Deployment Options For Integrating cnBNG with Data Center Fabrics

This chapter describes how cnBNG integrates with modern data center fabrics to provide high availability, flexibility, and reliable services. To integrate cnBNG into the network, you need a few Bridge Domains (BDs) and Border Gateway Protocol (BGP). The underlying infrastructure can be Layer 2 only—with routing managed by Data Center Routers (DCRs)—or a mix of Layer 2 and Layer 3. The main goal is to enable cnBNG to communicate with both the northbound and southbound networks, as well as with other cnBNG clusters.

You can choose from several integration options based on your data center infrastructure, such as VXLAN EVPN, Cisco ACI, or traditional vPC. Use this information to select the solution that best meets your network and business requirements.

Flexible deployment models

Cisco cnBNG is inherently fabric-agnostic and performance-sensitive, making it suitable for a variety of deployment scenarios:

Supported deployment models:

  • Modern VXLAN-based fabrics

  • Cisco ACI policy-driven fabrics

  • Traditional vPC + LACP designs

cnBNG offers deployment flexibility. It operates on a Kubernetes cluster of servers, which can be as simple as a single node (All-in-One) or scaled across multiple nodes for higher availability. Each node is dual-homed to the data center fabric, ensuring both link and device redundancy for uninterrupted service.

Figure 1. Topology: cnBNG with VXLAN-based fabrics or ACI policy-driven fabrics
Figure 2. Topology: cnBNG with L2 domain or vPC LACP networks

cnBNG on VXLAN BGP EVPN Fabric

For organizations leveraging VXLAN BGP EVPN, cnBNG integrates with a spine-leaf architecture built on Cisco Nexus switches.

Architecture overview

  • Spines provide Layer-3 routing, ECMP transport, and act as BGP Route Reflectors.

  • Leafs serve as VXLAN Tunnel Endpoints (VTEPs) and connect directly to cnBNG servers.

Fabric structure

  • The underlay uses OSPF or eBGP to ensure IP reachability across all fabric nodes.

  • The overlay leverages VXLAN encapsulation and MP-BGP EVPN to manage tunnel endpoints and advertise service routes.

Resiliency and convergence

  • EVPN multihoming (ESI-based) ensures active-active connections between cnBNG servers and leaf pairs.

  • In the event of a link or leaf failure, traffic immediately converges to available paths without service interruption.

Control and data plane efficiency

  • EVPN BGP broadcasts MAC/IP bindings, VTEP membership, and routed prefixes.

  • VXLAN encapsulation provides a fully routed Layer-3 underlay and eliminates spanning-tree complexity.

  • Distributed Anycast Gateway (DAG) maintains a consistent gateway presence across the fabric.

cnBNG on Cisco ACI Fabric

Key benefits of deploying cnBNG on Cisco ACI

  • High Availability and resiliency: Supports multi-pod and multi-site architectures with active-active configurations to ensure seamless failover and business continuity.

  • Enhanced application performance: Optimizes application flow and network performance with a policy-driven fabric and real-time health monitoring.

  • Redundancy: Cisco ACI supports multi-site and multi-pod deployments with active-active border leaf nodes, ensuring high availability and seamless failover for cnBNG services.

  • Bridge Domains (BDs): BDs in ACI provide flexible Layer 2 domains that can be stretched or localized, enabling efficient segmentation and endpoint isolation for cnBNG clusters.

  • L3Out: ACI’s L3Out feature offers scalable Layer 3 connectivity to external networks with support for routing protocols and host route advertisement, facilitating optimized north-south traffic flow for cnBNG.

  • Fabric-wide mobility: The solution uses a consistent VXLAN overlay across the entire fabric.

  • Cost Efficiency: Reduces operational costs by automating routine tasks, minimizing configuration errors, and enabling faster issue resolution.

Suitability

This solution is ideal for enterprise or multi-tenant environments that require strong compliance, segmentation, and centralized policy management.

cnBNG on Traditional vPC and LACP Networks

For smaller sites or brownfield environments, cnBNG can operate over vPC-based Layer-2 domains. In this scenario, each host bonds its NICs using LACP and connects to a pair of vPC peer switches.

Key benefits of deploying cnBNG on traditional vPC and LACP networks

  • Redundancy: Provides active-active operation facilitated by vPC peer-link coordination.

  • Compatibility: Hosts require no overlay configuration, simplifying network integration.

  • Simplicity: Deploys cnBNG nodes as a VLAN subnet over the vPC fabric, with gateways available at routers.

Advantages

  • Straightforward deployment with immediate compatibility for legacy infrastructures.

  • Reduces operational complexity by leveraging existing L2 technologies.

Suitability

This approach is optimal for legacy environments where rapid deployment and compatibility are priorities, but may be unsuitable for large-scale, highly scalable network fabrics requiring advanced routing capabilities.