Information about Campus Fabric
Campus Fabric, also refered to as Software Defined Access, provides the basic infrastructure for building virtual networks on policy-based segmentation constructs. It is based on the Locator ID Separator Protocol (LISP) overlay network built on top of an arbitrary underlay network.
Overlay networks can run across all the underlay network devices or a subnet of these devices. Multiple overlay networks can spread across the same underlay network to support multitenancy.
Cisco IOS XE Everest 16.6.1 supports Layer 2 and Layer 3 overlay networks.
Campus Fabric Overlay provisioning uses three components to enable flexible attachment of users and devices, and enhanced security through user-based and device-group based policies:
-
Control Plane
-
Data Plane
-
Policy Plane
The Campus Fabric feature is supported on the Enterprise Services and IP Base software images.
Benefits of Provisioning a Campus Fabric Network
-
A hybrid Layer 2 and Layer 3 overlay offers the best of both these services.
-
Provides end-to-end segmentation using LISP Virtualization technology wherein only the Fabric Edge and Border nodes have to be LISP aware. The rest of the components are just IP forwarders.
-
Eliminates Spanning Tree Protocol (STP), improves link utilization, and brings in faster convergence and equal cost multipath (ECMP) load balancing.
-
Fabric header supports Secure Group Tag (SGT) propagation, which helps in having a uniform policy model across the network. SGT-based policy constructs are subnet independent.
-
Provides host mobility for both wired and wireless clients.
-
Use of LISP helps decouple the host address and its location, simplifying the routing operations, and improving scalability and support.
Understanding Fabric Domain Elements
Figure displays the elements that make up the fabric domain.
The following is a description of the fabric domain elements illustrated in the figure.
-
Fabric Edge Devices—Provide connectivity to users and devices that connect to the fabric domain. Fabric edge devices identify and authenticate end points, and register end-point ID information in the fabric host-tracking database. These devices encapsulate at ingress and decapsulate at egress, to forward traffic to and from the end points connected to the fabric domain.
-
Fabric Control-Plane Devices—Provide overlay reachability information and end points-to-routing locator mapping, in the host-tracking database. A control-plane device receives registrations from fabric edge devices having local end points, and resolves requests from edge devices to locate remote end points. You can configure up to three control-plane devices-internally (a fabric border device) and externally (a designated control-plane device, such as Cisco CSR1000v), to allow redundancy in your network.
-
Fabric Border Devices — Connect traditional Layer 3 networks or different fabric domains to the local domain, and translate reachability and policy information, such as virtual routing and forwarding (VRF) and SGT information, from one domain to another.
-
Virtual Contexts—Provide virtualization at the device level, using VRF to create multiple instances of Layer 3 routing tables. Contexts or VRFs provide segmentation across IP addresses, allowing for overlapped address space and traffic separation. You can configure up to 32 contexts in the fabric domain.
- Host-Pools—Group end points that are present in the fabric domain into IP pools, and identify them with a VLAN ID and an IP subnet.
Campus Fabric Configuration Guidelines and Limitations
-
Configure no more than three control-plane devices in each fabric domain.
-
Configure no more than two border devices in each fabric domain..
-
Each fabric edge device supports up to 2000 end points.
-
Each control-plane device supports up to 5000 fabric edge device registrations.
-
Configure no more than 64 virtual contexts in each fabric domain.
-
Layer 2 (IPv4 host) and Layer 3 (IPv6 Host) LISP overlay functionality is supported on Cisco IOS XE Everest 16.6.1 and later releases.
-
On the edge device, Cisco TrustSec links are not supported on uplink interfaces connected to the underlay.
-
Layer 3 source group tags cannot be applied to uplink interfaces connected to the underlay.
-
Cisco IOS XE 16.6.1 does not support Dense Mode or Bidirectional Protocol Independent Multicast (PIM). Only PIM Sparse Mode (SM) and PIM Source Specific Multicast (SSM) modes are supported.
-
Multicast does not support group-to-rendezvous point (RP) mapping distribution mechanisms, Auto-RP, and Bootstrap Router (BSR). Only Static RP configuration is supported.
-
Multicast RP redundancy is not supported in the fabric domain.
Important |
Virtual Extensible LAN (VXLAN) and LISP must be configured as part of campus fabric network. They are not supported as standalone features. |
CLI Changes From Cisco IOS XE Everest 16.6.1
Starting Cisco IOS XE Everest 16.6.1, the CLI model for L2 LISP configuration is redesigned to better reflect the configuration flow and to configure LISP behavior that is specific to different functionalities such as support for Layer 2 MAC address as EID prefixes, and so on.
The following is a list of CLI changes:
-
The new CLI provides two levels of inheritance in two paths:
-
router lisp > service- called the global service or top service mode
-
router lisp > instance-id > service-called the instance-service mode
-
-
The end point identifier table,eid-table, is decoupled from the instance-id. You can now configure eid-table without specifying the instance-id. The hierarchy is router lisp > instance-id > service > eid-table.
-
You can have the common configuration under global service mode and instance ID-specific configuration under instance-service mode.
-
CLI that is configured at the global level of the hierarchy affects the operational state of all the instance services at lower levels of the hierarchy, unless explicitly overridden.
-
All the { ipv4 | ipv6} [proxy] {itr | etr} commands appear under their respective service mode without their address family prefix.
-
All the LISP show commands commence with the show lisp prefix.
-
A new command, locator default-set, which is configured at the global level marks one of the locater set as default.
-
service-ethernet is a new sub mode that enables Layer 2 MAC ID as EID space.
Note |
After you enter the commands in the changed configuration style, the earlier CLIs are not supported. To switch to the earlier CLIs, reload the system. |