Every Overlay Network solution requires IP
reachability between edge devices via Underlay Network. This section explains
the basic routing solution in Underlay Network from Campus Fabric, SD-WAN, and
Datacenter Fabric perspectives. Figure 7-1 illustrates the IP reachability
requirements for Campus Fabric, SD-WAN, and Datacenter Fabric.
Figure 7-1: IP Reachability Requirements.
This chapter introduces Data-Plane operation and explains
how the data packets from EP3 (IP 172.16.30.3) in Datacenter Fabric are
forwarded via SD-WAN to EP1 (IP 172.16.100.10) in Campus Fabric. (1) EndPoint3
sends the ICMP Request packet to its gateway switch Leaf-11. Leaf-11 makes routing
decisions based on the VRF NWKT routing table. Before forwarding the packet, Leaf-11
adds a VXLAN header where it uses L3VNI 10077. It also sets the outer IP header
where it uses the Border-Leaf-13 tunnel interface’s IP address 192.168.50.13 as
a destination. Spine-1 routes the packet to Border-Leaf-13 based on the outer
IP address. Border-Leaf-13 notices that the destination IP address of the received
IP packet belongs to its’s NVE1 tunnel interface. It removes the outer IP
header and based UDP destination port it notices that this is VXLAN
encapsulated packet. It knows that L3VNI 10077 belongs to VRF NWKT. It strips
off the VXLAN header and routes the packet to vEdge-2. The ingress interface
towards DC in vEdge-2 belongs to VPN 10. vEdge-2 consults its routing table.
Based on it, vEdge-2 constructs tunnel headers and sends ICMP Request to
vEdge-1 via Public-Internet using MPLS Label 1003 as a VPN identifier. Routers
in Internet routes packet based on the outer destination IP address. When
vEdge-1 receives the packet, it notices that the destination IP address is its’
Public IP address. It first removes the outer IP header. Then it checks the
tunnel header. Based on the Label value 1003, it knows that packet belongs to
VPN 10. It consults the VPN 10 RIB and routes the packet to Border-PxTR-13. The
ingress interface on Border-PxTR-13 belongs to VRF 100_NWKT that belongs to
LISP Instance 100. It checks the Instance 100 specific LISP mapping in order to
know how it should route the packet. The LISP mapping Database does not contain
the information because this is the first packet to destination 172.16.100.10.
Border-PxTR-13 sends a LISP Map-Request message to MapSrv-22, which replies
with a LISP Map-Reply message, where it describes the RLOC of Edge-xTR-11 that
has registered the IP address 172.16.100.10. I have excluded the
Map-Request/Reply processes from figure 6-1 to keep the figure simple.
Border-Leaf-13 encapsulates the ICMP Request packet with a tunnel header. It
sets the Instance-Id 100 on the VXLAN header and adds the outer IP header where
it uses the Edge-xTR-11’s IP address 192.168.0.13 as a destination address.
Core-1 routes the packet to Edge-xTR-11 based on the outer IP header
destination address. Edge-xTR-11 processes the ingress IP packet because the
destination IP address belongs to it. Based on the destination UDP port 4789,
it knows that the following header is a VXLAN header. Edge-xTR-11 knows that
the LISP Instance-Id 100 is bind to BD 100. Because Edge-xTR-11 has an L3
interface in BD 100, it resolves the MAC address for the IP address
172.16.100.10 from the ARP table and the egress interface for the MAC from the
MAC address table. EP1 processes the ICMP Request packet and sends the ICMP
Reply to EP3.
Figure
6-1:
End-to-End Data-Plane Operation.
This chapter introduces how Border-PxTR-13 registers
the external IP prefix 172.16.30.0/24 received as a BGP update from vEdge-1 to
MapSrv-22 using LISP Map-register messages. Chapter 2 explains the LISP
RLOC-to-EID mapping process in detail so this chapter just briefly recaps the
operation. Figure 5-1 illustrates the overall process. vEdge-1 sends a BGP
Update message where it describes the NLRI for prefix 172.16.30.0/24.
Border-PxTR-13 first imports the information into the LISP processes. Next, it
sends a LISP Map-Register message to MapSrv-22. In addition to IP prefix
information, the Map-Register message carries Locator Record information that
describes the destination IP address used in the outer IP header (tunnel
header) when devices route IP packets towards the advertised subnet.
Figure 5-1: Overall Control-Plane Operation: OMP to LISP
We have seen in previous chapters how the IP address
172.16.100.10 assigned to EP1 is advertised within the LISP domain and advertised
as an aggregate route all the way down to Leaf-11 in the BGP EVPN domain. This
chapter first explains how the EP3 ‘s IP address 172.16.30.3 is first
advertised by Leaf-11 as BGP EVPN MAC Advertisement Route (Route-Type 2) via
Spine-1 to Border-Leaf-13. Next, you will learn how Border-Leaf-13 advertises
the aggregate route 172.16.30.0/24 to SD-WAN edge device vEdge-2. The last
section briefly shows how the routing information is propagated over the SD-WAN.
The BGP EVPN NLRI MAC Advertisement Route carries to MPLS Labels which identifies L2VN (10000) and L3VN (10077). In our example, VLAN 10 is part of the VRF NWKT
and it is attached to L2VN 10000. L3VNI for VRF NWKT is 10077.
Figure 4-1: Overall Control-Plane Operation: BGP EVPN to OMP to LISP.
