EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

CATEGORY: Cisco DNA & DNA-C

Cisco DNA & DNA-C

Posted on Nov 16, 2019 (0)

SD-Access & DNA Center

Cisco SD-Access solution is implemented and orchestrated via Cisco DNA Center, which provides design, Policy definition, automated provisioning along with assurance analytics for wired & Wireless network.

As in enterprise Architecture the network is spanned across branches, campus, remote location etc, and each contains multiple device for wired and wired connectivity. Cisco SD-Access solution provides end-to-end network architecture and also make sure that there is always consistency in connectivity, segmentation, and policy across different sites.

To facilitate this, Cisco SD-Access solution is segmented in to two parts.

  • SD-Access Fabric
  • DNA Center 

Let’s discuss each layers in details and see what the key features each provides are.

SD-Access Fabric:

Each enterprise network is divided in two sub layers, first one is Underlay network dedicated to Physical devices and its protocol routing for connectivity. Whereas second layer is said to be Overlay which provides wired and Wireless user logical connectivity with all services, policies applied. This combination of Underlay network and Overlay Networks is collectively called as Network fabric.

SD-Access Network Underlay:

This Underlay consists of Routers, Switches, and WLC, along with all combination of traditional routing protocols required to provide IP connectivity between each other , which further eliminates the requirement of STP , VTP , HSRP, VRRP etc. And On the top of it running a logical fabric topology builds functionality like multi-pathing, Optimized Convergence, Simplifies deployment & Troubleshooting.

Cisco DNA Center Automates the LAN which automatically discover, Provision, and deploy network devices. Once devices are discovered, the automated underlay provisioning leverages Plug & Play to configure Routing Protocols and further provides IP address Configuration.

SD-Access Fabric Overlay:

 It is the logical, virtualized topology which are built on the top of underlay network. SD-Access Overlay has three main building blocks:

  • Fabric data Plane: Using VXLAN Protocols to send and receive data packet between source & Destination with Group Policy Option (GPO).
  • Fabric Control Plane: Logical mapping and resolving of users and devices with the help of LISP protocol.
  • Fabric Policy Plane: Business Intent is translated to Network Policy using SGT (Scalable group Tags) and Group-based policies.

SD-Access Policy:

SD-Access has ability to instantiate logical network policy based on following services provided by fabric.

  • Security Segmentation Services
  • Quality of Services
  • Capture/ Copy Services
  • Application Visibility Services

SD-Access Segmentation:

It is the Method by which separates specific groups of users or devices from other groups. VXLAN Provides segmentation feature by VNI or Scalable Group Tag field in its header.

SD-Access Provides following types of segmentation

  • Macro Segmentation: Separation of Network topology in to smaller Virtual Networks using unique Network identifier and separate Forwarding tables. Example VRF.
  • Micro Segmentation: It’s logically separates the Users or device groups with in a particular Virtual network by enforcing Source to destination access control permissions. Example ACL.
  • Scalable Group: It is logical object ID assigned to a group of users or devices in SD-Access fabric which is further used as source and destination classifier in Scalable Group ACLs (SGACLs).

SD-Access Fabric Wireless: 

SD-Access Fabric provides distributed wired and centralized wireless architecture, providing a common overly for both infrastructure and extending its benefits to both. In this Customer have same common policy for all users and are independent of Media.

This other advantaged of SD-access Wireless are same as of traditional Cisco Unified Wireless Network (CUWN) like:

  • Tunneled Overlay Network
  • Some level of automation like AP management, Configuration Management.
  • Simple Device or User Mobility also called as client roaming.
  • Centralized Management Controller (WLC)

SD-Access Management with DNA Center:

Cisco DNA Center provides Central management plane for building, Operating and Management of SD-Access Fabric.  

There are many features and functions of DNA Center, but here we will be discussing about two main functions.

  • DNA Center Automation
  • DNA Center Assurance

Automation & Orchestration:

DNA Center uses a controller-based automation as a primary configuration to design, deploy, verify and optimized wired and wireless network components for both non-fabric and fabric based deployments.  

Network Assurance: DNA Center Assurance engine provides following benefits for both non-fabric and fabric based components.

  • It continuously collects data from network and transform it in to actionable insights. Data is collected from different sources like SNMP, Syslogs, and Netflow, NETCONG, YANG.
  • It then performs advance processing and then correlates events to monitor how devices, users and applications are performing.
  • Once Correlation is done , it make easy for network admins to troubleshoot issues and Analyzing the network Performance across both Non-fabric and Fabric.

Some Use-cases for SD-Access are:

  • Automated Deployments at scale.
  • Integrated wired and Wireless Infrastructure.
  • Provide Secure Access to users and Devices
  • Correlated Insights and Analytics.

 

Note: ( Refer before Purchase )

  • We don't offer Any Hands-On labs for practice in this course.
  • Lab discussed here contains different Scenarios, task & Its recorded Solutions. 
  • Content of each page is 30-40% visible for Customer verification about content.
  • Before any purchase , verify content then proceed,VLT is in progress,No refund Policy. 
  • For More Detail : Mail dclessons@dclessons.com , FAQ & TC page.

Comment

  • can i get the course curriculum for this

    • It will be ready by 9 Dec 2020


LEAVE A COMMENT

Please login here to comment.