Role of Fabric Border Node & IS-IS protocol in Cisco SD-Access

Role of Fabric Border Node in Cisco SD-Access

The fabric border nodes serve as the gateway between the fabric domain and the network outside of the fabric. The fabric border node is responsible for network virtualization inter-working and SGT propagation from the branch fabric to the rest of the network. 

Fig 1.1- Fabric Border Nodes in SDA environment

The fabric border nodes implement the following functions: 

Advertisement of EID subnets:
The fabric border runs either an interior gateway protocol (IGP) or border gateway protocol (BGP) as a routing protocol in order to advertise the EID prefixes outside of the fabric and traffic destined to EID subnets from outside the branch fabric goes through the border nodes. 

These EID prefixes appear only on the routing tables at the border throughout the rest of the fabric, the EID information is accessed using the fabric control plane node.

Fabric domain exit point:
The fabric border is the gateway of last resort for the fabric edge nodes. This is implemented using LISP Proxy Tunnel Router functionality

Mapping of LISP instance to VRF
The fabric border can extend network virtualization from inside the branch fabric to outside the branch fabric by using external VRF instances in order to preserve the virtualization. 

Policy mapping
The fabric border node also maps SGT information from within the fabric to be appropriately maintained when exiting that fabric. Tags from the VXLAN header are mapped to Cisco Meta Data (CMD) when inline tagging capabilities are used, or alternatively the tags are transported by SGT exchange protocol (SXP), allowing for seamless integration with the Cisco TrustSec solution.

Intermediate System-to-Intermediate System (IS-IS)
Intermediate System-to-Intermediate System (IS-IS) is the routing protocol that will be used within the branch fabric network. For fast link failure detection and IS-IS convergence between SD-Access fabric switches, Bi-directional Forwarding Detection (BFD) protocol will be used. 

BFD is a detection protocol that is enabled at the interface and routing protocol levels. BFD provides a low-overhead, short-duration method of detecting failures in the forwarding path between two adjacent routers, including the interfaces, data links, and forwarding planes.