Cisco SD-Access - L3 Handoff eBGP to Cisco SDWAN router
As part of the Cisco SD-Access solution, Cisco DNA Center is responsible for managing and configuring devices. Cisco DNA Center usually is configured and manages all SD-Access fabric components. However, the Fusion device is out of the fabric and has to be configured manually.
In Cisco DNA Center, Border Automation is a feature that automates configuration for handoff of VRFs to Fusion devices within the Border. The handoff between the Border and Fusion device may also need to be configured manually on occasion, for reasons usually related to compatibility with existing configurations.
 |
| Fig 1.1- L3 Handoff to SDWAN router |
Fusion device as SDWAN router or Cisco Router outside Fabric
Cisco SDWAN router act as fusion router allows Virtual Routing and Forwarding (VRF) to leak across SD-Access Fabric domains, and allows hosts to access shared services, such as DHCP, DNS, NTP, ISE, Cisco DNA Center, Wireless LAN Controllers (WLC), and similar services.
There should be eBGP used between the Border nodes in the fabric and the Cisco SDWAN router to exchange the routes.
Configure the Hand-off link from DNAC
While adding devices to the Fabric ( Switch), You will see to define the role to the device and when we define the Border node it will ask for the L3 hand-off link where you define the parameters like " Local AS number" , L3 Handoff Pool and the Transit.
 |
| Fig 1.2- L3 Handoff to SDWAN router |
Define these items and with the interface used ( when you select interface you will see to add the VNs you defined earlier in your network). They will added and get IP addresses /30 to have eBGP peering with the Cisco SDWAN router.
Check below under the interface showing above, we need to define these items which includes Remote AS number ( AS number on the Cisco SDWAN side); All the virtual networks you defined on your network, so that they can be learned to Cisco SDWAN router over the eBGP protocol.
 |
| Fig 1.3- L3 Handoff to SDWAN router with VNs |
Step 1: You need to configure Local AS Number for BGP. This Autonomous System (AS) number is used to configure the BGP process on the Border Routers.
Step 2: Now you need to add interface under Transit. This interface is the direct connection between Border and Fusion Router. We used Te 1/0/48 on Border router which is connected externally to Cisco SDWAN router.
Step 3: Configure Remote AS Number. This AS number is used on Border Routers for neighbor statements towards Fusion Router to configure External BGP (eBGP) peering.
Step 4: Select all the Virtual Networks (VRFs) for which VRF leaking is required on Fusion Router.
Step 5: Deploy configuration from DNAC to Devices.
Now check the BGP on the SDWAN side. You need to create the sub interfaces on the Cisco SDWAN router as the link connected to Border node is a trunk port.
Check eBGP status using the following command for Global routing Table
C9300-NDNA-Toronto1# show ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.1.15 4 64512 276749 303619 149 0 0 27w2d 1
For checking all the BGP neighbors, please run below command
C9300-NDNA-Toronto1#sh ip bgp vpnv4 all summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.10.2.15 4 64499 276308 303584 221036 0 0 27w2d 1
10.10.3.15 4 64499 276379 303544 221036 0 0 27w2d 1
10.10.4.15 4 64499 276744 303571 221036 0 0 27w2d 1
10.10.5.15 4 64499 276322 303614 221036 0 0 27w2d 1
Hope it clarifies to define the L3 Handoff from Cisco SD-Access Border node towards your SDWAN router. If you have two SDWAN router, make sure you need to define two external interfaces in Fig 1.2 and do the same as we did that in Fig 1.3 to add all the VNs.
