Overlay – SD-Access Design

By | 05/28/2024

The overlay network is a logical network built on top of the underlay in order to create virtualized networks. These virtualized networks are created in the SD-Access fabric by encapsulating user traffic in the overlay networks using IP packets on the boundary edge switches.

The SD-Access fabric overlay has three main components: 

  • Fabric control plane: This plane provides logical mapping and resolution of endpoint IDs of users/devices using Locator/ID Separation Protocol (LISP).
  • Fabric data plane: This plane provides a logical overlay created by Virtual Extensible LAN (VXLAN) packet encapsulation along with a Group Policy Object (GPO).
  • Fabric policy plane: Within this plane, network security policy is applied through scalable group tags (SGTs) and group-based policies.

LISP simplifies routing environments by removing the need for routers to know every possible IP destination. LISP moves the remote destination information to a centralized map database that allows each router to manage only its local routes and queries the map database to find destination endpoints when needed.

VXLAN with GPO provides support for both Layer 2 and Layer 3 virtual overlays and the ability to use VRF instances or virtual networks along with SGTs for secure policy.

Control Plane

SD-Access uses LISP for a control plane protocol to handle the mapping and resolution of endpoint addresses. The two main things that LISP keeps track of are the routing locator (RLOC) or attached router and the endpoint identifier (EID), which is the IP address or MAC address. Together, the RLOC and EID provide the information needed for traffic forwarding even if the IP address moves within the edge of the network. LISP enables the decoupling of the EID and the RLOC, which provides mobility to the endpoint. This technology differs from older collapsed core designs where the endpoints were tied to the IP subnet and the location where they were attached to the network.

LISP is an IETF standard protocol (defined in RFC 6830) that runs on a control plane node within the SD-Access fabric. The control plane node contains the settings, protocols, and tables to provide the endpoint-to-location mapping system for the fabric overlay. LISP provides many advantages, such as less CPU usage, smaller routing tables, host mobility, address mapping (IPv4, IPv6, or MAC), and VRF awareness.

Figure 10-2 illustrates the host mobility capability of LISP as two laptops move from SW1 on Floor 1 to SW8 on Floor 3 and preserve their IP addresses. Keep in mind that these switches are routed access switches at the SD-Access fabric edge.

 Figure 10-2 LISP Host Mobility

Leave a Reply

Your email address will not be published. Required fields are marked *