SD-Access Solution Components

SD-Access Solution Components

A SD-Access fabric site consists of fabric edge node, Control plane node, and Intermediate node and border nodes. When wireless integration is required, fabric WLC and Fabric AP also becomes part of this SD-Access. SD-Access site can also be connected to SD-Access transit network to create larger fabric domain.

Below figure explains all the components that are required to develop SD-Access fabric site.

Now we will discuss each and every components in details to learn their function and capabilities.

Control plane node:

SD-Access Control plane node provides functions of LISP Map server & MAP resolver. Control plane nodes register all the EID that are connected to fabric Edge node. Its database contains the RLOC mapped with MAC and IP address of EID. Control plane node and border node function can also be configured on same fabric node. A control plane node can be scaled between two to six nodes for resiliency. Following are the functions of Control plane node:

• Host tracking Database
• MAP server
• MAP Resolver

Edge Node:

Fabric Edge node are the node where Endpoints, AP are connected to SD-Access fabric. Edge Node implements Layer 3 access design with following other functions described below:

As soon as Endpoints gets connected to edge node, it gets added to Local tracking database often called as EID table of edge node. Now Edge node send the LISP MAP register message to inform control plane node about the endpoint so that control plane registers that EID in its HTDB.

AS soon as Endpoint are connected to Edge Node, they are placed in to virtual network by assigning it to VLAN associated. This mapping can be done statically or dynamically using 802.1X. At Edge node SGT can be used to provide policy enforcement and segmentation.

Common gateway Anycast Layer 3 address is used on every node that shared common EID subnets which helps in data forwarding and Client Mobility across different RLOC.

LISP forwarding is also done on Edge node. MAP register, MAP resolver message, Data Forwarding, Control Plane Forwarding, LISP Solicit-map-Request, all these Message travers through Edge node in order to complete Fabric communications.

VXLAN encapsulation and Decapsulation is also done at Fabric Edge Node for data traffic.

Intermediate Node:

These node works on Layer 3 and provides interconnection between edge node and border nodes. These nodes routes IP traffic inside fabric and on these nodes there are no VXLAN encapsulation and Decapsulation. Only requirement is to maintain MTU requirement to accommodate large-size VXLAN encapsulated packets.

Border Node:

These node acts as a gateway between SD-Access fabric site and External network. These border nodes can be used as internal border ( acts as a gateway for specific subnets such as shared services , Datacenter network , ) or External Border ( acts as exit point from fabric to rest of enterprise). These two roles can be combined to single router named as anywhere border.

Below are some functions of Border nodes.

• Advertise EID subnets between Fabrics to outside network by external routing protocol like BGP. These EID appear only on routing table of Border nodes - throughout the rest of the fabric and EID information can be accessed by Fabric Control plane node.
• It acts as fabric domain exit point and acts a last resort for fabric edge nodes.
• It maps LISP instance to VRF, fabric border can be extend network virtualization from inside fabric to outside by external VRF instances in order to preserve virtualization.
• The fabric border node also maps SGT information from within the fabric to be appropriately maintained when exiting that fabric. SGT information is propagated from the fabric border node to the network external to the fabric, either by transporting the tags to Cisco TrustSec-aware devices using SGT Exchange Protocol (SXP) or by directly mapping SGTs into the Cisco metadata field in a packet, using inline tagging capabilities implemented for connections to the border node.

Fabric in BOX:

When a site has single switch or has router on stick type design, fabric in BOX design can be configured. Create a Fabric in BOX by assigning control plane node, Edge node and border node function to single switch.