EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFLayer 2 Technique in SD-Access
SD-Access Layer 2 Flooding Operation
Below figure will be used to explain the Layer 2 flooding order of operation.
Layer2 flooding is enabled per VLAN basis. When it is done, IP subnet or VLAN is mapped with particular Multicast address, in underlay. And this Multicast address is in ASM group, so all PIM joins are sent to RP in the underlay. Here The VLAN 102 instance-id is automatically placed in the underlay group 239.0.0.10. All the fabric nodes with the VLAN 102 IP subnet configured will be made part of the multicast group.
Below L2 Flooding Configuration pushed by DNA Center
instance-id 7819 remote-rloc-probe on-route-change service ethernet eid-table vlan 102 broadcast-underlay 239.0.0.10 //VLAN 102 part of underlay multicast group database-mapping mac locator-set xxx exit-service-ethernet exit-instance-id
Now All Fabric node who are part of this VLAN/ IP subnet will send the PIM Joins on that multicast group and will form the multicast tree. Now the traffic is flooded in this multicast tree.
Once the ARP is received on Edge switch, it intercepts it, send it to dedicated multicast Group using underlay. Edge switch encapsulates the Client traffic in VXLAN tunnel and then sends it with Source IP = RLOC and destination IP = Underlay Multicast group.
Doing this all Edge node who are part of that Multicast Tree will receive this ARP packet.
Using Multicast IP for each IP subnet exhaust the Switch memory and to alleviate this problem, DNA center 1.3.3 and later creates a unique Multicast group for entire given site. All IP subnet ion that site are marked with same Multicast IP address. Later Traffic will be segmented by VLAN tag on the encapsulated Layer 2 packet being flood.
Below is the Layer 2 Flooding configuration pushed with same multicast group.
instance-id 8979 remote-rloc-probe on-route-change service ethernet eid-table vlan 102 broadcast-underlay 239.0.10.2 //Same multicast group flood unknown-unicast database-mapping mac locator-set exit-service-ethernet ! exit-instance-id ! instance-id 8192 remote-rloc-probe on-route-change service ethernet eid-table vlan 1024 broadcast-underlay 239.0.10.5 // Same multicast group flood unknown-unicast database-mapping mac locator-set exit-service-ethernet ! exit-instance-id !
Now to enable layer 2 Flooding in DNA Center, Navigate to Provision | fabric | Select the Fabric Site Name | Host Onboarding | Scroll VN and Select the VN | Select IP pool | Click Action | Enable Layer-2 Flooding
Layer 2 Border in SD-Access
With Layer 2 Border, we can migrate the traditional VLAN option to Fabric Enabled VLAN, with this same host resides on traditional VLAN as well as Fabric Enabled VLAN. Layer 2 Border translates the traffic in traditional VLAN to Fabric Enabled VLAN.
Below figure shows Layer 2 border Solution Overview
In above figure, Fabric VLAN is 1112 and Traditional VLAN is 200. The Layer 2 Border router maps the VLAN 1112 to VLAN 200 present in non-fabric. Default Gateway of Traditional VLAN 200 is present on Layer 2 Border. Layer 2 border has same configuration except VLAN 1112 , which is replaced by VLAN 200.
Below configuration is pushed by DNA center on fabric Edge and Border router. Fabric Edge Configuration:
Fabric Edge# instance-id 8198 remote-rloc-probe on-route-change service ethernet eid-table vlan 1024 broadcast-underlay 239.0.0.10 database-mapping mac locator-set xxx exit-service-ethernet exit-instance-id ! interface Vlan1112 description Configured from apic-em mac-address 0000.0c9f.f45c vrf forwarding DCLESSONS-CORP ip address 10.10.10.1 255.255.255.0 ip helper-address 10.12.12.101 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility 10_10_10_0-DCLESSONS-CORP
Layer 2 Border traditional VLAN 200 Configuration
Finstance-id 8198 remote-rloc-probe on-route-change service ethernet eid-table vlan 300 broadcast-underlay 239.0.0.10 database-mapping mac locator-set xxx exit-service-ethernet exit-instance-id ! interface Vlan200 description Configured from apic-em mac-address 0000.0c9f.f45c vrf forwarding DCLESSONS-CORP ip address 10.10.10.1 255.255.255.0 ip helper-address 10.12.12.101 no ip redirects ip route-cache same-interface no lisp mobility liveness test lisp mobility 10_10_10_0- DCLESSONS-CORP
Layer 2 border registers all endpoints in non-fabric site to fabric control node.
Layer 2 Intersite Design & traffic Flow
Comment
TABLE OF CONTENTS
- How to add Site, Floor & Building
- How to Create Wireless Network Profile
- How to Provision a Device to New Site
- How to do ZTP via PnP of New Device
- How to Configure Multi-Site Remote Border
- How to Configure Fabric In Box Configuration
- How to Perform SWIM Action
- How to Configure Device RMA
- How to Create Virtual Network
- How to Create Group Based Access Control Policies
- How to Create Access Contract
- How to work on Policy Analytics
- How to do AI Endpoint Analytics
- Learn Overall Health of Network Devices & Health Score
- Learn how to visualize the Over all health of Wireless Client
- Learn how to Application Analysis via DNA
- How to analyse the Sensors Performance Testing
- Management of Industrial Extended Network
- How to Configure Security for IOT
- How to Create Template for IOT Network
- How to Create Network Profile
RECENT POSTS
- Advancing Your Career with Cisco Data Center Mastery: A Comprehensive Guide to Nexus Training
- Securing Networks in the Digital Age: Your Guide to Mastering Cisco Identity Services Engine (ISE)
- Becoming an AWS Solution Architect: Your Path to Cloud Expertise
- Navigating Your Journey to Docker Expertise: Master Docker with Comprehensive Training and Certification
- Transform Your Azure Networking Expertise Through AZ-700 Training
- Why Choose DClessons for Your SD-WAN Velocloud Training Needs
- Next-Level Networking: Unlocking Cisco ACI and DCACIA Potential with DClessons
- Mastering Data Center Technologies with DClessons: A Comprehensive Guide to Cisco CCIE Data Center Training
- Why Choose Cisco SD-WAN Solutions with DClessons?
- What is Docker and Why is It Important?
LEAVE A COMMENT
Please login here to comment.