routeprotocol
-
Software-Defined WAN (SD-WAN)
SD-WAN can offer a number of benefits: Lower costs with simple WAN automation and orchestration Extend enterprise networks seamlessly into public cloud Provide optimal user experience for software-as-a-service applications Leverage a transport-independent WAN for lower cost and higher diversity, with the underlying network making up of many types of IP network (Internet, MPLS, 3G/4G/LTE, satellite)…
-
SD-Access: Management Layer
The management layer within Cisco DNA centre is the layer that provides an interface to the user. All information from all other layers is presented in the form of a centralised dashboard. The management layer removes the complicated information of the configuration behind the scenes and provides simple easy to use information to the user,…
-
SD-Access: Controller Layer
The controller layer provides all of the management systems for the management layer. The controller layer is all provided by Cisco DNA centre and Cisco ISE. Cisco ISE and DNA Centre integrate with each other to share information between themselves using APIs. There are three subsystems within the controller layer Cisco Network Cloud Platform Integrated…
-
SD-Access: Fabric Concepts
Virtual Network (VN) The virtual network provides virtualisation at a device level using VRF instances to create multiple Layer 3 routing tables. The VRF instances provide segmentation across IP addresses to allow for overlapped address space and segmentation from other routing tables. In the control plane, LISP instance IDs are used to maintain separate VRF…
-
SD-Access: Fabric Wireless Controller (WLC)
A wireless LAN controller that is fabric enabled can connect access points and wireless endpoints to the SD-Access fabric. The wireless LAN controller is external to the fabric and connects to the SD-Access fabric through an internal border node. The WLC node provides onboarding and mobility services for wireless users and endpoints connected to the…
-
SD-Access: Fabric Border Nodes
Fabric border notes are LISP proxy tunnel routers (PxTRs) that connect external Layer 3 networks to the SD-Access fabric and translate reachability and policy information from one domain to another. There are three types of Fabric Border Nodes: Internal Border (Rest of the enterprise network) Default Border (Outside) Internal Border and Default Border (Anywhere) Internal…
-
SD-Access: Fabric Control Plane Node
The fabric console plane node is a LISP map server/resolver (MS/MR) with enhanced functions for software defined access including fabric wireless and scalable group tag mapping. It maintains a simple host tracking database to map endpoint identifiers to routing locators. The control plane maps all endpoint identifiers location to current fabric edge or border nodes,…
-
SD-Access: Fabric Edge Nodes
The fabric edge node provides onboarding and mobility services for wired users and devices connected to the fabric. It is a LISP tunnel router that provides the anycast gateway, endpoint authentication and assignment to overlay host pools along with group policy enforcement. The fabric edge identifies and authenticates wired endpoints through 802.1x in order to…
-
Software Defined Access Roles and Components
The software defined access fabric requires multiple roles and components to operate. Each software defined access enabled device must be configured with at least one of these roles. The five basic roles in a fabric overlay are: Control Plane Node The control plane node contains the settings, protocols and mapping tables to provide the EID-to-RLOC…
-
Software Defined Access Policy Plane
The fabric policy plane is based on Cisco TrustSec. Cisco TrustSec Scalable Group Tags are assigned to authenticated groups of users and end devices. Network policy, such as ACLs and QOS are applied throughout the software defined access fabric based on the Scalable Group Tag rather than an IP address or MAC address. This means…