Skip to content

Support multi-regional deployment without LAN summaries#33

Merged
dmitryperets merged 3 commits intorelease/7.4from
feature/multireg-nosummary
Nov 28, 2024
Merged

Support multi-regional deployment without LAN summaries#33
dmitryperets merged 3 commits intorelease/7.4from
feature/multireg-nosummary

Conversation

@dmitryperets
Copy link
Member

@dmitryperets dmitryperets commented Nov 26, 2024

Normally we expect the LAN prefixes to be summaried on the regional boundaries (that is, on the Hub-to-Hub EBGP peering). However, this is not always possible: network addressing is not always under customer's tight control.

This enhancement makes the LAN summarization optional.

In fact, it was already optional within the region. Now it becomes optional also for a multi-regional deployment.
Below we summarize the routing behavior.

  • Within a region:

    • If the LAN summary is configured:

      • It is automatically advertised to all the Spokes.
      • In a multi-VRF deployment, this advertisement is done for each CE VRF.

    • If the LAN summary is not configured:

      • The user must make sure that the Spokes have a valid route to all the LAN destinations via the overlay tunnels.
      • In a single-VRF deployment, this can be achieved simply by adding a static default route via the entire SD-WAN zone.
        In the offline mode, this is automatically done by the Jinja Orchestrator.
        In FortiManager-based deployment, this must be done externally.
      • In a multi-VRF deployment, such a default route must be added to each CE VRF, which becomes a burden.
        The Jinja Orchestrator does not handle this.

  • Between regions:

    • If the LAN summary is configured:

      • It is automatically advertised over the Hub-to-Hub tunnels, aggregating the individual Spoke prefixes.
      • In a multi-VRF deployment, this advertisement is done for each CE VRF.

    • If the LAN summary is not configured:

      • All individual Spoke prefixes are advertised over the Hub-to-Hub tunnels, to guarantee inter-regional reachability.
      • These advertisements are not sent down to the Spokes of the remote region.
        The expectation is, again, that Spokes have a valid route (e.g. default route) to all the LAN destinations via the overlay tunnels.

The bottom line is: we recommend configuring LAN summaries whenever the network addressing permits that, to guarantee the most scalable routing design. At the same time, we support network environments where this summarization is not possible.

@dmitryperets dmitryperets self-assigned this Nov 26, 2024
@dmitryperets dmitryperets added the enhancement New feature or request label Nov 26, 2024
@dmitryperets dmitryperets linked an issue Nov 26, 2024 that may be closed by this pull request
7.2 Multi Region Deployment - LAN and Loopback Summaries - Reasoning for LAN summaries #28
Closed
@dmitryperets dmitryperets merged commit 52936a0 into release/7.4 Nov 28, 2024
@dmitryperets dmitryperets deleted the feature/multireg-nosummary branch November 28, 2024 10:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dmitryperets dmitryperets

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7.2 Multi Region Deployment - LAN and Loopback Summaries - Reasoning for LAN summaries

1 participant

@dmitryperets