Simplifying Network Management and Troubleshooting
Presented by: Ahmed ElMorsy Mohamed
Email: ahmed_elmorsy@seegypt.com
Phone: 01007880733
__________________________________________________________________
Cisco DNA Network with LISP, VXLAN, VRF, BGP, IS-IS, and Route
Leakage - Scenario Explanation for Presentation
Network setup involves Cisco DNA with multiple advanced technologies like
LISP, VXLAN, VRFs, BGP, IS-IS, and Route leakage. Here’s a structured
breakdown to help you explain the scenario clearly in your presentation.
1. Network Overview
Network consists of two main components:


Border Node: Handles external communication (Internet, Data Center,
WAN).
Fusion Node: Connects different VRFs, performs inter-VRF routing (route
leakage), and acts as the centralized route distribution point.
The network is built on Cisco SD-Access with DNA Center, using LISP,
VXLAN, VRF, BGP, IS-IS for scalability, segmentation, and automation.
2. Technologies Used and Their Roles
Technology
Role in Your Network
Used as the underlay routing protocol for
IS-IS (Intermediate System internal fabric communication. Ensures all fabric
devices (Fusion, Border, Edge nodes) can reach
to Intermediate System)
each other.
Creates a layer-2 overlay over a Layer-3
VXLAN (Virtual Extensible
network, enabling segmentation and mobility
LAN)
across different sites.
Used for host tracking and mobility within SDLISP (Locator/ID
Access. It dynamically maps users/devices (EIDs)
Separation Protocol)
to network locations (RLOCs).
Creates isolated routing instances for different
VRF (Virtual Routing &
services or tenants, ensuring security and
Forwarding)
segmentation.
Used for external routing (WAN, Data Center,
BGP (Border Gateway
Internet) and route leaking between VRFs on the
Protocol)
Fusion node.
Configured on Fusion to allow controlled
Route Leakage (Inter-VRF
communication between different VRFs (e.g.,
Routing)
Users ↔ Servers).
3. Network Architecture
Network consists of multiple layers:
A. Underlay Network (Physical Infrastructure)


Uses IS-IS as the IGP to enable connectivity across network fabric devices.
Provides reachability for VXLAN transport tunnels.
B. Overlay Network (VXLAN + LISP)


VXLAN enables Layer-2 communication over Layer-3 infrastructure.
LISP dynamically maps users (EID) to locations (RLOC) for optimized
mobility.
C. Control and Management (DNA Center)


Cisco DNA Center automates and manages the entire fabric.
It configures LISP, VXLAN, BGP, VRFs, and security policies centrally.
4. Role of Border and Fusion Nodes
Node Type
Border Node
Fusion Node
Function
- Connects the SD-Access fabric to external networks (WAN,
Data Center, Internet).
- Advertises internal routes via BGP to upstream routers.
- Acts as the LISP Egress Tunnel Router (ETR).
- Performs route leakage between VRFs (e.g., Corporate VRF
↔ Data Center VRF).
- Runs BGP for inter-VRF communication.
- Acts as the central interconnect for different segments.
5. Route Leakage (Inter-VRF Communication)
Since I have VRFs (e.g., User VRF, Server VRF, IoT VRF), I need to route
leakage to allow selected communication.
Example: Allowing Users to Reach Servers



Users are in VRF-USER.
Servers are in VRF-SERVER.
The Fusion Node runs BGP and redistributes routes to allow controlled
communication.
Configuration for Route Leakage on Fusion
cisco
CopyEdit
router bgp 65001
address-family ipv4 vrf USER-VRF
redistribute connected
redistribute static
exit-address-family
address-family ipv4 vrf SERVER-VRF
redistribute connected
redistribute static
exit-address-family
! Create route target import/export between VRFs
vrf definition USER-VRF
rd 65001:10
route-target export 65001:100
route-target import 65001:200
vrf definition SERVER-VRF
rd 65001:20
route-target export 65001:200
route-target import 65001:100
This allows specific traffic between USER VRF ↔ SERVER VRF.
6. How LISP Handles Mobility
Since SD-Access uses LISP, it allows seamless host mobility. Here’s how:
1. A user (EID) connects to the network and gets an IP in VRF-USER.
2. The user's location is registered in the LISP mapping database.
3. If the user moves to another site, LISP updates the mapping
automatically, ensuring uninterrupted access.
LISP Verification Commands

Check LISP EID-to-RLOC mappings:
cisco
CopyEdit
show lisp eid-table

Verify LISP encapsulation:
cisco
CopyEdit
show lisp statistics
7. Key Benefits of This Design




Scalability: VXLAN allows unlimited segmentation over a Layer-3
network.
Mobility: LISP dynamically maps users and ensures seamless roaming.
Security: VRFs ensure tenant isolation, while Fusion controls inter-VRF
communication.
Optimized Routing: IS-IS is used for underlay, while BGP controls
external traffic.