Software Defined Networking

Question 1

What is a network fabric?

Answer 1

A cohesive overlay network which obscures the physical underlay.

Question 2

What is network assurance?

Answer 2

Monitoring and analytics of device health metrics, ip reachability, traffic patterns

Question 3

What are the 5 layers of SD-ACcess?

Answer 3

1. Physical
2 underlay
3 overlay 
4 controller
5 management

Question 4

What are the 3 planes of SD-Access overlay network?

Answer 4

Data plane
Control plane
Policy plane

Question 5

Describe the SD-Access data plane.

Answer 5

Uses VXLAN for transporting data between hosts.

Network is divided into Virtual networks (VNs) to segment routing and forwarding domains.

Question 6

Describe the SD-Access Control plane.

Answer 6

Control plane uses LISP to reduce load on individual devices when layer 3 routing.

LISP creates a MR/MS to maintain routing forwarding information for the entire overlay.

Question 7

Describe the SD-Access Policy plane.

Answer 7

The propriety VXLAN sgt tag is added upon port ingress to a VTEP (inline tagging)

The SGT tag is used to enforce QoS and is checked upon egress of a VTEP. SGTs usually correspond with a organisational role

Question 8

What is the Cisco term for SGTs used for VXLAN/SD-Access?

Answer 8

Trustsec

Question 9

What is the term for a VXLAN packet containing a SGT?

Answer 9

The packet is called a Group Policy ID and VXlAN is using the VXLAN-GPO format.

Question 10

What is a fabric enabled network device?

Answer 10

Any device which participated in the underlay or overlay network and is controlled by a DNAC.

Question 11

What are the 4 types of fabric enabled devices used in SD-Access?

Answer 11

Control plane node
Fabric Border node
Fabric edge node
Fabric WLAN controller

Question 12

What is the purpose of the SD-Access control plane node?

Answer 12

Router or switch acting has the LISP MR/MS server.

The control plane node acts as a central IP routing and MAC address table for the overlay fabric.

It’s also responsible for mapping SGTs between Ethernet and VXLAN headers.

Question 13

What is the purpose of the fabric edge node?

Answer 13

Hosts entry point into the VN.
Fabric edge is a LISP xTR but uses VXLAN encapsulation for building layer 2/3 tunnels.

They SGT tag Ingress traffic, authenticate with 802.1X and act as the GW for hosts.

Question 14

What is a fabric end nodes anycast gateway?

Answer 14

ALL fabric edge nodes have matching SVI ip addressing and MAC address for any given VN.

This allows a host to connect to ANY fabric edge node and retain its GW information.

Question 15

What purpose does the Fabric border node serve?

Answer 15

Provides connectivity for devices outside of the fabric.

Redistributes routes internally used by the fabric with outside networks.

Question 16

What is a Default Fabric border node?

Answer 16

A simple border node adverting a default route out of the fabric.

Question 17

What is the purpose of the Fabric WLC node?

Answer 17

Used for connecting and managing APs CONTROL plane data only (CAPWAP)

Question 18

How is APs data traffic handled in a SD-access fabric?

Answer 18

All data traffic flows through the fabric edge VXLAN tunnel, applying SGTs and enforcing egress policy’s

Removing the WLC allows wireless clients to be treated similar to physical hosts.

Question 19

What are the 3 components of the SD-Access Controller layer?

Answer 19

Network controller platform (NCP) : Automation

Network Data Platform (NDP): assurance

Identity services engine (ISE): identity and policy

Question 20

What services run on the Network Controller Platform?

Answer 20

DNA Provision and DNA design use NETCONF and YANG to push automation tasks to fabric devices.

Question 21

What services run on the Network Data platform?

Answer 21

Collects metrics using SPAN, SNMP and NETflow for traffic analysis and health analytics

Question 22

What services run on ISE?

Answer 22

Controls network access via TACACs, RADIUS, MAB, 802.1.X and webauth