SD-Access Site Reference Models

SD-Access Site Reference Models

SD-Access Site Reference Models

SD-Access Design Elements:

While Designing the SD-Access fabric network for any enterprise, there are some elements that needs to be discussed in details and are listed below:

  • Greenfield & Brownfield Environment
  • Number of Endpoints or users
  • Site Presence/Location based on Geography
  • Shared Services locations
  • Connectivity Transit types
  • Fusion routers
  • WAN & Internet Connectivity
  • Unified Policy

Now we will discuss each and every elements in detail.

Greenfield & Brownfield Environment:

Before designing any SD-Access fabric, it should be checked that weather site is Greenfield or brownfield. If the Environment is brownfield then following consideration must be taken in account.

  • Layer2 Handoff – Border design: In this traditional networks are connected to SD-Access fabric by adding a host behind Legacy network to SD-Access fabric. This is very much temporary used.
  • Floor-by Floor or Building by Building: In this we should select the Area closet by closet, or Floor by Floor or Building by building and then converting it to SD-Access fabric. We should take one switch at time and migrate it to SD-Access Fabric.

Number of Endpoints or users:

One of the factor that makes design effective is that we should be well aware about number of users in SD-Access fabric. Number of wired or Wireless users across location is required while designing SD-Access Fabric. With this we will be able to know how many switch ports or Access points are required based on that we can very much plan the capacity management in SD-Access fabric.

Site Presence/Location based on Geography:

Site Presence location and how it is connected makes important points while designing any SD-Access Fabric network. Sites that located within same MAN network or campus with multiple building in close, or campus or site connected with direct fiber can leverage the benefits from SD-Access Distributed campus design method.

Shared Services locations:

Services that are shared between different Networks components like DHCP, DNS, ISE, WLC are commonly be deployed in different ways.

SD-Access Distributed campus design or Location distributed across WANs, for those shared services are often deployed at on-premise data Centers. These Data Centers are connected to HQ core or distributed layers and finally HQ are connected to different Sites based on locations. Traffic traverse from Site to HQ and then to DC to access these resources.

Sometimes Shared service are local to sites or Location.  To provide Survivability, a different service block are deployed and in these service blocks, shared service are connected and are provide connectivity to endpoints via Fusion routers per location.

Connectivity Transit types:

Transits provides connectivity between sites, these transit Types are MAN, WAN, Internet. In WAN the classification are MPLS, IWAN, and other WAN variations. If we are using DNA center these transits are classified as SD-Access transit, IP based or SD-WAN transits.

SD-Access Transits are used to provide connectivity for Distributed campus. In this packets are encapsulated between sites by VXLAN which further carries Macro or Micro Policy Construct.

In IP based Transits packets are encap and decap from VXLAN in to native IP and then are forwarded by using traditional routing protocols and switching protocols to destination. In DNA Center IP transits are provisioned by using VRF lite to connect to upstream device.

SD-WAN Transits are used to connect fabric sites through SD-WAN enabled router.

Fusion Router:

In SD-Access, Fusion router provides connectivity to shared services which are essential for Endpoint. When Shared services are connected using Global Routing table, Fusion router are configured with route-mas to match specific prefixes of shared services and then these specific subnets are then leaked.

But if Shared services are using dedicated VRF on fusion router, then the shared services and Endpoint VRF subnets are leaked between them by using route-targets.

Fusion router may be Layer 3 Router or Layer 3 Switch and must support following feature:

  • Support of Multiple VRF
  • 1q tagging
  • Sub-interfaces or Layer 3 SVI
  • BGP4 and MP-BGP extensions attributes.

WAN & Internet Connectivity:

In order to provide WAN and Internet connectivity to SD-Access fabric Border node is used and is connected to next hop router that connect to Internet , ISP router , WAN Edge Router , or Fusion router.

SD-Access Site Reference Models:

Now we will discuss Site Reference Models used in SD-Access fabric. In SD-Access Sites are classified in to following categories.

  • Very Small Site
  • Small Site
  • Medium Site
  • Large Site


    You are will be the first.


Please login here to comment.