23. Fabric Technologies Flashcards

1
Q

What are the capabilities, features and functionalities of SD-access?

A
  • Network automation
  • Network assurance and analytics
  • Host mobility
  • Identity services
  • Policy enforcement
  • Secure segmentation
  • Network virtualization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Network automation in SD-access?

A

Replaces manual network device configurations with network device management –> Cisco DNA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Network assurance and analytics in SD-access?

A

Proactive prediction of network/security related risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Host mobility in SD-access?

A

Provides access to (non)-wired clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Identity services in SD-access?

A

Cisco ISE identifies users and devices connecting to the network and provides information to implement security policies for access control and segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Policy enforcement in SD-access?

A

SGACLs (access lists) based on identity instead of IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Secure segmentation in SD-access?

A

Easer to segmen the network to support guests, IoT, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Network virtualization in SD-access?

A

One single physical infrastructure to support multiple VRF instances. Also called virtual networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 2 SD-access components?

A
  • Cisco campus fabric solution

- Cisco DNA Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When do we speak of the Cisco campus fabric solution?

A

When the fabric is managed through the CLI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When do we speak of SD-Access

A

When the fabric is managed through Cisco DNA Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the campus fabric?

A

A Cisco validated fabric overlay solution that includes all of the features and protocols to operate the network infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the four layers in the architecture?

A
  • Physical
  • Network
  • Control
  • Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is placed in the physical layer?

A

All Cisco network devices that actively particapate in the SD-Access fabric must support all of the hardware ASICs and FPGAs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is placed in the network layer?

A

Consist of the underlay and overlay network. These work together to deliver data packets to and from networking devices participating in SD-Access.

Overlay is virtual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the 2 underlay modes?

A

Manual through the CLI –> Change protocols

Automated through Cisco DNA –> P&P, IS-IS auto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the underlay network?

A

Physical network the should ensure high availability, scalability an performance. Adviced is to use L3 routed campus design with IS-IS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the overlay network?

A

SD-access fabric that is fully automated. Includes all the control plane protocols and addressing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the 3 basic control planes in SD-Access fabric?

A
  • Control plane based on LISP
  • Data plane based on VXLAN
  • Policy plane based on Cisco Trustsec
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the name of the enhanced VXLAN?

A

VXLAN-GPO and supports Trustsec SGTs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Why is VXLAN preffered over LISP in the data plane?

A

VXLAN supports IP/UDP based MAC-in-IP encapsulation. For this reason it can be used on L2 and L3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are Trustsec SGTs?

A

Tags that can be assigned to authenticated groups. Network policies can be applied through SD-Access based on this tag instead of IP/MAC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the advantage of Trustsec tags for SD-Access?

A
  • Network address independent GP based on tags

-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the 5 basic roles in SD-Access?

A
  • Control plane node
  • Fabric border node (core layer device)
  • Fabric edge node (access/distribution switch)
  • Fabric WLAN controller
  • Intermediate nodes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How many roles can be assigned to a SD-Access device?

A

Multiple, minimum is one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the Control plane node?

A

A LISP map server/resolver (MS/MR) with enhanced functions for SD-Access. Maintains a simple host tracking database for EID’s to RLOCs

27
Q

How does the Control plane node work?

A

Maps all EID locations to the fabric edge/border node and capable of doing EID lookups.

Receives registrations from fabric edge/border nodes.

Must be a Cisco switch or router operating in-/outside the SD-WAN fabric

28
Q

What is the Fabric border node?

A

LISP proxy tunnel routers that connect external L3 networks to the SD-Access fabric and translates reachability and policy information, as VRF & SGT from one domain to another.

29
Q

What are the 3 types of Fabric border nodes?

A
  • Internal border (only known)
  • Default border (outside)
  • Internal default (connects internal and default with each other)
30
Q

What is the Fabric edge node?

A

Provides onboarding and mobility services for wired users/devices. It is a LISP tunnel router that provides anycast gateway, endpoint authentication, and assignment to overlay host pools, as well as group-based policy enforcement

31
Q

How does a Fabric edge node work?

A

It first identifies and authenticates (802.1X) wired endpoints in order to place them in a host pool and SGT group. Then registers a specific EID host address with the Control plane node.

Provides (de)-encapsulation to and from its connect endpoints.

32
Q

What is the Fabric WLAN controller?

A

Connects APs and wireless endpoints to the fabric. The WLC is external and connects through a internal border node.

33
Q

What is the difference for a WLC in SD-Access?

A

Traffic travels on VXLAN encapsulated instead of CAPWAP.

34
Q

What are Intermediate nodes?

A

Switches or routers that do not provide any active rol in the SD-Access fabric

35
Q

What is placed in the controller layer?

A

Provides the subsystems for the management layer and consists of Cisco DNA center and Cisco ISE

36
Q

What are the 3 main controller susbsytems?

A
  • Cisco Network Control Platform
  • Cisco Network Data Platform
  • Cisco ISE
37
Q

What is Cisco Network Control Platform?

A

Subsystem integrated directly into Cisco DNA that provides all of the underlay and fabric automation and orchestration services for the physical and network layers.

38
Q

What does Cisco Network Control Platform use for configuration?

A

NETCONF/YANG, SNMP, SSH/Telnet and provides network automation status and info to the management layer

39
Q

What is Cisco Network Data Platform?

A

Subsystem integrated directly into Cisco DNA that does datacollection and analytics

40
Q

What does Cisco Network Data Platform do?

A

Analyzes and correlates various network vents through multiple sources (NetFlow, SPAN) and identifies historical trends. Provides this to ISE and NCP Cisco Network Data Platform

41
Q

What is Cisco ISE?

A

Provides all the identity and policy services for the physical and network layer

42
Q

What is placed in the management layer?

A

The GUI of Cisco DNA Center

43
Q

What are the 4 main components of SD-WAN?

A
  • vManage
  • vSmart controller
  • SD-WAN routers
  • vBond orchestrator
44
Q

What is vManage?

A

GUI for SD-WAN

45
Q

What is vSmart controller?

A

The brain of SD-WAN and have cpre-installed redentials to authenticate every SD-WAN router that comes online

46
Q

How does vSmart controller work?

A

After authentication it creates a permanent DTLS tunnel to each SD-WAN router to esthablish OMP neighborships.

47
Q

What is OMP?

A

The Cisco Overlay Management Protocol

48
Q

What is a SD-WAN router?

A

SD-WAN routers deliver the essential WAN, security and multicloud capabilities of the SD-WAN solution and are available as hardware, software, clud or VR at the perimeter of a site.

49
Q

How does a SD-WAN router function?

A

It automatically establishes a DTLS tunnel wit ha vController to form a OMP neighborship
It also establishes IPsec session with other SD-WAN routers

50
Q

What are the two types of SD-WAN routers?

A

vEdge

cEdge - Viptela integrated in IOS-XE

51
Q

What are they advanced security features of cEdge?

A
  • AMP & AMP Threat Grid
  • Enterprise firewall
  • Cisco Umbrella
  • URL filtering
  • The Snort intrusion prevention system
  • Embedded platform security
52
Q

What is the vBond orchestrator?

A

Authenticaes the vSmare controllers and SD-WAN routers and orchestrates connectivity between them.

53
Q

What is unique about the vBond orchestrator?

A

It is a SD-WAN router that only performs orchestrator functions and the only device that must have a public IP so that SD-WAN routers can connect to it.

54
Q

What are the major components of vBond orchestrator?

A
  • Control plane connection
  • NAT traversel
  • Load balancing
55
Q

What is Control plane connection?

A

Each vBond orchestrator has a permanent DTLS tunnel with a vSmart controller and uses DTLS connections to communicatie with SD-WAN routers

56
Q

What is NAT traversel?

A

vBond orchestrato facilitates the initial orchestration between SD-WAN routers and vSmart controllers, when one of them is behind a NAT device.

57
Q

What is load balancing vBond orchestrator?

A

In a domain with multiple vSmart Controllers the orchestrator automatically load balances SD-WAN routers

58
Q

What are the capabilities of vAnalytics?

A
  • Visibility into applications
  • Forecasting and what if analysis
  • Intelligent recommendations
59
Q

Which SD-WAN component are available as physical devices?

A
  • vSmart controllers

- SD-WAN routers

60
Q

What is vQoE?

A

Viptela Quality of Experience

Provides the quality of Cloud SaaS connections score

61
Q

What is Cloud OnRamp?

A

Delivers the best application QoE for SaaS application by continuously monitoring SaaS performance across diverse paths

62
Q

What does the vSmart controller do?

A

It pushes down configuration and policies to SD-WAN routers

63
Q

What does the vBond orchestrator do?

A

Holds al devies together