SD-Access
SD Access
Software-Defined Access provides an additional layer of analysis, controls over access policies, network segmentation, and endpoint monitoring.
1. It is an all-in-one product that provides another vital layer of security and privacy protection.
2. The two required components for SD-Access
1. Cisco DNA Center for security policy configuration
2. Cisco Identity Services Engine (ISE) for user authentication.
SD-Access Functions in SDN Planes
-
Management Plane
- Functions that are used to manage devices are part of the Management plane
-
Control Plane
3. LISP protocol provides the control plane of Cisco SD-Access -
Data Plane (Also known as the Forwarding place)
- VXLAN protocol provides the data plane of Cisco SD-Access
- VXLAN stands for "Virtual Extensible LAN" and is basically the Overlay
- Tasks include forwarding user traffic from one interface to another
-
SD-Access uses an underlay and overlay network
- An underlay network is the underlying physical network
- It provides the underlying physical connections which the overlay network is built on top of
- An overlay network is a topology used to virtually connect devices
- It is built over the physical underlay network
- The combination of underlay and overlay forms the SD-Access 'network fabric'
- An underlay network is the underlying physical network
SD-Access Switch Types
- Edge Node
- At the boundary of the SD-Access Fabric and connects end-devices to the fabric
- Responsible for encapsulating traffic into the Virtual Extensible LAN (VXLAN) and determining the appropriate virtual network
- Control Plane Node
- Holds the location information for all endpoints and serves as a mapping repository
- Uses LISP to provide its mapping service
- Border Node
- Provide connectivity between the SD-Access Fabric and external networks
- Responsible for translating VXLAN to its connecting native format