Architecture
-
Software Defined Access Policy Plane
The fabric policy plane is based on Cisco TrustSec. Cisco TrustSec Scalable Group Tags are assigned to authenticated groups of users and end devices. Network policy, such as ACLs and QOS are applied throughout the software defined access fabric based on the Scalable Group Tag rather than an IP address or MAC address. This means…
-
Software Defined Access Data Plane
The tunnelling technology used in the fabric data plane is based on Virtual Extensible LAN (VXLAN). VXLAN encapsulation is UDP/IP based so can be forwarded by any IP based network and can create the overlay network for SD-Access fabric. Although Software Defined Access utilises LISP for the control plane traffic, it is not used for…
-
Software Defined Access Control Plane
The software defined access control plane is based on the Locator/ID Separation Protocol (LISP). LISP is a IETF standard protocol defined in RFC 6830 that is based on simple endpoint ID (EID) to Routing Locator (RLOC) mapping system to separate the identity (endpoint IP address) from it’s current location (network edge or border router IP…
-
SD-Access: Overlay Network
The software defined access fabric is the overlay network, providing policy based network segmentation, host mobility, and enhanced security beyond the normal capabilities of a traditionally switched network. The software defined access overlay is fully automated regardless of the underlay mode used. It automatically includes all overlay control plane protocols and addressing required. The Cisco…
-
SD-Access: Underlay Network
The underlay network for software defined access should be configured to ensure performance, scalability, and high availability. Any problems that occur on the underlay network will affect the operation of the overlay network. It is possible to use a Layer 2 network underlay design running spanning tree protocol, but it is not recommended. The recommended…
-
SD-Access: Network Layer
The network layer in software defined access consists of the underlay network and the overlay network. The network underlay is the underlying physical layer, and transports the data packets between network devices for the software defined access fabric overlay. The overlay network is a virtual tunnelled network that virtually interconnects all of the network devices…
-
SD-Access: Physical Layer
Everything in Cisco software defined access runs on physical network devices: Switches, routers, servers, wireless LAN controllers and wireless access points. Cisco switches provide wired access to the fabric. Support is available for both Catalyst and Nexus switches. Cisco routers provide WAN and branch access to the fabric. ASR, ISR, and CSR routers (including the…
-
Software Defined Access Architecture
The Cisco software defined architecture is based on existing hardware and software technologies. Software defined access integrates and manages these technologies together and divides them into four separate layers: The Mmanagement Layer, Controller Layer, Network Layer, and Physical Layer.
-
What is SD-Access?
Software defined access is made up of two components, Cisco Campus fabric solution and Cisco DNA centre. The campus fabric is a Cisco validated fabric overlay solution that includes all features and protocols (control plane, data plane, management plane, and policy plane) to operate the network infrastructure. If the campus fabric solution is managed using…
-
Software Defined Access (SD-Access)
SD Access provides an evolved campus network that can be built to address needs of existing campus networks with some additional features and capabilities, such as Network Automation Software defined access replaces a manual network device configuration with network device management through automation. It uses a single point of automation, orchestration and management of network…