ORIGINAL ETHERNET IP PAYLOAD PACKET PACKET IN IP UDP LISP IP PAYLOAD LISP ETHERNET ETHERNET IP UDP VXLAN ETHERNET IP PAYLOAD PACKET IN VXLAN Supports L & L3 Overlay Supports L Overlay
- Packets inside an SDA Fabric are encapsulated in VXLAN
- Full packet encapsulated , Mac and IP Layers
- VXLAN uses UDP Destination port Data Plane
Layer 3 Forwarding
Layer 3 in the Fabric Edge Edge CP (^) Border
- Traffic inside Fabric encapsulated in VXLAN
- Traffic in Virtual Networks(VN) send from RLOC to RLOC using Layer 3 LISP instance
- EID space configured as Dynamic EID
- Borders are egress points out of fabric
- Edges setup with VRF per VN and SVI ‘s
- Edges and Fabric register EID with Control Plane. RLOC EID Edge_1 192.168.100. Edge_2 192.168.100. Border1 172.16.100/ Underlay 17
Registration of Endpoints with CP node
- Endpoints can be reached when learned by Edge and registered with CP
- Dynamic Endpoints learned via ARP (Layer 3) and Device Tracking (layer 2/3)
- IP address of endpoint gets signaled to LISP process who registers the IP address with the Control Plane node using map-register
Locally Registered Endpoints
192.168.100.99/32 shown as
reachable, Locator is Lo0 of switch
- Solicited Map Request Table shows local EID for active entries.
- Aged out entries show as Away 20