Software Define Networking Sec and Network Programamability Flashcards
- Traditional Routing and Switching Planes
- Configuration and monitoring
- Typically done via the traditional CLI or GUI
- Each Vendor has this proprietary way to configure its devices
Management plane
- Traditional Routing and Switching Planes
- Layer 2 protocols and Control
- Layer 3 Protocols (OSPF,BGP,RIP etc)
Control Plane
- Traditional Routing and Switching Planes
- institutes how data is forwarded inside the hardware from interface to interface
Data Plane
Introduced the notion of centralized controller. Has a global view of the network and it uses the common management protocol to configure the network infrastructure devices
- Centralizes management by abstracting the control plane from the data forwarding function in the discrete networking devices.
- Is an architecture designed to make a network more flexible and easier to manage
SDN
SDN Controller
Provide the ability to automate settings and networking policies and configurations in a very flexible and scalable way.
-is an industry-leading secure, open, and comprehensive Software-Defined Networking (SDN) solution. It radically simplifies, optimizes, and accelerates infrastructure deployment and governance and expedites the application deployment lifecycle.
Cisco ACI Solution
Is a network virtualization technology that leverages encapsulation technique similar to vlan to encapsulates layer 2 ethernet frames within UDP packets (over UDP 4789 , by default)
Virtual Extensible LAN (VXLAN)
the ip address that represents the leaf VTEP is called?
Physical Tunnel endpoint (PTEP)
Additional functions of APIC
- “observer”: monitors the health, state and performances information of CISCO ACI pod
- “boot director”: in charge of booting process and firmware updates
- “application director”: manages the formation and control of the APIC appliance cluster
- “virtual machine manager” is an agent between the policy repository and hypervisor management system (VMware centre”
- “event manager: manages and stores all the events and faults initiated from the APIC and CISCO ACI fabric nodes
- “appliance element”: maintains the inventory and state of the local APIC appliance
allows you to tunnel layer 2 ethernet packets with different encapsulation over a layer 3 network
Overlay network
enforce network segmentation in VM Level or containers regardless of VLAN or subnet
micro-segmentation
Open source initiative trying to provide micro segmentation
Neutron from openstack Open vswitch (OVS) Open Virtual network (OVN) Opendaylight (ODL) Open platfrom for network function vritualizatio(OPNFV) Contiv
is used to communicate between the SDN controller and the switches and routers within the infrastructure. Enable SDN to dynamically makes changes based on real-time demands and scalability needs.
Southbound API
are typically restful API that are used to communicate between the SDN controller and the services and applicaiton running over the network. in short it is the link between the application and sdn controller
Northbound APPI
is a technology that addresses the virtualization of layer 4 through layer 7 services. Eg firewall, load balancer, security services
Network Functions Virtualization
Open source solutions of. NFV. aims to be the base infrastructure layer for running virtual network functions
OPNVF
is a solution created by cisco often referred to as the “ intent-based networking “ . Provides automation and assurance services across campus networks, wide area networks and branch networks.
Cisco Digital Network Achitecture(DNA)
Northbound REST APIs that expose specific capabilties of the cisco DNA centre platfrom
Intent API
Components of the Cisco DNA security solution. allows you to detect security threats in encrypted traffic without decrypting the packets
Cisco ETA (Encrypted traffic analytics)
standard-based web services access protocol that was originally developed by microsoft and has been used by numerous legaccy applications for many years
-Exclusively uses XML to provide API services
Simple Object Access protocol(SOAP)
is an API standard that is easier to use than SOAP. Utlises JSON instead of XML. It uses standards like swagger and OpenAPI specificatation
Representational State Transfer (REST) API
another query language for API that provides many developers tool. now used for many mobile applicaitons and online dashboards
GraphQL and queryable API
is a modern framework of API documentation and is now the basis of the Open API specifications (OAS)
swagger (openAPI)
XML based language that is used to document the functionality of a web services
Web services description language (WSDL)
and Web application description language (WADL)
is an api contract language used in many networking devices. defined in RFC6020
YANG
specification written in YANG is referred to as ?
YANG module
collection of yang module is called
YANG model
yang model of a devices is often called?
defining the structure and content of messages between the application and the devices
schema
defined in RFC 6421 and 6422. created to overcome the challenges in SNMP
NETCONF
defined is RFC 8040 and it follows the REST principles
RESTCONF
is a collaborative effort to provide vendor neutral data models (in YANG) for network devices
OpenConfig
Similar to NETCONF and RESTCONF. Uses YANG models but it can be used with other interface description language (IDL)
gRPC Network Management interface (gNMI)
an appliance that provides graphical and programming interface to design, configure, monitor and troubleshoot your network devices
-A takes a software-delivered approach to automating and assuring services across your campus, WAN, and branch networks.
Cisco DNA
VXLAN uses an identifier that represent a logical segment that is called ?
VXLAN Network Identifier
IP Tunneling mechanism sample
Virtual Extensible Lan (VXLAN)
Network Virtualization using generic encapsulation (NVGRE)
Stateless Transport Tunneling (STT)
Generic Network Virtualization Encapsulation (GENEVE)
