The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based networking with uniform enterprise-wide policy and mobility. It moves the enterprise network from current VLAN-centric architecture to a user group-based enterprise architecture, with flexible Layer 2 extensions within and across sites.

Enterprise fabric is a network topology where traffic is passed through inter-connected switches, while providing the abstraction of a single Layer 2 or Layer 3 device. This provides seamless connectivity, with policy application and enforcement at the edge of the fabric. Fabric uses IP overlay, which makes the network appear as a single virtual entity without using clustering technologies.

The following definitions are used for fabric nodes:

• Enterprise Fabric: A network topology where traffic is passed through inter-connected switches, while providing the abstraction of a single Layer 2 or Layer 3 device.

• Fabric Domain: An independent operation part of the network. It is administered independent of other fabric domains.

• End Points: Hosts or devices that connect to the fabric edge node are known as end points (EPs). They directly connect to the fabric edge node or through a Layer 2 network.

The following figure shows the components of a typical SD-Access Wireless. It consists of Fabric Border Nodes (BN), Fabric Edge Nodes (EN), Wireless Controller, Cisco Catalyst Center, and Host Tracking Database (HDB).

The figure covers the following deployment topologies:

• All-in-one Fabric—When we have all Fabric Edge, Fabric Border, Control-Plane and controller functionality enabled on a Cat 9K switch.

  This topology is depicted in the mid part of the figure.

• Split topology—When we have Fabric Border, or Control Plane, or controller on a Cat 9K switch with separate Fabric Edge. This topology is depicted in the left-most part of the figure.

• Co-located Fabric Edge and Controller—When we have Fabric Edge and controller on a Cat 9K switch. This topology is depicted in the right-most part of the figure.

Cisco Catalyst Center: Is an open, software-driven architecture built on a set of design principles with the objective of configuring and managing Cisco Catalyst 9800 Series Wireless Controllers.

Control Plane: This database allows the network to determine the location of a device or user. When the EP ID of a host is learnt, other end points can query the database about the location of the host. The flexibility of tracking subnets helps in summarization across domains and improves the scalability of the database.

Fabric Border Node (Proxy Egress Tunnel Router [PxTR or PITR/PETR] in LISP): These nodes connect traditional Layer 3 networks or different fabric domains to the enterprise fabric domain. If there are multiple fabric domains, these nodes connect a fabric domain to one or more fabric domains, which could be of the same or different type. These nodes are responsible for translation of context from one fabric domain to another. When the encapsulation is the same across different fabric domains, the translation of fabric context is generally 1:1. The fabric control planes of two domains exchange reachability and policy information through this device.

Fabric Edge Nodes (Egress Tunnel Router [ETR] or Ingress Tunnel Router [ITR] in LISP): These nodes are responsible for admitting, encapsulating or decapsulating, and forwarding of traffic from the EPs. They lie at the perimeter of the fabric and are the first points of attachment of the policy. EPs could be directly or indirectly attached to a fabric edge node using an intermediate Layer 2 network that lies outside the fabric domain. Traditional Layer 2 networks, wireless access points, or end hosts are connected to fabric edge nodes.

Wireless Controller: The controller provides AP image and configuration management, client session management and mobility. Additionally, it registers the mac address of wireless clients in the host tracking database at the time of client join, as well as updates the location at the time of client roam.

Access Points: AP applies all the wireless media specific features. For example, radio and SSID policies, webauth punt, peer-to-peer blocking, and so on. It establishes CAPWAP control and data tunnel to controller. It converts 802.11 data traffic from wireless clients to 802.3 and sends it to the access switch with VXLAN encapsulation.

The SDA allows to simplify:

• Addressing in wireless networks

• Mobility in wireless networks

• Guest access and move towards multi-tenancy

• Leverage Sub-net extension (stretched subnet) in wireless network

• Provide consistent wireless policies

Note	Role co-location between wireless controller and fabric edge is supported.

When a Mesh AP (MAP) finds a Root AP (RAP) or other MAP with better adjacency, it roams to that RAP or MAP. However, a MAP cannot roam to another MAP or RAP connected to a different fabric edge switch due to wireless client connectivity loss. The reason being the VXLAN tunnels of the wireless client cannot be moved to another fabric edge switch.

However, if the current MAP link is much worse than the link to RAP or MAP connected to a different fabric edge switch, then the MAP roams and restart its CAPWAP tunnel.

Thus, all the MAPs connected to the MAP restarts the CAPWAP tunnels as well. This allows the wireless clients to connect again and creates wireless client VXLAN tunnels in the fabric edge.

Note

The criteria for a MAP roaming to a RAP or MAP connected to a different fabric edge switch are the same as the mesh preferred parent. They are: If the current link SNR is worse than 12 dB and there is another better link. (Or) If the current link SNR is worse than 20 dB and there is another link with 20% or better SNR. The mesh daisy chain roaming is not supported in RAP or MAP connected to different fabric edge switches.

SDA IPv6 Underlay Support

This feature provides a wireless SDA IPv6 underlay support to enable IPv6-based communications in a fabric site. IPv6 is used to establish LISP connections between the controller and map server as well as between the map server and Fabric Edge. IPv6 underlay is also used to construct a VXLAN tunnel between the Fabric Edge and the AP.

The feature implementation is as follows:

• Catalyst 9800 Controller:

  • The controller manages IPv6-based LISP sessions to the map server

  • Encodes, decodes, and processes LISP messages through IPv6 TCP/UDP sockets.)

  • Communicates RLOC IPv6 address to the AP for VXLAN creation and client tunnel mapping

• Fabric Edge:

  • Processes map notification from map server

  • Creates IPv6 VXLAN tunnel

  • Maps client to IPv6 VXLAN tunnel

  • Encapsulates and decapsulates client traffic into and out of VXLAN tunnel

• Access Points:

  • Processes fabric TLV from the controller

  • Creates IPv6 VXLAN tunnel

  • Encapsulates and decapsulates client traffic into and out of VXLAN tunnel

The following figure shows the feature architecture:

Note	For AP to join controller using IPv6 address, ensure that you configure the preferred mode in AP profile as IPv6.

• To enable SD-Access wireless globally, you need to run the wireless fabric configuration command.

• During SD-Access Wireless provisioning, ensure that L2-VNID value is unique.