my cheat sheet on software defined access

1 Intro

Cisco Software Defined Access, sda, is a campus network solution that solves several traditional campus network problems, the most obvious being the shortcomings of STP. It offers a campus fabric overlay based on LISP + VXLAN that supports both L2 and L3 access from all edge devices.

cisco sda is a combination of a campus fabric (LISP + VXLAN) with automation and analytics (DNA centre assuarnce) See the excellent tech field day video on youtube here: https://youtu.be/GWaon8uP5gA with Shawn Wargo. There is a newer update here: https://youtu.be/2U--gG4puzA but I would see the first one first.

1.1 Problems it solves

1.2 Technology it uses.

SD-Access has a Campus Fabric comprised of LISP control plane with a VXLAN data plane, and Anycast gateway for a L2 default gateway at each leaf/access switch.

All end point devices have a direct connection to its default gateway on its directly connected switch.

Configuration can be traditional box by box CLI or through an API for device automation via NETCONF/YANG.

2 Campus Fabric

Provides a network where the control plane and data plane are separated, that allows you to keep a fast, simple underlay network forwarding packets where separate and isolated overlay networks can traverse. These overlay networks can be L2 or L3 networks.

3 Control Plane (LISP)

The SD-Access control plane is LISP. The control plane node is really just the LISP mapping server (MS) It runs on a router, typically a Cat 9k.

4 Data Plane (VXLAN)

The SD-Access data plane is VXLAN

5 Anycast Gateway

6 Management (DNA-Center)

DNA Center is the mgt server that does four things:

  1. Design
  2. Provision
  3. Policy
  4. Assurance

DNA Centre splits those functions into three elements:

6.1 ISE

Identiy services for dynamic endpoint to group mapping nd policy enforcement.

6.2 NCP (Network Control Platform)

provides fabric and underlay network automation and orchestration services

6.3 NDP (Network Data Platform)

provides network analytics (Assurance), that collects stats and anaylzes endpoint to app flows and monitors fabric status.