23. Fabric Technologies Flashcards
What are the capabilities, features and functionalities of SD-access?
- Network automation
- Network assurance and analytics
- Host mobility
- Identity services
- Policy enforcement
- Secure segmentation
- Network virtualization
What is Network automation in SD-access?
Replaces manual network device configurations with network device management –> Cisco DNA
What is Network assurance and analytics in SD-access?
Proactive prediction of network/security related risks
What is Host mobility in SD-access?
Provides access to (non)-wired clients
What is Identity services in SD-access?
Cisco ISE identifies users and devices connecting to the network and provides information to implement security policies for access control and segmentation
What is Policy enforcement in SD-access?
SGACLs (access lists) based on identity instead of IP
What is Secure segmentation in SD-access?
Easer to segmen the network to support guests, IoT, etc
What is Network virtualization in SD-access?
One single physical infrastructure to support multiple VRF instances. Also called virtual networks
What are the 2 SD-access components?
- Cisco campus fabric solution
- Cisco DNA Center
When do we speak of the Cisco campus fabric solution?
When the fabric is managed through the CLI
When do we speak of SD-Access
When the fabric is managed through Cisco DNA Center
What is the campus fabric?
A Cisco validated fabric overlay solution that includes all of the features and protocols to operate the network infrastructure.
What are the four layers in the architecture?
- Physical
- Network
- Control
- Management
What is placed in the physical layer?
All Cisco network devices that actively particapate in the SD-Access fabric must support all of the hardware ASICs and FPGAs.
What is placed in the network layer?
Consist of the underlay and overlay network. These work together to deliver data packets to and from networking devices participating in SD-Access.
Overlay is virtual.
What are the 2 underlay modes?
Manual through the CLI –> Change protocols
Automated through Cisco DNA –> P&P, IS-IS auto
What is the underlay network?
Physical network the should ensure high availability, scalability an performance. Adviced is to use L3 routed campus design with IS-IS
What is the overlay network?
SD-access fabric that is fully automated. Includes all the control plane protocols and addressing.
What are the 3 basic control planes in SD-Access fabric?
- Control plane based on LISP
- Data plane based on VXLAN
- Policy plane based on Cisco Trustsec
What is the name of the enhanced VXLAN?
VXLAN-GPO and supports Trustsec SGTs
Why is VXLAN preffered over LISP in the data plane?
VXLAN supports IP/UDP based MAC-in-IP encapsulation. For this reason it can be used on L2 and L3
What are Trustsec SGTs?
Tags that can be assigned to authenticated groups. Network policies can be applied through SD-Access based on this tag instead of IP/MAC.
What is the advantage of Trustsec tags for SD-Access?
- Network address independent GP based on tags
-
What are the 5 basic roles in SD-Access?
- Control plane node
- Fabric border node (core layer device)
- Fabric edge node (access/distribution switch)
- Fabric WLAN controller
- Intermediate nodes
How many roles can be assigned to a SD-Access device?
Multiple, minimum is one