SDN and Cisco SD-Access Overview

Overview

This lecture covers the core concepts of software-defined networking (SDN) with a focus on Cisco's SD-Access architecture, including key terms such as underlay, overlay, fabric, DNA Center, and how SD-Access compares to traditional network management.

SDN Fundamentals

SDN centralizes the control plane in a controller, unlike traditional networks where control is distributed across devices.
SDN controllers use southbound APIs to interact with network devices and northbound APIs for application integration.
SDN architecture consists of three layers: application (apps/scripts), control (the controller), and infrastructure (network devices).

Cisco SD-Access Overview

SD-Access automates campus LANs using SDN principles, with DNA Center as the main controller.
The SD-Access fabric includes both physical (underlay) and virtual (overlay) network layers.
Underlay provides IP connectivity using protocols (e.g., IS-IS), while overlay uses VXLAN tunnels for virtual networking.

Terms: Underlay, Overlay, and Fabric

Underlay: The physical network of devices and connections that provide base connectivity.
Overlay: The virtual network built on top of the underlay, enabling features like VXLAN tunnels.
Fabric: The combination of underlay and overlay, forming the complete SD-Access environment.

SD-Access Device Roles and Protocols

Edge nodes connect to end hosts.
Border nodes connect the SD-Access domain to external networks.
Control nodes manage the control plane, often using LISP (Locator ID Separation Protocol).
VXLAN is used for data-plane tunneling; LISP is used for control-plane mapping (EID to RLOC).
Cisco TrustSec (CTS) provides policy and security controls in the overlay.

SD-Access Deployment Types

Greenfield deployment: New networks built for SD-Access, fully managed by DNA Center.
Brownfield deployment: SD-Access added to existing networks; DNA Center may not manage underlay to avoid disruption.

DNA Center Features in SD-Access

DNA Center provides central policy management, device provisioning, network assurance, and compliance monitoring.
Intent-based networking allows specifying network policies and behaviors without manual per-device configuration.
Policies can be group-based, with explanations for each rule to clarify network intent.
Software and device compliance can be centrally monitored and enforced.

DNA Center vs. Traditional Network Management

Traditional: Devices configured individually via SSH/console; no central policy or software management; higher risk of errors and longer deployment times.
DNA Center: Central configuration and monitoring; automatic policy and software updates; reduced manual errors and faster deployments.

Key Terms & Definitions

SDN (Software-Defined Networking) — Networking with a centralized control plane managed by a controller.
DNA Center — Cisco’s SDN controller and management platform for SD-Access.
Underlay — The physical network layer providing basic connectivity.
Overlay — The virtual network layer built on top of the underlay, often using VXLAN.
Fabric — The combined underlay and overlay network in SD-Access.
Edge Node — Switch connecting to end hosts.
Border Node — Switch connecting to external networks.
Control Node — Switch handling control-plane functions (LISP).
LISP (Locator ID Separation Protocol) — Protocol for mapping host addresses to switch locations.
VXLAN (Virtual Extensible LAN) — Protocol for overlay tunneling in SD-Access.
Cisco TrustSec (CTS) — Provides policy and security in the SD-Access overlay.
Intent-Based Networking — Defining network behavior by intent rather than manual configuration.

Action Items / Next Steps

Review differences between underlay, overlay, and fabric concepts.
Ensure understanding of edge, border, and control node roles.
Explore DNA Center features and practice configuring policies if possible (e.g., via DevNet sandbox).
Compare traditional vs. DNA Center-enabled network management for exam prep.