Chapter 46 - Cisco Software-Defined Access Flashcards
1
Q
What is SD-Access?
A
- Software Define Access
- SDN developed by Cisco for use in campus networks
- Uses DNA Centre as its controller
- Three different roles for switches are included in this architecture:
- Edge nodes - Connect to end hosts
- Border nodes - Connect to devices outside of the SD-access network e.g. WAN routers
- Control nodes - Use LISP (Locator ID Separation Protocol) to perform various control plane functions - Can be configured on compatible networking equipment that is already in place (Brownfield Deployment) but DNA will not dynamically configure the underlay
- Can be configured from scratch (Greenfield Deployment) and DNA will dynamically configure the underlay
- LISP provides the control plane by mapping EIDs (Endpoint Identifiers) to RLOCs (Routing Locators)
- Cisco TrustSec provides policy control
- VXLAN provides the data plane
2
Q
What is SD-WAN?
A
- Software Defined WAN
- SDN developed by Cisco for use when automating WANs
3
Q
What is an SDA underlay?
A
- The physical network of devices and connections that provide IP connectivity for the overlay
4
Q
What is an SDA overlay?
A
- The virtual network built on top of the physical underlay network
- SD-Access uses VXLAN to build tunnels as its overlay and allow communication between fabric endpoints
5
Q
What is an SDA fabric?
A
- The combination of the SDA’s underlay and overlay
6
Q
True or False. You can use any equipment for an SDA Brownfield Deployment.
A
False. The devices must be included on Cisco’s SDA compatibility list. Otherwise new equipment is required.
7
Q
What is a Routed Access layer network design?
A
- Typically used in a Greenfield SDA Deployment
- Means that:
- All switches in the topology are layer 3 switches that have routing enabled and use the IS-IS routing
protocol.
- All links between switches are layer 3 routed links meaning that STP/RSTP is not necessary
- SDA Edge nodes act as default gateways for endpoints meaning that an FHRP is not necessary (I don’t
think it would necessarily be a bad thing though. Would just require each PC to have two NICs to connect
to each L3 switch)
8
Q
What is VXLAN?
A
- Virtual Extensible LAN
- Used in SDA overlay
- When a frame is received on an SDA node it is encapsulated in VXLAN. This is then forwarded to its destination by other nodes and VXLAN is only removed by the final node.
- The requirements of VXLAN in an SDA are:
- The VXLAN tunneling must be performed by each switch’s ASIC so there is no performance penalty. This
is why the compatibility list is required for SDA
- The VXLAN encapsulation but supply headers that SDA requires for its features
- VXLAN must encapsulate the data link frame as well as the IP header of a packet giving SDA layer 2 and
layer 3 features
9
Q
True or False. The overlay and underlay use the same address space.
A
False. The underlay uses one address space and the overlay uses another. The endpoint addresses are included in the overlay address space.
10
Q
How does LISP work in SDA?
A
- Fabric edge nodes learn the locations of possible endpoints via their MAC address, IP address, and subnet, and use this to identify each end point with an EID (End Point Identifier)
- They register the fact that they can reach a given EID into a databse called the LISP Map Server
- The LISP Map Server keeps a list of EIDs and matching RLOCs (Routing Locators) which identify the edge nodes that can reach a given EID
- When the data plane needs to forward a message it looks for the destination in the LISP Map Server
11
Q
What is an ITR?
A
- Ingress Tunnel Router
- The router in an SDA fabric that receives a given frame and needs to forward it
12
Q
True or False. Cisco DNA Centre is only used as the Controller for SDA networks
A
False. It can also be used as a management platform for traditionaly non-SDA network devices
13
Q
What is RESTCONF and NETCONF?
A
- Southbound APIs used for managing networks
- Generally used to manage more recent networking devices. Older ones may use Telnet, SSH, and SNMP, etc.
14
Q
What is a Scalable Group?
A
- Used to identify groups of users within DNAC that should have security policies applied to them
- Group identifiers are called SGTs (Scalable Group Tags)
15
Q
What are features of a traditional network management program?
A
- Single Pane of Glass - One GUI to launch all functions and features
- Discovery, Inventory, and Topology - Discovers network devices, builds an inventory, and arranges them in a topology map
- Entire Enterprise - Provides support for traditional enterprise LAN, WAN, and data centre management
- Methods and Protocols - Uses SNMP, SSH, Telnet, CDP, and LLDP to disocver and learn information about network devices
- Lifecycle Management - Supports different tasks to install a new device, configure it to be working in production, and perform ongoing monitoring and maintenance
- Application Visibility - Simplifies QoS configuration deployment
- Converged Wired and Wireless - Enables you to manage both wired and wireless LANs from the same platform
- Software Image Management (SWIM) - Manages software images on network devices and automates updates
- Plug and Play - Performs initial installation tasks for new network devices after they are physically installed
