SDA Traffic Flow

DHCP in SD-Access

Once host is connected to VLAN, it broadcast a DHCP packet in order to receive the IP address from DHCP server.

In SD-Access in each edge, an Anycast gateway is configured by DNA for each SVI, due to which DHCP packet must be handled in the fabric. Due to which each Fabric Edge switch as a DHCP relay agent by using DHCP option 82 field, which allow fabric to locate the source of DHCP request when DHCP server replies.

Below configuration is pushed by DNA center to Edge switch , and this also include IP-Helper address command and enables edge to acts as relay agent and to intercept the DHCP request which are received by Endpoints

Below steps defines how DHCP request are processed in SD-Access

• Client send a broadcast DHCP request with its MAC address as source to edge switch
• Edge switch intercepts that DHCP request and add Option 82 field, including VXLAN VNI, or instance Id along with RLOC address and then encapsulates the request in to unicast packet with SVI Anycast address as Source and DHCP Server IP as destination.
• Now this packet is routed in overlay and via fabric Border, it is sent to DHCP server outside the fabric.

Now let’s see how DHCP response

• Once DHCP reply is received to Border router, Border router see option 82 field which contains the Edge RLOC and instance ID. Border router forwards that reply directly to that particular Edge switch.
• Once fabric edge receives the reply, it de-encapsulates the packet and then forwards the new DHCP reply to endpoint.

Wired Host Onboarding & Registration

Once Authenticated wired endpoints connects to SD-Access fabric and obtains IP address via DHCP, Edge switch perform two tasks.

• It add’s MAC address, IP address of Endpoint in its local database.
• It also registers MAC address, IP address of Endpoint to LISP control Node via LISP MAP-Register message.

 These registration are kept in Control Node Table, which list each MAC and IP address with its corresponding RLOC address.

Wired Intra-Subnet Traffic Flow

Lets suppose source and destination on same subnet and want to communicates to each other.

• The source endpoint (A) sends an ARP request for the MAC address of the destination endpoint (B).
• The LISP process on endpoint A’s fabric edge (A) intercepts this ARP request and asks the fabric control plane for the requested mapping of endpoint B’s IP address to its MAC address.
• The fabric control plane looks up endpoint B’s IP address in its LISP address resolution table. This table is similar to a switch’s ARP table but is specific to LISP. The fabric control plane then sends this MAC address to fabric edge A with a LISP ARP reply

Below figure shows endpoint A sending an ARP request message for 10.10.0.22 to fabric switch A. Fabric switch A intercepts the ARP request and sends a LISP ARP request to the fabric control plane. The fabric control plane replies with an entry from its LISP ARP table.

• Fabric edge A stores this mapping in its local ARP cache and then queries the fabric control plane again for the location of endpoint B’s MAC address.
• The fabric control plane responds to fabric edge A with the RLOC address of endpoint B’s fabric edge (B).

Below Figure shows fabric edge A sending a LISP Map-Request message for MAC address b827.eb07.5b9a to the fabric control plane. The fabric control plane responds with the RLOC address of fabric edge B.