SD-Access ( Fabric Network, Automation and Analytics LAN ) - Campus Networks
Today I am going to talk about new generation technology which Cisco launches in the LAN Campus network. The Next generation is dedicated to the Software defined network and thats what Cisco takes this approach to the LAN network as well with orchestration. Cisco put the pillars and made a architecture around it which includes - Campus Fabric Network, Automation, Authentication and Analytics. All these features are built into the SD-Access technology and will going to replace the traditional approach of Campus Network.
I knew you have some questions around it like
How traffic flows in Campus Network?
What and how fabric works?
Is there VLAN approach works?
Do we need to have SVIs ?
Well take a look into SD-Access approach you will come to know what approach Cisco takes to make it successful in the Campus
SD-Access = Campus Fabric+ DNA Center
Campus Fabric:
Campus Fabric have these three protocols works together to make it excellent way to communicate.
So with the use of DNA center, you need to configure devices in the Campus Fabric, Let's suppose you have 1000 devices in your campus, You just define the parameters on the APIC-EM and all the policies will be pushed to 1000 devices and will automatic configure there. It can like QOS policies and other. It also integrated with the third party APIs. So CLI days are gone now.
You can provision your network with in minutes and is ready to work for. Cisco DNA center will talk to every Orchestration layer protocols and same policies can be pushed to wired,wireless, IOT enabled, Building management systems. You can have Extends segmentation, visibility, and policy of the wired network to wireless. Distributed wireless termination helps scale the wireless network throughput while providing centralized management and troubleshooting location.
The Cisco SD-Access architecture enables extends secure connectivity between users/devices and applications (SaaS, traditional) hosted both on on-premise and Cloud infrastructure across both direct and wide area networks (WAN). The architecture also allows seamless secure connectivity even with application mobility between on-premise to Cloud infrastructure The Cisco SD-Access architecture offers simplicity with open, standards based Application Program Interfaces (API). Simply wow..
I hope you got the idea of the SD-Access now, I will come up with the detailed session and the traffic flow article soon.
I knew you have some questions around it like
How traffic flows in Campus Network?
What and how fabric works?
Is there VLAN approach works?
Do we need to have SVIs ?
Well take a look into SD-Access approach you will come to know what approach Cisco takes to make it successful in the Campus
SD-Access = Campus Fabric+ DNA Center
Campus Fabric:
Campus Fabric have these three protocols works together to make it excellent way to communicate.
- LISP- Location/Identifier Seperation Protocol- Control Plane
- VXLAN- Virtual Extensible LAN - Data Plane
- Cisco Trustsec- Segmented Tags
I will explain all these protocols one by one in later articles and then i will come up with the solution with the campus architecture where i will use these protocols work together for the communication from source to destination.
 |
| Fig 1.1- Underlay and Overlay Network |
On the underlay network, you have traditional IP network where forwarding actually works and on the top of it we have Overlay network where we have LISP as a control plane and VXLAN as a data plane works. There is a amendment in the original VXLAN header, Cisco added Cisco Trustsec and VRF features in the VXLAN header where you have have SGT ( Secure and Scalable Group Tags).
I will come with the VXLAN header as well who supports L2 and L3 traffic over traditional IP network. VXLAN is a future now and will going to replace VPLS and MPLS kind of services.
So on the top of these three protocols, Cisco uses DNA center, DNA center includes
- APIC-EM: Policy Automation
- ISE: Identity Service Engine- Authentication and Authorisation
- NDP/Stealth-Watch : Analytics
 |
| Fig 1.2- DNA Center |
You can provision your network with in minutes and is ready to work for. Cisco DNA center will talk to every Orchestration layer protocols and same policies can be pushed to wired,wireless, IOT enabled, Building management systems. You can have Extends segmentation, visibility, and policy of the wired network to wireless. Distributed wireless termination helps scale the wireless network throughput while providing centralized management and troubleshooting location.
The Cisco SD-Access architecture enables extends secure connectivity between users/devices and applications (SaaS, traditional) hosted both on on-premise and Cloud infrastructure across both direct and wide area networks (WAN). The architecture also allows seamless secure connectivity even with application mobility between on-premise to Cloud infrastructure The Cisco SD-Access architecture offers simplicity with open, standards based Application Program Interfaces (API). Simply wow..
I hope you got the idea of the SD-Access now, I will come up with the detailed session and the traffic flow article soon.
