eNTek Knowledge Bite: LISP PubSub

At eNTek IT Solutions we work daily with the newest Cisco networking technologies. In our blog’s you read about new features and innovations. In this blog we discuss a new enhancement within the Cisco SD-Access technology that seriously benefits fabric stability and routing convergence: LISP PubSub.

The problem statement

Cisco’s SD-Access solution requires manual routing configuration between border nodes to provide routing redundancy for the overlay networks. This is applicable when using multiple border nodes within a fabric site. This add a lot of extra complexity and reduces the level of automation. Cisco now overcomes these manual configurations by utilizing the PubSub functionality in LISP.

The challenge

When configuring two border nodes as external in Cisco DNA Center, the edge nodes in a SD-Access fabric are configured to use these border nodes as Proxy Egress Tunnel Router (PETR). All traffic that is not located within the fabric is by default forwarded in VXLAN to these routers. In theory this is a workable design, but in a production environment this can create a scenario where upstream traffic is black holed when a border node loses its upstream connection. Previously, this can be overcome by creating a routed connection between the border node for every Virtual Network (VN). This is the additional complexity and manual configuration that is required when using BGP instead of LISP PubSub.

The Solution

LISP PubSub is based on publication and subscribing to routing information. The edge nodes would subscribe to the default route, which has the next-hop IP’s of both border nodes. When a border node would lose the upstream connection (and BGP peering) the default route is also removed from the routing table for the affected VN’s. Next, the border node updates the control plane that it cannot be used for the default route anymore. The control plane updates all the edge nodes that have subscribed to the default route that the failed route to a border node cannot be used anymore which leaves the edge with the default route towards the border that is still reachable. This routing mechanism overcomes the need to have a BGP peering per VRF/VN between the border nodes to provide routing redundancy (remember, this is manual configuration). Since the LISP PubSub feature Since is fully automated through Cisco DNA Center, this means that deploying a SD-Access fabric is a little more automated and it removes the need for manual routing configuration. The enhancement is available from Cisco DNA Center version 2.2.3.x and IOS-XE version 17.6 and higher.

Using LISP PubSub in your SD-Access network benefits routing convergence and fabric stability.

Left; SD-Access with LISP/BGP. Right; SD-Access with LISP PubSub

Our Experience

When we got our hands on the newest DNA Center software and technical documentation which included the LISP PubSub enhancement, we went straight into the lab. Together with Cisco we have tested this enhancement and simulated this on a production lab environment. Since we found that the LISP PubSub feature behaves as we expected after extensive testing, we were confident to include this feature in our SD-Access and routing designs. More specifically, we have already implemented this feature in a SD-Access multi-site production deployment at one of our customers.

The picture above shows an infrastructure which has LISP PubSub configured. It shows a failover scenario of the upstream link on border 2. First, the network is fully routed and working as it should. Verification of the LISP EID for VRF D on edge node 1 shows that the default route is learned from two PETR’s (border 1 and border 2) with equal priority and weight. After we manually shut down the link on border 2 to the upstream network, we instantly see a change in priority and weight of the default routes available on node 1. Also note the admin-down state. This failover happened almost instantaneously without any manual configurations or route tweaking. Behold the benefit of LISP PubSub!

We highly advise to use the LISP PubSub feature in (new) SD-Access fabric deployments. It is possible to migrate from LISP/BGP to LISP PubSub. Want to know more? Reach out!