Multi-Region Fabric Formerly known as Hierarchical SD-WAN

Currently with SD-WAN deployments, it will be delivered in a ‘flat’ layer network where all Edge routers connects to each other regardless of where location and country.

An example with diagram below is that you could have multiple sites across Europe as well as sites in Asia. Both regions will be connected to wherever the Controller and Manager is.

Multi-Region Fabric

Introducing MRF, in how this works. The first iteration of MRF is introduced in v20.7.x.

With MRF, we have introduced new terminlogies and roles. To begin, we have:

  • Border Routers – This is the edge of each region where it connects to the backbone of the network/middle mile. It is responsible for the routes within the region itself.
  • Core Region – This is the middle mile where you are expected to have high speed back bone network whether you are traversing the Cloud or just huge network pipes.
  • Edge Routers – Sites with vEdge or cEdge devices.
  • Intra-region – Sites that connect and send traffic within the same region.
  • Inter-region – Sites from different regions and sends traffic to the Border router which in turn sends across to the backbone and to another region.


Another example/simplified diagram of MRF below. MRF also introduces region numbers. The Core region will always be 0. Other regions will need to connect to the Core region with Border Routers. You can compare this with OSPF Areas.

Another new addition is introducing Cisco Controllers (vSmarts) to each region, traditionally you would utilise either 1 or a cluster of vSmarts to serve the whole SD-WAN network. WIth MRF, each region will have its own Controller(s) and will serve only for the region it belongs to.

Benefits of MRF

  • Current SD-WAN acts as a flat overlay model, essentially site to site tunnels are connected to each other.
  • Most use case is sufficient for flat overlay model, however with larger Enpterprise Busineses that operate globally, this will introduce some limitations such as:
  • OMP Limitations
  • Config Complexity
  • Control Policy Complexity
  • FLat overlay does not scale after a certain number of tunnels

Secondary Regions

This feature was released in v20.8.1 and 17.8.1a for IOS-XE.

With MRF we have introduced to basic multi-regions, now with Secondary region you have the ability to connect two Edge or more sites in different regions to one Secondary region.

Example above shows that three edge devices can connect directly or form a single secondary region, with OMP it will always choose the direct path first, therefore it may not allow the route to be installed on the forwarding table via the Border router path. You can disable the comparison of number of hops so it will become ECMP.

Secondary Region allows:

  • Load balancing using Primary and Secondary region paths.
  • Directing specific Applications to use the Secondary Path which could have a faster perfomance underlay like a Lease line at 1Gbps.

Caveats of Secondary Region

  • Only to Edge routers not Border routers
  • A router can only belong to one Seconday region only.
  • Controller cannot be part of any primary or access regions , recommended to utilise a separate Controller for a Secondary Region.

Transport Gateway

This feature was released in v20.8.1 and 17.8.1a for IOS-XE.

Transport Gateway is used if within a region and Edge routers do not have a direct connection to each other. Transport Gateway can help to facilitate this by essentially bridging the two networks together.

Transport Gateway only works for IOS-XE.

Router Affinity

This feature was released in v20.8.1 and 17.8.1a for IOS-XE.

If you have multiple exit paths, you can advertise to the Border Routers to prefer one path over another.

For example with the above, DC is advertising the two subnets. With the two BR’s you could set BR1 to prefer ER1 and should ER1 fail then failover to ER2. For BR2 this is vice versa where it will prefer ER2 then ER1.

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/hierarchical-sdwan/hierarchical-sdwan-guide/router-affinity.html

Configure Cisco SD-WAN Controller Affinity

Remember to configure the correct templates such as:

  • VPN 0 and 512 for simplicity maybe a default route straight to vManage 0.0.0.0 0.0.0.0
  • VPN Interface 0 and 512

In this example I will configure the 2 Controllers with Affinity Groups.

Controller 1 will have Affinity Group 4

Controller 2 will have Affinity Group 5

The overall goal is the two DC edge routers have two transports which is MPLS and Biz-Internet. DC Edge1 will only connect to Controller 1 (Group Affinity 4) via Biz-Internet only and connect to Controller 2 via Biz-Internet (Group Affinity 5)

DC Edge2 will only connect to Controller 1 (Group Affinity 4) via Biz-Internet only and connect to Controller 2 via Biz-Internet (Group Affinity 5)

Leave a Reply

Your email address will not be published. Required fields are marked *