What is SDA?
SDA stands for software-defined network it is the transformation of the traditional campus area network; it gives much new functionality which traditional network was lacking. It makes it possible to design and build networks by decoupling the control and forwarding planes. It works on the approach of Software-Defined Networking (SDN) network architecture that enables the network to be intelligently and centrally controlled & configure.
A Brief Introduction On How SDA Works.
There is a centralized device in the SDA campus known as DNAC or DNA-Center. Which acts as a controller on the top of a Campus network, Cisco refers to it as a “single pane of glass” which I feel is a fitting explanation. Because it reduces complexity with a centralized controller. The controller is used for creating software-defined access for campus networks and enables the business to deploy, manage, monitor, and troubleshoot entire enterprise, campus, and branch networks from a centralized GUI.
Some functions of DNAC include:
- Plug and Play: Engineers no need to travel each device individually, devices will be configured by the P&P method.
- Easy QoS: It enables network operators to create network QoS policies based on business intent and those policies are then pushed down to network devices automatically.
- Provisioning: This tool allows us to define and push standard network settings and features to network devices.
- Assurance: It is a network monitoring and analytics tool.
- Software image management (SWIM): It allows us to select standard versions of network devices OS, and to automatically download, and upgrade the devices in safe and secure ways.
- Automated end-to-end services: like segmentation
5 Reasons Why SDA is Better
Automated Network Fabric
Now we do not need to configure each device individually, LAN Automation enables us to build the underlay in greenfield deployment environments. in the Software-defined access network DNAC provisions all the devices through the LAN automation feature, all the devices powered on without any existing configuration, can participate in the PnP provisioning process, the remaining switches can be searched via their IP. In the case of an automated network all the provisioning, configuration & assurance work is done by DNA-Center. The only thing we need to do is unbox the switch and rack-and-stack it, power it up and LAN automation will automatically find the device and configure them and upgrade the switches to match the ‘Golden image’ version as per requirement.
No manual configuration is required via console or Secure Shell (SSH) on the switch when using LAN Automation.
In this process DNAC will use:
- Cisco Network Plug and Play Process
- Cisco P&P IOS Agent
- LAN Automation Seed and Peer Seed Devices
- IP Reachability
Elimination of Spanning Protocol
SD-access does not require a spanning tree protocol loop prevention mechanism because we can use L3 links from the underlay, this will completely remove L2 problems like the loop, blocking ports, Lack of proper ECMP, etc. we can use any routing protocol, such as OSPF, EIGRP, IS-IS. Can use multiple links using point-to-point links and can achieve load-balancing mechanisms such as equal-cost load balancing (ECMP) for flowless bandwidth usage.
The SD-access solution simplifies the campus design by introducing centralize device which can take care of all aspect of the campus network, either that is Design, Policy, Provision, Assurance, etc.
- From a Design perspective, we can make a network hierarchy on DNAC, upload floor plan, drag and drop your CSV file or navigate. Also, can Upload an existing network hierarchy from Cisco Prime Infrastructure. Some use cases are given below:
- Build inventory for unknown endpoints.
- Ensure that endpoint matches the policies and patch level etc.
- Segment the network at two levers “macro” and “micro” levels.
- Simplified policies for guest access.
- Time-saving when provisioning the policies.
- Reduce troubleshooting time!
Identity-Based Policy and Segmentation
The SD-Access solution is based on Cisco Trust Sec (CTS) and Security group access control list (SGACL). Virtual network concept in SD-access which provides “MACRO” level segmentation. In SD-Access, VRFs are known as VNs for complete isolation between different VNs.
By default, SD-Access fabric devices consist of 2 VNs.
1st default VN all the users and devices are part of this VN by default.
2nd infra VN is the GRT of the devices (Global routing table) use for wireless AP and extended node.
The key highlight is you can create multiple users’ VNs in SD-Access depending on your requirement.
- Segmentation by logically grouping users and devices based on their role regardless of their location and IP subnet.
- Segmentation based on the type of users like a guest, student, staff, visitors, etc.
Note: – if everything is the same as traditional VRF (virtual routing and forwarding) then why SD-Access has chosen a different name for the VRF concept, because, unlike VRFs, SD-Access does not require a separate routing table for the virtual network, because LISP (location ID Separation protocol) in SDA provides all control plain forwarding information.
The assurance feature in SD-Access reduces the troubleshooting time by increasing the resource’s availability.
SD-Access deals with operational challenges by using its network data platform (NDP).
NDP collects data by multiple methods & uses it for the assurance part, some of them are listed below.
1. Using net-flow.
2. Data related to the endpoint.
3. Data from identity service engine. (ISE)
4. Data form topology.
5. Data from devices.
Thus, it provides resource’s availability by using some of the below-mentioned features:
1. Builds L3 loop-free topology.
2. Eliminates STP.
3. Complete mobility over wired and wireless users.
4. Network segmentation at a micro and macro level.
5. Fabric-enabled wireless access point.
6. Supports Cisco Trust Sec.
So We Can Say
The above mentioned are the top features/advantages which you get when you decide to go for SD-Access in your campus/Enterprise. We here at Zindagi Technologies, have a team of certified Subject Matter Experts who specializes in SD-Access solutions. If you are looking for Planning / Designing / Implementation / PoC services for SD-Access, reach us out at Zindagi Technologies Pvt. Ltd. Or call us at +91 9773973971.
Ravi Kumar Singh
Network Consulting Engineer