Introduction to SD-Access

This topic is to discuss the following lesson:

Hello Rene,
First, i want to thank you once again for explaining technologies in plain english. This is so much fun reading your posts after all the articles in the internet which poses more confusion.
However i have a question. According to Cisco APIC-EM is end of life (https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/eos-eol-notice-c51-741252.html) and the replacement product is DNA Center Appliance.


If i understand it right the picture should look like:

Could you please confirm or correct me if i am wrong ?

Thanks again for your great posts.
Oliver

Hello Oliver

Yes, your updated diagram looks correct. It corresponds with the high level description at the following Cisco web site as well:


I will let Rene know to see if he can update this information, or if he has a new lesson planned for this.

Thanks again!

Laz

Thank you Oliver, I’m going to fix this!

Rene

1 Like

Also in addition to the above (which isn’t fixed yet :smile: ) could you maybe do a lesson on how SD-Access interoperates with traditional campus networks?

It’s on the ENCOR blueprint.

1 Like

DNA center seems to do the same thing as Vmanage. SD-ACCESS seems to have a lot of overlap with SD-WAN. Is the difference that you don’t use SD-ACCESS to connect remote sites?

1 Like

Hello Justin

Yes, these products are very similar as far as what they do. They are indeed products that conform to the Software Defined Infrastructure model where network management is implemented using a centralized Network Management System (NMS). Of course vManage is used for Viptela devices while DNA is used for Cisco.

Both SD-Access and SD-WAN are related in that they are technologies that use software as a method of centralized network management. One deals with the Access layer of a network while the other deals with the WAN. SD-anything is an umbrella term under which both SD-Access and SD-WAN fall under. Just like networking is an umbrella term under which access and WAN networks fall under. It’s the same relation but under different architectures.

So simply put, yes, the difference is that you don’t use SD-access to connect to remote sites, but SD-WAN instead.

I hope this has been helpful!

Laz

1 Like

Same observation here.

Hello Rene,

I am still not be able to clear myself on LISP role in control plane in SD-Access. Is it only to facilitate routing ?
VXLAN need VTEP IP and VNID to encapsulate data from source and send to destination. Is LISP will facilitate on mapping destination IP to VTEP IP? with the LISP , it need to send IP packet to RLOC and encapsulate original IP packets in the source and destination of RLOC IPs whereas in VXLAN it uses VTEP IP.

Are those VTEP IP considered as RLOC IP addresses while integrating LISP in SD access network? If there is an example on how it works , it would be easy to understand.

I am not able to understand how LISP work with VXLAN. Please help on this.

Hello Rupak

The combination of LISP and VXLAN within an SD-Access fabric can get quite involved. The lesson’s purpose was to give a general overview of the concepts involved. I suggest you take a look at this excellent content from a Cisco Live presentation:

Take a look starting from slide 39 which explains in detail the role of LISP in the control plane, and the role of VXLAN on the data plane.

I hope this has been helpful!

Laz

Hi, in the Cisco ENCOR 350-401 course, Unit 7.3.1 Cisco DNA, Introduction to SD-Access, you provide a username/password to access the Cisco sandbox that contains the DNA Center GUI.

Unfortunately, Cisco now requires an email address.

Please advise.

Hello Andrew

It is true that the login method has changed. You can choose to use several options including Google, Facebook, Github, or your Cisco ID if you have one. The access is stil free, but you simply must register to use the service. I will let @ReneMolenaar know to make the update to the lesson.

I hope this has been helpful!

Laz

Can I test SDA in a devnet sandbox?
I couldn’t find anything related to SDA in the sandbox.

Hello YongHun

SD-Access is implemented using several components as stated in the lesson. If you take a look at the following DevNet Sandbox list you will see an option called Cisco DNA Center with ISE. That option is essentially SD-Access in action.

I hope this has been helpful!

Laz

Why cisco recommends ISIS as the default underlay protocol in Cisco DNA Center ?

Hello Hassan

According to this Cisco SDA Design Guide, IS-IS is recommended and is required when implementing LAN Automation. LAN Automation is a plug-and-play zero-touch automation of the underlay network, which automatically builds a solid error-free underlay network foundation. Cisco DNA center automatically finds and adds switches to the underlay routing network, which is provisioned with an IS-IS configuration.

Even so, both OSPF and EIGRP are also suitable for use with Cisco DNA as stated in this section of the document mentioned above.

I hope this has been helpful!

Laz

Hey there,

When installing a DNAC virtual appliance on ESX, is it mandatory to get a licence for SD -Access lab, preparing CCIE infra practice ?

Thanks for yr help

Hello Rene and Laz.

The numbering on this lesson is a little out of place, for ex:

Kind regards,
David

Thanks @davidilles it has been fixed.

@lagapidis

which is the difference between :

4.ISE :

ISE is Cisco’s AAA product and has been out for a while now. ISE applies the policies you create through DNA center.

and

3.3 Provision

This is where we add new devices to the network and where we apply network policies to devices.

And also between :

3.4Assurance

Assurance is where you monitor the entire network. You can see an overview of all network devices, (wireless) clients, and applications. You can monitor the health status and an overview of all issues in the network.

5 NDP

This is a new Cisco product. NDP is the analytics engine that analyzes all your logging information, NetFlow, SNMP, etc. It collects metrics of everything in the fabric, including devices, users, and “things” (Internet of Things). You can monitor everything that NDP collects through DNA center.

I know by intuition that are subtle differences but i can’t differentiate roles/functions (remarked in bold) between them.

Thks in advance.