Overview
Q. What is Multi-Region Fabric?
A. Multi-Region Fabric (formerly known as Hierarchical SD-WAN) is a suite of capabilities that tremendously simplifies network operations and management of the SD-WAN fabric, along with enhancing the control-plane scale. With Multi-Region Fabric, a single Cisco Catalyst SD-WAN overlay network can easily be split into multiple regions with a central core-region network for managing all interregional traffic. It enables organizations to extend their Catalyst SD-WAN fabric across multiple regions and sites (on-premises or cloud-based), while using a common WAN backbone network or any middle-mile provider or cloud backbone, to provide end-to-end SD-WAN capabilities and control.
Q. What problems does Multi-Region Fabric help solve?
A. Multi-Region Fabric is the core enabler for next-generation WAN architectures that are being built to tackle ever-increasing and dispersed cloud- and Software-as-a-Service (SaaS)-bound traffic. Such architectures typically involve regionalization of the network, with multiple service exchange, colocation, and Point-of-Presence (PoP) sites providing optimized interregional and intercloud access.
Multi-Region Fabric addresses many of the challenges that can arise with such networks, with capabilities such as the following:
● Intent-based network design helps IT build, deploy, and manage geographically distributed SD-WAN networks that provide resiliency, redundancy, security, and control.
● Facilitates multicloud deployments and colocation-based network architectures, supporting seamless hybrid cloud connectivity.
● Simplifies the deployment of a globally distributed network by reducing complexity, increasing scalability, and providing a single dashboard for configuring, monitoring, and troubleshooting the network.
● Allows IT teams to customize their network architecture on a per-region basis by choosing topology, transport, and encapsulation methods to provide flexibility and meet specific regional requirements.
● Provides the ability for enterprise IT to choose multiple premium transport providers for interregional connectivity based on performance and cost.
● Enables Managed Services Providers (MSPs) to operationalize deployments needing advanced capabilities and scale, reducing operational costs and improving efficiencies.
Q. What are the key features of Multi-Region Fabric?
A. The key features of Multi-Region Fabric include:
● Role assignment to SD-WAN devices: All branches are set up as Edge Routers (ERs), and all regional hubs are set up as Border Routers (BRs).
● Regional assignment to SD-WAN devices: All devices can be configured to belong to specific access regions. Devices within the same region build direct SD-WAN tunnels and connectivity with one another; devices in different regions do not build direct SD-WAN tunnels between one another, but connectivity is achieved via their respective regional Border Routers (BRs).
● Automatic region-aware routing: Isolate routing information on a per-region basis while allowing interregional traffic flow via Border Routers (BRs).
● Enhanced control-plane scalability: Dedicate Cisco Catalyst SD-WAN Controllers (formerly vSmart) per region or per group of regions.
● Simplified site scalability to deliver higher throughput.
● Enforcement of common traffic steering policy and intent across the entire WAN or per region.
● End-to-end SD-WAN encryption and encapsulation.
● End-to-end WAN segmentation: Interregion or intraregion, site to site, or site to cloud.
● Single dashboard (Cisco Catalyst SD-WAN Manager, formerly vManage) to configure, monitor, troubleshoot, and manage the network.
Q. What are the benefits of Multi-Region Fabric?
A. The benefits of Multi-Region Fabric include improved flexibility and traffic performance across regions (when paired with an optimized middle-mile network), simplified policy design, end-to-end encryption of interregional traffic, better control over traffic paths between domains, and optimized tunnel encapsulation for the core region and regional networks.
Scalability
Q. Can we divide the architecture of a single Catalyst SD-WAN overlay network to increase the scalability?
A. Yes, Multi-Region Fabric provides the ability to easily divide a single Catalyst SD-WAN overlay network into multiple regions and a central core-region network for managing interregional traffic. This capability enables routing information to be controlled on a per-region basis, thereby enhancing the control-plane scalability of the solution. Additionally, SD-WAN tunnels are automatically restricted to being built between sites that belong to the same region, without sacrificing end-to-end prefix reachability across all sites and regions; this helps control the tunnel scale and improves data plane scalability.
Q. Can Multi-Region Fabric be segmented into multiple subregions?
A. Yes, Multi-Region Fabric supports dividing a given access region into multiple subregions and sharing BRs between these subregions, allowing for flexible BR redundancy and failover-centric network designs. The introduction of subregions enables users to create subdomains of full-mesh connectivity between branch sites within a region, such that devices in the same subregion communicate directly.
Q. What is the role of the central core-region network in Multi-Region Fabric?
A. The central core-region network in Multi-Region Fabric is responsible for managing interregional traffic. It serves as the control plane for the entire network and helps ensure that traffic is efficiently routed across the different regions.
Multicloud connectivity
Q. What is the relationship between the cloud and Multi-Region Fabric?
A. The increased adoption of cloud and SaaS is driving the need for hierarchical network designs, where regional hubs, colocation sites, and PoPs provide high-quality on-ramps into the cloud. Multi-Region Fabric provides immense configuration simplicity, routing flexibility, and enhanced scale to operationalize such networks.
Q. What is the role of the middle-mile WAN in Multi-Region Fabric?
A. In Multi-Region Fabric, the middle-mile WAN serves as the backbone WAN that connects the different regions of the network. It can be provided by MSPs, Software-Defined Cloud Interconnect (SDCI) providers, cloud service providers, or DIY colocation services.
Q. Does Cisco SD-WAN Cloud OnRamp capability within Cisco Catalyst SD-WAN support Multi-Region Fabric architecture?
A. Yes, Cisco SD-WAN Cloud Interconnect (SDCI and cloud backbone) capability of Cisco Catalyst SD-WAN supports Multi-Region Fabric architecture. The architecture can be utilized to deploy SDCI-related Cisco Catalyst SD-WAN infrastructure by using the CoR Multicloud Interconnect Gateway workflows on Catalyst SD-WAN Manager. The capabilities within Multi-Region Fabric architecture improve the user experience of the IT teams by enabling – simplified control policy configurations, automatic resolution of routing loop and black hole scenarios and provide the ability to assign regions and roles to SD-WAN Edges deployed within SDCI infrastructure.
Deployment and management
Q. What are the key steps in architecting a Multi-Region Fabric in Catalyst SD-WAN?
A. To architect an Multi-Region Fabric with Catalyst SD-WAN, you need to create logically distinct SD-WAN regions where users and applications reside and interregional connections are maintained via a shared interregional network enabled by SD-WAN border routers. The following are the key steps to follow:
1. Choose the transports for the core region: Select the transports to create an interregional network. Typically, this would be one or more high-bandwidth, low-latency circuits obtained via a premium middle-mile provider, cloud provider, or service provider, or simply by reusing existing MPLS/internet circuits, if they meet the performance needs.
2. Determine the regional transports: Select the first-mile transports per region, such as MPLS, internet, LTE, 5G, etc., based on performance and cost factors.
3. Determine the regional topologies: Decide whether to deploy a region with full-mesh connectivity or to deploy a hub-and-spoke topology to provide centralized access to resources in a data center.
4. Determine the regional encapsulations: Decide on the appropriate encapsulation for SD-WAN tunnels. Catalyst SD-WAN leverages industry-standard IPsec encryption for ensuring the confidentiality and authenticity of traffic. If this level of security is not required, IT can also enable a less expensive encapsulation for SD-WAN tunnels, such as Generic Routing Encapsulation (GRE).
5. Add new regions seamlessly: Adding new regions is seamless, as Catalyst SD-WAN automatically computes paths to and from newly added regions and propagates route reachability information, eliminating the need to manually configure route policies.
By following these steps, you can create an Multi-Region Fabric with Catalyst SD-WAN that provides extensive control over application experience and corresponding transport costs. The Multi-Region Fabric provides maximum flexibility in choices of topologies, transports, and encapsulation methods per region.
Q. What is a Border Router (BR)?
A. Multi-Region Fabric introduces two roles for routers, namely BR and ER. A border router is a type of router that connects different regions of a network, such as access regions and core regions. Its main purpose is to provide connectivity for interregional traffic.
Q. What is the default role for an SD-WAN router?
A. The default role for any SD-WAN device is an Edge Router (ER).
Q. Can I use the same WAN transport(s) at the BRs to build SD-WAN tunnels within the access region and the core region?
A. Yes, WAN transports on BRs can be shared between the access and core regions. WAN transports exclusive to the access and core regions, respectively, are also supported.
Q. What if my BR devices’ core WAN transports don’t have connectivity to the core-region SD-WAN Controllers?
A. Core-region SD-WAN Controller connectivity can be established using any of the access-region WAN transports available at the BR devices.
Q. What is a secondary region and how does it help?
A. When a device joins a particular region, it typically doesn’t form tunnels with other regions and uses a BR for transit routing for interregional traffic. However, in some use cases where customers want direct connectivity between the two access regions, a secondary region provides it. Secondary regions are supported only between ERs, not between ERs and BRs.
Q. Can I have SD-WAN Controllers shared between different access regions?
A. Yes, SD-WAN Controllers can be either shared between access regions or dedicated to one or more access regions. However, SD-WAN Controllers in the core region must be dedicated/exclusive.
Core-region SD-WAN Controllers can be used to serve secondary regions or, alternatively, dedicated SD-WAN Controllers can be used to serve them.
Q. How does Multi-Region Fabric provide end-to-end routing and convergence?
A. Multi-Region Fabric works by providing automatic route reorigination from one region to another. Every border router reorignates routes it gets from its access and core region in both directions. With this, users don’t need static policies and trackers to send traffic from one region to the other. For further details, refer to the Cisco SD-WAN Multi-Region Fabric chapter of the
Cisco SD-WAN Multi-Region Fabric Configuration Guide.
Q. Does the Multi-Region Fabric support IPv6?
A. Yes, IPv6 is supported in an SD-WAN overlay with Multi-Region Fabric.
Q. Can I have a mix of SD-WAN encapsulation for my core vs. access regions?
A. Yes, you can have different SD-WAN encapsulation between the access regions and core region. Both IPsec and GRE encapsulation types are supported.
Q. Does Multi-Region Fabric have dampening for access region routes?
A. Multi-Region Fabric supports dampening of access region routes by default to avoid convergence churn in situations where routes are flapping within an access region. For more information, refer to the Multi-Region Fabric
documentation.
Q. Can I aggregate routes in a Multi-Region Fabric network?
A. Yes, route aggregation within Multi-Region Fabric is supported both at ERs and BRs. BRs support route aggregation for both core and access.
Q. What is the Network Hierarchy Manager (NHM) in the context of Multi-Region Fabric?
A. NHM provides a single touchpoint to design your network before provisioning your device in Catalyst SD-WAN Manager. In the context of Multi-Region Fabric , NHM provides a resource pool for automatic region assignment and site-to-region mapping. It acts as a prerequisite for Multi-Region Fabric configurations. Refer to the
Network Hierarchy and Resource Management chapter of the Catalyst SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Release 17.x, for more information.
Q. What are the steps to migrate to Multi-Region Fabric?
A. The steps to migrate to Multi-Region Fabric can vary depending on the specific network and migration needs. Traditional parallel network migration techniques can be used in the migration process, but Multi-Region Fabric also offers a special knob to maintain connectivity with the default region SD-WAN Controller (a SD-WAN Controller where no region is configured in a flat SD-WAN model). Both Border Gateway Protocol (BGP) and Overlay Management Protocol (OMP)-based core migrations are supported, assuming that the existing network has similar hop-by-hop policy-based routing.
Q. What is a subregion in the context of Multi-Region Fabric?
A. Typically, each access region has a dedicated BR by default. However, to avoid the cost of having a dedicated BR for each smaller region, subregions allow multiple smaller regions to share the same BR. This configuration also provides backup BR functionality for subregions.
Q. What is the use case for a Transport-Gateway Router (TR) in Multi-Region Fabric?
A. A TR provides a simple and easy way to configure routing between discontiguous networks. For example, connecting MPLS sites to internet sites needs to be done through a hub that has connectivity to both transports. This requires policy constructs. But a TR automatically provides routing and convergence between these networks once enabled on the hub site. This is supported for flat SD-WAN networks as well.
Q. What is the difference between a router affinity group in Multi-Region Fabric and a controller affinity group?
A. Controller affinity provides the ability to prefer one controller over another in an SD-WAN scenario. Router affinity is a new feature developed to prefer routes, Transport Locators (TLOCs), or service routes from one device over another, and at the same time provides intelligent route filtering capabilities to filter unwanted routes to help scale the network without configuring any policies.
Q. Can a vEdge be deployed as a BR?
A. BR functionality is supported only with Cisco IOS
® XE SD-WAN routers. An Edge Router (ER) can be a vEdge or Cisco IOS XE SD-WAN router.
Q. Does Multi-Region Fabric support dynamic tunnels?
A. Yes, dynamic tunnels or on-demand tunnels are supported in Multi-Region Fabric access regions. However, they are not supported within the core region.
Q. Can I use policy to further define intent within a Multi-Region Fabric network?
A. Yes, Multi-Region Fabric provides policy matches and sets specific to Multi-Region Fabric for both control and data policies and also provides flexibility to apply these policies within sites or at the region level. Please refer to the
Centralized Policy chapter of the Cisco SD-WAN Policies Configuration Guide, Cisco IOS XE Release 17.x, for more information.
Q. What is the current recommended release for Multi-Region Fabric?
A. The current recommended release for Multi-Region Fabric is 20.9/17.9, which is long-lived and provides migration support. Please review the
release notes if you want advanced features such as aggregation, etc.
Q. What is the use case for the TLOC compatibility list?
A. TLOC compatibility and filtering provide easy-to-use options to filter unwanted TLOCs for your branches by defining intent on SD-WAN Controller . It is not enabled by default, but once enabled, it filters out TLOCs based on the compatibility/ incompatibility list defined by the user (as per the network connectivity intent) on SD-WAN Controllers or based on default heuristics of public color and private color compatibility. Please refer to the
Cisco vSmart Controller Route Filtering by TLOC Color chapter of the Cisco SD-WAN Routing Configuration Guide, Cisco IOS XE Release 17.x, for more information.
Q. What type of network topology is supported in my access and core regions?
A. Any topology can be constructed within an access region, such as hub and spoke, partial mesh, etc. The default is a full mesh within an access region and core region, and a full mesh in the core is also recommended.
Q. What platforms are supported for Multi-Region Fabric?
A. vEdge platforms and Cisco Catalyst
™ and Cisco IOS XE SD-WAN platforms are supported. However, for BRs, Cisco recommends using Cisco IOS XE platforms.
Q. How do the Multi-Region Fabric configuration and monitoring enhancements with UX2.0 enhance the overall solution?
A. The enhancements in Multi-Region Fabric configuration and monitoring with UX2.0 significantly improve the user experience (UX) and enhance the overall solution. SD-WAN Manager provides a user-friendly interface that simplifies the setup of regions, sub-regions, and secondary-regions through Network Hierarchy. Additionally, the interface now offers more intuitive workflows that guide users through the process of on-boarding sites into regions, creating configuration groups for all their sites, and deploying configurations as needed. With these upgrades, customers can easily manage their network and connectivity between regions, all without requiring expert-level knowledge.
And, the global monitoring dashboard has been enhanced with a new 'region' view, providing a logical, region-based perspective of the entire network infrastructure. With this view, customers can easily assess the health of their BR/ER sites within each region, monitor tunnel health, and access other relevant metrics. The real advantage lies in the ability to gain a comprehensive, bird's-eye overview of the entire network, empowering users with at-a-glance information. This means that, in the event of any issues or anomalies, users can quickly identify the precise location where action is needed, ensuring a proactive and efficient response to any challenges.
Use cases
Q. What are the use cases for Multi-Region Fabric?
A. Multi-Region Fabric is suitable for use cases such as regionalization of network services, improving the multicloud and SaaS user experience, reducing time spent on the last mile for user traffic, and adapting network scale, compliance, or resiliency in a geo-, segment-, or region-specific manner.
Licensing and onboarding
Q. What type of license is needed for Multi-Region Fabric with Catalyst SD-WAN?
Q. How can I request additional SD-WAN controllers for my core or access regions in Cisco cloud-hosted overlays?
A. To request additional SD-WAN controllers for your core or access regions in Cisco cloud-hosted overlays, open a Cisco TAC case with SD-WAN CloudOps.
Additional resources
Q. Where can I find more information about the Multi-Region Fabric?
A.
● Read the At-a-Glance: Cisco SD-WAN Multi-Region Fabric At-a-Glance.
● View the video: What Is Cisco SD-WAN Multi-Region Fabric?
● Read the Cisco SD-WAN Multi-Region Fabric chapter of the Cisco SD-WAN Multi-Region Fabric Configuration Guide
● Read posts on the Cisco Networking blog:
◦ Deploy and Manage Networks Globally with Cisco SD-WAN Multi-Region Fabric.
◦ Cisco SD-WAN Multi-Region Fabric Unites Distributed Enterprises.