Home Explore Help
Register Sign In
jeremy
/
HON95-wiki
mirror of https://github.com/HON95/wiki
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add SDA notes

Håvard Ose Nordstrand 1 year ago
parent
f9ead29574
commit
9404d64ff9
1 changed files with 26 additions and 3 deletions
Split View Show Diff Stats
  1. 26 3
      networking/cisco-sda.md

+ 26 - 3
networking/cisco-sda.md
View File 

@@ -25,8 +25,9 @@ breadcrumbs:
 
 - Underlay:
 
     - Mainly Catalyst 9000 series switches running standard IOS-XE, managed by DNAC.
 
     - Catalyst WLCs and APs are integrated for wireless access, with direct traffic handoff from APs to switches for unified wired and wireless access.
 
-    - Uses IS-IS routing and PaGP port channels.
 
+    - Fully routed, using IS-IS routing and PaGP port channels.
 
     - Only fully supports IPv4, IPv6 support is still lacking.
 
+    - StackWise or StackWise Virtual (SVL) may be used in some appropriate cases, mainly to facilitate multichassis EtherChannel.
 
 - Overlay:
 
     - Planes:
 
         - Control plane: Uses LISP for locating client MAC and IPv4/IPv6 addresses, with control nodes as LISP map servers.
 
@@ -34,6 +35,24 @@ breadcrumbs:
 
         - Policy plane: Uses Cisco TrustSec (CTS) for policy decisions, like SGTs and SGACLs (using Cisco ISE).
 
     - Supports IPv4-only, dual-stack and (partially?) IPv6-only.
 
     - Anycast gateways are used at all edge nodes for all VNs.
 
+- Sites:
 
+    - The fabric domain is divided into one or more fabric sites.
 
+    - Each site has internal and/or external border nodes to allow traffic to other sites (internal) or to external domains.
 
+    - Each site must have one or more control plane nodes, which hosts the LISP map server (control plane). The control plane nodes are typically colocated on the same device as internal borders.
 
+    - Edge nodes are the switches that clients connect to.
 
+    - Extended nodes (EN) and policy extended nodes (PEN) are switches that connect to edges to extend their reach and port capacity.
 
+    - Access points connect to edges or extended nodes, with CAPWAP tunnels to the site's WLC(s) and optionally traffic tunneled directly to the connected edge.
 
+    - Wireless controllers (WLCs) are connected "outside" the fabric, e.g. in a central DC or connected to TCNs.
 
+    - Intermediate nodes may be used in the underlay between borders and edges to allow for more physical flexibility.
 
+    - "Fabric in a box" is special site design where all functions (border, control plane, edge, maybe WLC) is colocated on one device containing the whole site.
 
+- Transits (between sites):
 
+    - SDA transit:
 
+        - Requires the transit intrastructure to be part of the fabric domain.
 
+        - Uses inline tagging, where SGTs are preserved in the packets when transiting between sites.
 
+    - IP transit:
 
+        - Allows using external, non-SDA infrastructure between sites, e.g. for WAN circuits between sites.
 
+        - Requires use of the SGT Exchange Protocol (SXP) to reapply SGTs to packets after transiting.
 
+    - For LISP location data across sites, a transit control node (TCN) is required. The TCN is queried by control plane nodes when a resource is not found within the site.
 
 - Multicast:
 
     - For IPv4, it supports head-end replication and native multicast.
 
     - For IPv6, it only supports head-end replication. (TODO: Does enabling native multicast for a site kill IPv6 multicast or will it continue to use head-end replication?)
 
@@ -44,7 +63,6 @@ breadcrumbs:
 
     - For details around rendezvous points (RPs) and stuff, see the design guide.
 
 - Layer 2 flooding:
 
     - Traffic that is normally flooded in traditionally networks, like ARP, is often handled differently and more efficiently in overlay technologies like SDA.
 
-    - For ARP, the edge looks up the RLOC/address for the edge the target resides at and then the ARP is unicasted to that edge.
 
     - Certain applications and protocols requires layer 2 flooding to work. To address this, *layer 2 flooding* may be enabled for a VN/site (if really needed).
 
     - Examples of applications/protocols/devices requiring layer 2 flooding:
 
         - Dumb clients requiring broadcast ARP to wake up.
 
@@ -53,7 +71,12 @@ breadcrumbs:
 
         - ???
 
     - This will reduce scalability of the VN/site, so it should only be used for /24 subnets and smaller.
 
     - The L2 flooding is mapped to a dedicated multicast group in the underlay, using PIM-ASM. All edge nodes active for the VN must listen to this group.
 
-- mDNS/Bonjour:
 
+- ARP:
 
+    - When a client sends an ARP request, the edge looks up the RLOC/address for the edge the target resides at and then the ARP is unicasted to that edge.
 
+- DHCP relays:
 
+    - Edge nodes use anycast gateways for all VLANs active on the switch. DHCP relays with option 82 are used to serve DHCP, using an external DHCP server.
 
+    - **TODO**
 
+- mDNS and Bonjour:
 
     - **TODO**
 
     - https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-access-wired-wireless-dg.html
 
     - https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-1-0/user_guide/cisco_dna_service_for_bonjour/b_cisco-dna-service-for-bonjour_user_guide_2-1-2/m_deploying-wide-area-bonjour-for-cisco-sd-access-network.html