The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco IOS XE Catalyst SD-WAN Release 17.15.1a and Cisco Catalyst SD-WAN Control Components Release 20.15.1 are the last releases to support these features:
Secondary regions
Subregions
Management regions
From Cisco IOS XE Catalyst SD-WAN Release 17.15.1a and Cisco Catalyst SD-WAN Control Components Release 20.15.1, configuration of secondary regions and subregions is possible only by API. Because later releases do not support these features,
we advise you to update your network design and configuration to use alternative solutions where possible.
Table 1. Feature History
Feature Name
Release Information
Description
Multi-Region Fabric Subregions
Cisco IOS XE Catalyst SD-WAN Release 17.10.1a
You can create subregions within an access region. Subregions enable you to separate edge routers into multiple distinct domains.
Within an access region, you can create up to 63 subregions, with ID numbers in the range 1 to 63. Creating subregions within
access regions enables you to separate edge routers into multiple distinct domains.
To define a subregion, configure a subregion for edge routers and for border routers. After you configure a subregion for
a device, the device advertises its subregion attribute to its overlay management protocol (OMP) peers. Within OMP, a subregion
is identified by the tuple of access region number and subregion ID, so you can reuse the same subregion numbers in different
access regions—for example, subregion 1 of region 1 is distinct from subregion 1 of region 2.
Terminology
Parent region: An access region is called the parent region of any subregions that you configure within it.
Shared: In a Multi-Region Fabric topology that includes subregions, a border or edge router without a subregion assignment
is called shared.
Dedicated: In a Multi-Region Fabric topology that includes subregions, a border or edge router with a subregion assignment
is called dedicated.
Connectivity
Default connectivity is as follows:
Edge routers assigned to an access region, and not assigned to a subregion, form bidirectional forwarding detection (BFD)
connectivity to all devices in the region, and to the border routers serving the access region.
Edge routers assigned to a subregion form BFD connectivity to all other devices in the subregion, and to the border routers
serving the subregion and parent region. By default, they do not form BFD connectivity to edge routers outside of the subregion.
Border routers assigned to a region form BFD connectivity to all edge devices in the region. This is true even if a border
router is also assigned to a subregion. Assigning a border router to a subregion causes it to preferentially operate as the
border router for devices in the subregion, but it can also serve all devices in the parent region. This means that any border
router serving a region can provide failover backup for other border routers serving the region, regardless of whether the
border routers have been assigned to subregions.
Configure a Subregion
To configure a subregion, it is sufficient to assign one or more edge routers to a subregion. You do not need to assign a
border router to the subregion. The border routers assigned to the parent region are shared by all the edges in that region.
Assigning an edge router to a subregion has the following effects:
The edge router advertises its subregion to the Cisco SD-WAN Controllers managing its region. This indicates its subregion to all of its OMP peers.
The edge router can have full-mesh connectivity only with (a) devices in its subregion, and (b) edge routers that are part
of the same parent region but not in any subregion.
Assigning a border router to a subregion has the following effects:
The border router primarily serves the edge routers in the subregion.
The border router can also act as a backup border router for edge routers in other subregions within the same parent region.
If you assign a device serving as a transport gateway (such as a border router) to a subregion, the transport gateway can
serve only devices in that subregion.
Configure Policy
For information about configuring a policy to use subregions, see the following:
For information about how subregions affect the prioritization of policies, see Prioritization of Policy.
Border Router Preference
With the introduction of subregions, border routers add a new attribute, called br-preference, to routes that they re-originate
to the core region. The br-preference attribute ensures that border routers in the core region choose the optimal path to
devices in subregions when more than one path is available.
For example, in the following illustration, if BR4 is choosing a path to ER1, which is in subregion 1, the optimal path uses
BR1, which serves that subregion. This is true even though BR2 and BR3 can also provide connectivity to ER1. In this example,
routes for subregion 1 that BR1 re-originates have the highest br-preference value, so to reach subregion 1, BR4 chooses a
path using BR1.
If BR1 becomes unavailable, then BR4 can reach subregion 1 through BR2 or BR3. BR2 and BR3 provide lower br-preference values
for routes to subregion 1, but they can serve as failover border routers for subregion 1.
Figure 1. Subregion Scenario
To explain in more detail, when a border router receives a route from an edge router in its access region (across all subregions),
it does the following:
Determines a br-preference value for the route, as described in the table that follows.
Attaches the value to the route, as the br-preference attribute, when re-originating the route to the core region.
Border routers of other regions use this attribute to determine which routes to prefer for a particular destination.
The following table describes how a border router determines the br-preference value when re-originating a route.
Table 2. br-preference
Conditions
br-preference Value for a Route
The route has a subregion ID, and the border router has the same subregion ID.
Note
In the preceding illustration, this would apply to a route from ER1, re-advertised to the core region by BR1.
100
The border router has no subregion ID.
75
The route has a subregion ID, and the border router has a different subregion ID.
or
The route does not have a subregion ID, and the border router does have a subregion ID.
Note
In the preceding illustration, this would apply to a route from ER1, re-advertised to the core region by BR2.
50
When choosing a route to a destination, border routers prioritize routes with a higher br-preference value.
Secondary Regions
Assigning devices to subregions does not interfere with configuring secondary regions. A device can have a subregion assignment
and be part of a secondary region.
Benefits of Subregions
Creating subregions has the following benefits:
In network topologies that have access regions with a small number of edge routers, it may not be cost-effective to dedicate
border routers to each access region. Sharing a set of border routers among multiple access regions addresses this.
You can enable the border router of one subregion to serve as a failover border router for a different subregion within the
same parent region.
You must use a CLI template or add-on CLI template to configure a subregion for a device. Furthermore, if you are configuring
a subregion for a device, you must also use a CLI template to configure the region. This is because a subregion is configured
together with a region, in the following format:
systemregionregion-idsubregionsubregion-id
Using a CLI template to configure the region and subregion for Multi-Region Fabric does not prevent you from using a system
template to configure other features for a device. You can use a system template to configure features unrelated to Multi-Region
Fabric, and simultaneously use a CLI add-on template to configure the region and subregion.
Upgrading routers to Cisco IOS XE Release 17.12.1 or later
When using subregions, if you plan to upgrade routers in the Cisco Catalyst SD-WAN overlay network to Cisco IOS XE Release 17.12.1 or later, first ensure that any routers in the network that are operating
as transport gateways are using Cisco IOS XE Release 17.12.1 or later.
The following use cases describe some of the benefits of subregions.
Use Case: Sharing Border Routers
Figure 2. Sharing Border Routers
In this use case, an organization needs to have the six edge routers on the West Coast operate in three distinct domains.
In addition, the organization needs at least two border routers for each access region, to provide a failover option if one
border router becomes inoperative.
One option would be to create three regions for the West Coast and place the edge routers in those distinct regions. But each
access region would need two or more border routers, and it may not be cost-effective to dedicate border routers for each
of the three separate access regions.
An effective strategy is to create a single access region (region 1) for the West Coast, and to divide region 1 into subregions.
This provides three domains for the routers on the West Coast. The entire region can use two shared border routers. The border
routers are assigned to region 1, but are not assigned to any subregion. They can service edge routers in any subregion of
region 1, without preference.
Use Case: Border Router Failover
Figure 3. Border Router Failover
In this use case, access region 1 serves the West Coast. Within region 1, there are three separate subregions serving different
cities on the West Coast. There is a separate dedicated border router for each of the three subregions. For each subregion,
the border router is located in the city whose subregion it serves, to optimize performance.
Although each border router is dedicated to a specific subregion (by being assigned to that subregion), it has BFD connectivity
with the edge routers throughout the entire parent region, meaning throughout the West Coast. This enables any of the border
routers serving region 1 to provide failover backup for all of the border routers in the entire parent region. It is advantageous
to fail over to border routers that are geographically adjacent, such as in another city on the West Coast, rather than failing
over to a border router in a distant geographical region.
Use Case: Sharing Transport Gateways Across Subregions
Figure 4. Sharing a Transport Gateway
In this use case, an organization has divided access region 1 into three subregions. The organization has configured a single
transport gateway to handle a specific class of traffic for the access region. Specifically, the transport gateway handles
all traffic between region 1 and a virtual network hosted by a public cloud service, such as Azure.
The scale of the region 1 does not require more than one transport gateway, even though there are three separate subregions.
Because the transport gateway has connectivity to all routers in the access region, regardless of the subregion, traffic between
subregions flows through the transport gateway. This is similar to a scenario described previously, in which border routers
provide connectivity to routers in different subregions, for traffic between subregions within the same parent access region.
Use Case: Dedicated Transport Gateways
Figure 5. Dedicated Transport Gateways
In this use case, an organization has divided access region 1 into two subregions. Each subregion has a dedicated transport
gateway to handle a specific class of traffic. Although the illustration shows only a single edge router in each subregion,
this use case applies to scenarios in which a large number of routers in each subregion justify a dedicated transport gateway
for each subregion, for load balancing among numerous transport gateways.
The transport gateways are connected to each other. A router in one subregion can connect to a router in a different subregion
using a three-hop path through their respective transport gateways.
Feedback