Thursday, April 8, 2021

Cisco SDWAN IRB/Bridge features

So these features exist, but I've never had cause to use them.

Context on the actual feature: You can create "bridges" on the vEdge to connect two interfaces at L2 and use "Integarated Routing / Bridging" interfaces (effectively just SVIs) to route traffic to/from them. Use case for us is to talk to an HA pair of firewalls without putting any dedicated switch(s) in between.

This all works "fine" so far but I've learned to be extremely cautious around features in these products that might be considered "niche" or seldom used. Several times I've been burned by taking the documentation in good faith only to find out later from TAC "ooooh, yeah no one really uses that feature... it's probably buggy and you should avoid it" or "oooh, but if you interpret this single sentence buried in a paragraph 40% down this single article that's the 8th search result on google and even the Sr guys at Cisco took a week and 2 conference calls to find, you can see we don't actually support this".

I've asked Cisco but of course all I get from them is "looks good in the release notes hyuck hyuck".

So does anyone have any experience with this stuff? On the scale from "idk, it just works and I never need to think about it" to "we had to disable this feature to stop it from randomly blackholing traffic" where does it sit? Like I said, as far as I can tell it's working fine, just looking for any contrary experience you folks have had.



No comments:

Post a Comment