EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USCisco SD-Access Migration Overview
Modern organizations maintain a wide range of assets, including critical databases, vital company employee and classified customer and commercial information, shared drives, and email and web servers, among many other elements.
Any modern IT organization benefits from the following assets:
- Identity-based segmentation and policy: SD-Access decouples security policy definition from VLAN and IP address to enable rapid policy updates.
- Automated network fabric: SD-Access provides automation across wired and wireless networks, enabling IT to optimize resource utilization and traffic flows. It also has the ability to move away from device-by-device automation techniques to workflow-based simplified management. This results in the ability to maintain consistency even on a large scale.
- Insights and telemetry: SD-Access leverages insights and analytics into user and application behavior for proactive issue identification and resolution.
- Policy convergence between wired and wireless.
- Flexible authentication options for users, devices, and things, including 802.1X, Active Directory, and static authentication.
- Better positioning for increased cloud usage via WAN and internet; acceleration and optimization for cloud.
SD-Access Migration Considerations
The following are considerations to take into account before beginning the migration of the existing network to Cisco SD-Access. They are categorized as follows:
- Network Considerations: Maximum transmission unit (MTU), network topology, IP addressing for underlay and overlay, and location of shared services.
- Policy Considerations: Existing policy definition and enforcement points, Virtual Network (VN), and security group tags (SGTs).
- Hardware Platform Considerations: Switches, routers, wireless controllers, and access points (APs) that support SD-Access.
- Software Platform Considerations: Cisco DNA Center, Cisco Identity Services Engine (ISE), Cisco Network Data Platform (NDP).
- Scale of Deployment Considerations: Scale of hardware platforms with respect to the role that they play in the SD-Access architecture.
- Existing Network Design: Layer 2 access or routed access.
Network Considerations
There are network considerations that you should take into account before beginning the migration of the existing network to Cisco SD-Access.
Network considerations are categorized as follows:
- MTU
- Network topology
- IP addressing for underlay and overlay
- Location of shared services
- Application of features at the distribution layer
- Routing between the virtual routing and forwarding (VRF) and underlay to the external network
MTU
MTU is defined as the largest network protocol data unit that can be transmitted in a single transaction. The higher the MTU, the more efficient the network. The VXLAN encapsulation adds 50 bytes to the original packet. This can cause the MTU to go above 1500 bytes for certain applications. For example, wireless is deployed with SD-Access, where the additional Control and Provisioning of Wireless Access Points (CAPWAP) overhead needs to be considered. In general, increasing the MTU to 9100 bytes on interfaces across all switches and routers in the fabric domain (underlay and overlay) is recommended to cover most cases and to prevent fragmentation.
Network Topology
The SD-Access fabric supports traditional hierarchical networks as well as arbitrarily designed networks such as ring topology or daisy-chained topologies. Note: A network that is designed with the Cisco validated design guidelines will have fewer considerations (steps) when migrating compared to arbitrarily designed networks that are inherently complex.
SD-Access fabric supports traditional hierarchical networks and arbitrarily designed networks.
Access Layer Reconfiguration
Because fabric underlay topologies are based on a routed access design, if the existing network is routed access, it lends itself to easier migration to SD-Access.
IP Addressing for Underlay and Overlay
Existing campus networks are flat and do not have any concept of underlay and overlay. The IP address schema is flat, with no distinction between intranetwork prefixes and endpoint network prefixes. SD-Access, by its very nature, contains an overlay and underlay to differentiate between the two spaces. It is recommended that two distinct IP ranges be selected, one for the endpoint network prefixes (overlay) and one for the intranetwork prefixes (underlay).
Comment
TABLE OF CONTENTS
RECENT POSTS
- Exploring Core AWS Networking and Messaging Concepts for Modern Cloud Architectures
- Understanding Key AWS Services for Modern Cloud Architectures
- Building a Strong AWS Foundation with Amazon S3, EC2, and Virtual Private Cloud
- Understanding the ENSDWI Course: Advanced Cisco SD-WAN (Viptela) Concepts
- A Complete Guide to the DCACI-A Course: Mastering Advanced Cisco ACI Concepts
- How Our Online Python Certification Will Prepare You for a Career in Network Automation
- What You'll Learn in Juniper Mist Labs: A Deep Dive into AI-Driven Wireless Networking
- 10 Benefits of Studying Cisco ISE for Network and Security Folks
- Which AWS Advanced Networking Labs Course Includes # Real World Traffic Flows and Examines Objectives?
- How Do You Practice Cisco Nexus Configuration with Online Labs, No Physical Equipment?
LEAVE A COMMENT
Please login here to comment.