Overview
Describes the DAG routed overlay networks and it components.
Enterprise networks require flexibility to support unique per-VLAN overlay functions that are tailored to business requirements. Routed overlay is a proven and recommended approach for large-scale overlay networks, which can implement DAG-routed overlay to selectively stretch IP subnets without extending the Layer 2 flood boundary. Network administrators can implement the DAG-routed overlay to stretch an IP subnet across targeted leaf switches without extending the Layer 2 flood boundary.
Cisco Catalyst 9000 series switches support the multiple flexible co-existence of routed and distributed Anycast gateway routed overlay networking options within the same macro-segmented IP VRF, and the micro-segmented VXLAN-GPO enabled environment.
The following figure displays the characteristics of an EVPN multihoming network with a DAG-routed overlay fabric.
Hierarchical BGP control plane
The recommended deployment consideration to support controlled route management between EVPN multihoming peers and spine switches in large-scale campus networks is the two-tier hierarchical BGP control plane. Each BGP peering layer manages domain-specific EVPN routes to enable downstream non-blocking and all-active Layer 2 multipath networks, and manages the advertising of fabric network prefixes to enable secure global network access connectivity in core networks.
For more information, see the Hierarchical EVPN Multihoming chapter.
EVPN multihoming
Layer 2 networks with EVPN multihoming functions independent of the fabric core EVPN fabric network. A pair of Cisco Catalyst 9000 series switches in each distribution layer builds and manages EVPN multihoming in each redundancy group.
The unified Layer 2 Ethernet Segment (ES) EtherChannel connection to downstream network device can carry VLANs that are mapped to routed, selective-stretched subnets with DAG-routed overlay and advertised in the fabric core or can continue to be traditional underlay IP networks.
Layer 2 broadcast network boundary
DAG routed overlay networks provide unified Layer 2 or Layer 3 network boundary as the routed overlay and the traditional underlay campus network. The Layer 2 bridge domain and the blast-radius remain contained between Layer 2 access and EVPN multihoming-enabled distribution layer systems.
A pair of Cisco Catalyst 9000 series switches in the distribution layer network dynamically builds the Layer 2 VXLAN tunnel using ingress replication mode to extend Broadcast, Unknown Unicast and Multicast (BUM) traffic. With built-in loop-detection and prevention techniques, EVPN multihoming-enabled networks support a secure and scalable Layer 2 network over traditional STP based networks.
IPv4 ARP and IPv6 proxy
Cisco Catalyst 9000 series switches support IPv4 ARP and IPv6 Neighbor Discovery (ND) and Duplicate Address Detection (DAD) proxy functions on a per VLAN or subnet basis.
The intended, stretched IP subnet interface is configured with local proxy functions on anycast gateway switches. The incoming IPv4 ARP request and IPv6 ND/DAD messages are intercepted, processed, and responded to by the anycast gateway switch with the local anycast MAC address (00:00:5e:00:01:01). As a result, the IP subnet with IPv4 or IPv6 endpoints can be selectively stretched between EVPN multihoming network devices without extending the Layer 2 flood boundary that can impact scale, performance, and security in large scale environments.
Structured IP subnet with proxy and gateway redundancy
The DAG routed overlay network enables stretching an IP subnet between targeted EVPN multihoming network devices supporting scalable and secure overlay network. The selective group of Cisco Catalyst 9000 series switches in EVPN multihoming mode shares common IPv4/IPv6 subnet with IP proxy function enable to support intra-subnet host communication based on fabric host-routing table while providing load-sharing and gateway redundancy with anycast gateway as routed overlay.
Spine route policy
The IPv4 or IPv6 subnet stretch across multiple IP gateway systems demand a non-condensed host-level prefix announcement in fabric core to support end-to-end seamless data communication. Cisco Catalyst 9000 series switches that stretch the IPv4 or IPv6 subnets require the advertisement of the host-route to the fabric.
The iBGP or eBGP prefix advertisement to spine switches in fabric core limits advertising the IPv4 or IPv6 RT-2-MAC-IP host prefixes along with RT-5 network prefixes. The Cisco Catalyst 9000 series switches in EVPN multihoming mode retain unfiltered routing with iBGP peering session with the remote ES switch for non-blocking the Layer 2 multipath EtherChannel.
EVPN multihoming-enabled networks support additional overlay network types to stretch IP subnets or Layer 2 flood-domain beyond a single distribution block using Distributed Anycast Gateway (DAG) bridged technology. For better scale, performance, and resiliency, we recommend the routed overlay network.