collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: SDA Design on behalf of Christopher L.  (Read 19692 times)

Offline Administrator

  • Administrator
  • Cisco King
  • *****
  • Posts: 58
  • Reputation: 1000
  • Certification: N/A
SDA Design on behalf of Christopher L.
« on: February 03, 2022, 08:02:27 PM »
 If a customer has Edge(Access) switches, then Core/Distribution switches, then Firewall that egresses to the Internet, which device is the standard topology would be considered the ULAY1 device and BC1 router. For inter-VRF & External Connection communications, we need to configure BGP on what I would assume would be the Core/Distribution switch(SW1) with BC1. Do we need to add a router (BC1) in between their Core Switch (SW1) and their Edge nodes (E1) - I would be concerned about injecting another layer of failure (we would need HA devices). We need to design the network to add BGP Peering (SW1/BC1) and the edge nodes wouldn't be doing that, unless you extend L3 switching down to the edge and put BGP on the E1 nodes? Alternatively, we would need to add another layer to the topology so we can have 2 BGP routing peers to VRF the various VNs. Could you help me understand the best practice for the design?

Offline Administrator

  • Administrator
  • Cisco King
  • *****
  • Posts: 58
  • Reputation: 1000
  • Certification: N/A
Re: SDA Design on behalf of Christopher L.
« Reply #1 on: February 03, 2022, 08:02:37 PM »
 If the network is not big (<25 nodes), you can make the Core/Dist switch a Border/Control Plane and the FW a fusion router. Cisco considers this a small deployment. If you need to scale, you would want to insert a separate Border/Control Plane between the Core/Dist and FW, and make the Core/Dist device a pure underlay. Edge device would never do BGP unless it is Fabric-in-a-Box.

Offline clemish

  • Cisco Newbie
  • *
  • Posts: 3
  • Reputation: 0
  • Certification: CCNP
Re: SDA Design on behalf of Christopher L.
« Reply #2 on: February 04, 2022, 06:08:25 AM »
So, for an SDA Small Deployment, a collapsed design (due to limited hardware) whereby configuring BGP and sub-interfaces on the Firewall peering with the Dist/Core switch (SW1) would be the preferred deployment, understood.  Alternatively, in an Enterprise design, I would anticipate the preferred design be to replace the BC1 "router" with a stackable or HA pair of L3 switches port-channeled to the Core/Dist pair/stack of switches (SW1) to ensure high-availability and h/w fault tolerance (replace Loopbacks with SVIs).  In other words, we would inject another HA layer in order to perform BGP peering to separate the VRF/VNs between the new layer and the SW1(Dist/Core) pair of switches (/30 VRF subnets in your design).  Would this be the appropriate design for SDA Medium/Large deployments?
« Last Edit: February 04, 2022, 08:58:35 AM by clemish »

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: SDA Design on behalf of Christopher L.
« Reply #3 on: February 05, 2022, 10:03:33 PM »
If you use switches for border node that can be virtualized, either stackable or stackwise virtual, then do so to minimize the number of BGP connection you will need to fusion device. All the underlay links in the fabric should always be redundant and routed, so no VLAN or STP should exist. You can refer to Cisco recommended design in the SDA CVD below. It covers all the different size deployments.

You are not allowed to view links. Register or Login

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
10843 Views
Last post August 09, 2014, 05:33:45 PM
by MC
1 Replies
8061 Views
Last post October 21, 2015, 05:39:55 PM
by Administrator
1 Replies
8483 Views
Last post March 01, 2016, 11:30:01 PM
by Administrator
1 Replies
21609 Views
Last post July 29, 2019, 08:27:23 PM
by Administrator
1 Replies
14282 Views
Last post March 31, 2021, 11:04:00 PM
by Administrator

SimplePortal 2.3.7 © 2008-2024, SimplePortal