Fundamentals of Cisco SD-Access : Underlay & Overlay Network
Fundamentals of Cisco SD-Access : Underlay & Overlay Network
SD-Access from Cisco allows you to segment traffic by user, device, and application without redesigning the network.
With Cisco SD-Access, organizations can automate user access policy, ensuring that the correct policies are established for all users and devices, irrespective of the application.
LAN and WLAN networks can be integrated into a single network fabric to provide a consistent user experience wherever they are without compromising security.
Fig 1.1- Cisco SD-Access : Underlay & Overlay Network |
⚡ Cisco SD-Access Underlay Network
The actual network components, such as routers, switches, and wireless LAN controllers (WLCs), as well as a typical Layer 3 routing protocol, make up the SD-Access network underlay. This creates a simple, scalable, and durable framework for network device communication. Client traffic is handled by the fabric overlay, not the network underlay.
All network parts of the underlay must establish IP communication with one another. This implies that an existing IP network may be used as the network underlay. Although any topology and routing protocol might be used in the underlay, implementing a well-designed Layer 3 access topology is highly recommended to achieve consistent performance, scalability, and high availability.
This removes the requirement for VRRP, HSRP, VTP, STP, and so on. Furthermore, deploying, debugging, and managing the network is made easier when a logical fabric architecture is run on top of a prescriptive network underlay. This provides built-in capabilities for multi-pathing, optimized convergence, and other features.
In order to automatically find, configure, and install network equipment in accordance with Cisco Validated Design best practices, Cisco Catalyst Centre (DNA Centre) offers a prescriptive LAN automation solution. When the necessary protocol and IP address configurations are found, Plug and Play (PnP) is utilized by the automatic underlay provisioning.
The Cisco Catalyst Center (DNA Center) LAN Automation uses a best practice IS-IS routed access design. The main reasons for IS-IS are:
- IS-IS is protocol agnostic, so it works with IPv4 and IPv6 addresses
- IS-IS can work with only Loopback interfaces, and doesn't require an address on each L3 link
- IS-IS supports an extensible TLV format for emerging use cases.
⚡ Cisco SD-Access Overlay Network
- Fabric data plane: the logical overlay is created by packet encapsulation using Virtual Extensible LAN (VXLAN), with Group Policy Option (GPO).
- Fabric control plane: the logical mapping and resolving of users and devices (associated with VXLAN tunnel endpoints) is performed by Locator/ID Separation Protocol (LISP).
- Fabric policy plane: where the business intent is translated into a network policy, using address-agnostic Scalable Group Tags (SGT) and group-based policies.
Continue Reading...
- DNAC Device PNP Onboarding Process for IOS-XE
- Cisco DNA center Fabric QOS overview
- How to run a template from Cisco DNA Center
- Updates in Cisco DNA Center 2.3.7.0
- Updates in Cisco DNA Center 2.3.5.0
- Installing Cisco DNA Center appliance: Knows about Ports
- Updates in Cisco DNA Center 2.3.4.x
- Virtual Appliance Cisco DNA Center on Amazon AWS
- Cisco DNA Center Guardian Version 2.3.3.x - Host entry cleanup in Maglev
More on Cisco Catalyst Center...
- Part 2: How to run CBAR on Cisco DNA center
- Updates in Cisco DNA Center 2.2.3.3
- Cisco DNA Center : Setting up 3 node cluster controllers
- Cisco DNA Center : Gen 2 DNA Center Appliances
- Cisco DNA Center : RMA Workflow
- Cisco DNA center and intelligent capture architecture
- DNA Center : CIMC Controller and Maglev
- Cisco DNA and DNA Center as Controller