Cisco Digital Network Architecture (DNA) Center Flashcards
Cisco Digital Network Architecture (DNA) Cente
a powerful management system that leverages artificial intelligence (AI) to connect, secure, and automate network operations.
DNA Center Benefits
Get the network up and running faster with intelligent and automated provisioning.
Save valuable human capital with automation of routine administrative tasks.
Reduce outages and minimize business impact with AI-driven insights and predictive performance analytics.
Realize efficiencies of business process automation using an integrated Cisco and third-party ecosystem and leveraging the Cisco DNA Center application programming interfaces (APIs).
Deliver optimal user experience with deep insights into application performance and end-users’ application experience.
Secure the digital enterprise with intuitive security policy management, strong AI-driven enforcement, and zero-trust network access.
Help the organization achieve sustainability goals by managing IT energy and enabling smart buildings.
DNA Center Components
These are Cisco DNA Center components:
Design with physical maps and logical topologies.
Policy to define user and device profiles that facilitate highly secure access and network segmentation.
Provisioning for policy-based automation to deliver services to the network.
Assurance to combine deep insights with rich context to deliver a consistent experience and proactively optimize your network.
DNA Center Capabilities
AIOps is an AI-driven visibility, observability, insights, and troubleshooting to ensure the health of your users, applications, and infrastructure.
NetOps is an automation to simplify the creation and maintenance of your networks with flexibility to move from manual to AI-assisted to selectively autonomous network management.
SecOps is an AI-driven security to classify endpoints and enforce security policies for a complete zero trust workplace solution.
DevOps is a mature APIs, software development kits (SDKs), and closed-loop integrations to simplify and streamline ecosystem integration.
DNA Center NetOps Tools
These are Cisco DNA Center NetOps tools:
Inventory updates, EoX, credential status, port groups
Discovery improvements
Multiple access point (AP) groups and policy tags on the same floor
Granular software upgrade workflow and troubleshooting
CLI template compliance and compliance reports
Return Materials Authorization (RMA) support for modular switches and zero touch fabric RMA
Flexible AP refresh workflow
Enhanced learn device configuration workflow
AP provisioning enhancements
Enhanced User Defined Network (UDN) administration and troubleshooting
6 GHZ radio configuration
Historical trends for Cisco DNA license consumption
Intent-Based Networking (IBN)
provides three principal functional building blocks, as shown in the following figure—the capability to capture intent, functions to automate the deployment of the expressed intent throughout the network infrastructure, and the ability to provide assurance that the desired intent is being realized.
IBN Translation
Translation: Translation involves several functions in an intent-based model. One or more operators or groups of operators have the capability to characterize their desired intent, which may take the form of an easy-to-use GUI, an abstracted model (such as Yet Another Next Generation [YANG] or JavaScript Object Notation [JSON]/XML) that is intuitive and related to the business objectives, or even a predefined syntax or language. It can be defined by application developers as part of a continuous integration and delivery process, or in the future, it may even be achieved through text-to-speech expressions, in which operators verbally speak intent, and the intent-based system executes and provides verbal or other feedback. This abstract and business-near expression of what the network should do differentiates an intent-based approach from traditional network architectures.
Another capability of translation is to harmonize the captured intent into a common model-based policy, often with the help of a controller-based architecture. Intent expressed by various input mechanisms, potentially across multiple network domains, is translated into such standard model-based policies—a foundational step to use automation and allow sophisticated consistency and integrity checks to be applied. An important challenge relates to moving from a traditional network deployment to an IBN deployment. In this case, there are already policies in effect in the current network, but the network operator may or may not have a list or full visibility of all the currently deployed policies. Therefore, it is important to perform automatic host discovery and policy discovery to identify the policies in operation, to provide the operator with full visibility of all the running policies for review, and then to activate the desired policies automatically in the IBN deployment.
IBN Activation
Activation: Activation functions ensure that the derived model-based policies are disseminated throughout any of the relevant network domains. The physical or virtual network functions in an IBN can be managed in different operational domains (data center, WAN, branches, campuses) by the same or different operational teams. The orchestration function in an intent-based network allows for the dissemination of model-based policies into the relevant domains—meaning that policies can also be limited in scope to particular parts of the network.
Activation may also employ additional functions to further derive the appropriate device configurations. A domain controller can correlate the information about the network elements, their capabilities, and the topology. Additional checks for consistency at the configuration level may also be applied before programming the network elements using standards-based APIs, such as Network Configuration Protocol (NETCONF), YANG, or Representational State Transfer (REST).
IBN Assurance
Assurance: Assurance is a critical function of intent-based networking. It uses contextual analysis of data to provide validation that the intent has been applied as intended, and also continuously verifies that the desired outcomes are actually being achieved.
IBN Assurance Aspects
Continuous verification: Continuously verify the IBN system behavior before, during, and after deployment. Check that the system behavior is aligned to the expressed intent at any point in time. This capability requires ongoing observation of the network element states and events. Intent-based telemetry data specifically measures the performance of the expressed intent and is continuously collected and reported to the IBN assurance functions. Assurance algorithms, ranging from formal mathematical models to approaches based on telemetry and machine learning, guarantee that the network state and behavior are coherent with the desired intent at both the domain and cross-domain levels.
Insights and visibility: Derive insights based on analytics—correlate events and apply machine learning and artificial intelligence for validation, understanding, and prediction. In addition to verifying the current network state and its alignment with the expressed intent, assurance functions can derive more sophisticated insights and visibility into the behavior of an intent-based network. For example, they might predict violations of the expressed intent prior to changes being applied, understand or forecast trends, identify anomalies, and predict and validate system-level network performance.
Corrective actions: Apply a closed-loop cycle to realize corrective action and optimization. Anomalies, violations, and simple out-of-SLA situations that are detected can be programmatically fixed, leveraging the activation building block to create a systemwide adjustment. An intent-based network thus enables a mechanism to automate the remediation of any intent-based policy violations or to allow continuous optimizations to be automated to guarantee that the expressed intent is realized by the network. Note that, depending on the policy, the actions may be automatically executed or may be provided to the operator as recommendations, in which case the operator decides on execution.
DNA Center Design Workflow
The following is the suggested workflow for Cisco DNA Center design:
Create a hierarchy that consists of areas, buildings, and floors.
Define global network settings, for example, authentication, authorization, and accounting (AAA), DHCP, DNS, and Network Time Protocol (NTP).
Define the “golden image” to ensure consistency in your network.
Create templates to automate applying commonly used configuration to the devices.
Define network profiles to apply the templates to the devices.
Assign devices to specific locations, for example, a building.
Network Hierarchy Elements
Areas or sites do not have a physical address, such as the United States. You can think of areas as the largest element. Areas can contain buildings and subareas. For example, an area that is called United States can contain a subarea that is called California, and the subarea California can contain a subarea that is called San Jose.
Buildings have a physical address and contain floors and floor plans. When you create a building, you must specify a physical address, and latitude and longitude coordinates. Buildings cannot contain areas. By creating buildings, settings can be applied to a specific area.
Floors are within buildings and consist of cubicles, walled offices, wiring closets, and so on. You can add floors only to buildings.
By default, there is one site that is called “Global,” but more sites, buildings, and areas can be added to the network hierarchy.
DNA AAA
For AAA services, Cisco ISE or any other AAA servers can be added to perform network, client, and endpoint authentication:
Both RADIUS and TACACS are supported for network authentication.
Only RADIUS is supported for client authentication.
Only one Cisco ISE deployment is supported per Cisco DNA Center.
DNA Center - NetOps - Network Settings: Override Global Servers
Adding a common set of servers to Cisco DNA Center results in the default settings for the entire network.
There are two primary areas from which you can define the settings within your network:
Global settings: Settings that are defined in global settings affect your entire network.
Site settings: Settings that are defined in site settings override the global settings and are applied to the site only. All sublevel sites are also affected.
Each site inherits the settings from the level above. Inherited settings can be overridden at any level, providing flexibility in the network design.
The inheritance logo indicates that the setting is inherited. If the logo is not present, the setting is overridden.
DNA Center - NetOps - Network Settings: Device Credentials
Device credentials refer to the CLI, Simple Network Management Protocol (SNMP), and HTTPS credentials that are configured on network devices.
Cisco DNA Center uses these credentials to either discover or collect information about the devices in your network:
CLI credentials must be preconfigured on the network device and must match the credentials in Cisco DNA Center.
SNMP credentials can be populated to the network device once the device is added to the Cisco DNA Center.
HTTPS credentials are used to discover Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) devices only.
