DNA center seems to do the same thing as Vmanage. SD-ACCESS seems to have a lot of overlap with SD-WAN. Is the difference that you don’t use SD-ACCESS to connect remote sites?
Yes, these products are very similar as far as what they do. They are indeed products that conform to the Software Defined Infrastructure model where network management is implemented using a centralized Network Management System (NMS). Of course vManage is used for Viptela devices while DNA is used for Cisco.
Both SD-Access and SD-WAN are related in that they are technologies that use software as a method of centralized network management. One deals with the Access layer of a network while the other deals with the WAN. SD-anything is an umbrella term under which both SD-Access and SD-WAN fall under. Just like networking is an umbrella term under which access and WAN networks fall under. It’s the same relation but under different architectures.
So simply put, yes, the difference is that you don’t use SD-access to connect to remote sites, but SD-WAN instead.
I am still not be able to clear myself on LISP role in control plane in SD-Access. Is it only to facilitate routing ?
VXLAN need VTEP IP and VNID to encapsulate data from source and send to destination. Is LISP will facilitate on mapping destination IP to VTEP IP? with the LISP , it need to send IP packet to RLOC and encapsulate original IP packets in the source and destination of RLOC IPs whereas in VXLAN it uses VTEP IP.
Are those VTEP IP considered as RLOC IP addresses while integrating LISP in SD access network? If there is an example on how it works , it would be easy to understand.
I am not able to understand how LISP work with VXLAN. Please help on this.
The combination of LISP and VXLAN within an SD-Access fabric can get quite involved. The lesson’s purpose was to give a general overview of the concepts involved. I suggest you take a look at this excellent content from a Cisco Live presentation:
Take a look starting from slide 39 which explains in detail the role of LISP in the control plane, and the role of VXLAN on the data plane.
Hi, in the Cisco ENCOR 350-401 course, Unit 7.3.1 Cisco DNA, Introduction to SD-Access, you provide a username/password to access the Cisco sandbox that contains the DNA Center GUI.
Unfortunately, Cisco now requires an email address.
It is true that the login method has changed. You can choose to use several options including Google, Facebook, Github, or your Cisco ID if you have one. The access is stil free, but you simply must register to use the service. I will let @ReneMolenaar know to make the update to the lesson.
SD-Access is implemented using several components as stated in the lesson. If you take a look at the following DevNet Sandbox list you will see an option called Cisco DNA Center with ISE. That option is essentially SD-Access in action.
According to this Cisco SDA Design Guide, IS-IS is recommended and is required when implementing LAN Automation. LAN Automation is a plug-and-play zero-touch automation of the underlay network, which automatically builds a solid error-free underlay network foundation. Cisco DNA center automatically finds and adds switches to the underlay routing network, which is provisioned with an IS-IS configuration.
Even so, both OSPF and EIGRP are also suitable for use with Cisco DNA as stated in this section of the document mentioned above.
ISE is Cisco’s AAA product and has been out for a while now. ISE applies the policies you create through DNA center.
and
3.3 Provision
This is where we add new devices to the network and where we apply network policies to devices.
And also between :
3.4Assurance
Assurance is where you monitor the entire network. You can see an overview of all network devices, (wireless) clients, and applications. You can monitor the health status and an overview of all issues in the network.
5 NDP
This is a new Cisco product. NDP is the analytics engine that analyzes all your logging information, NetFlow, SNMP, etc. It collects metrics of everything in the fabric, including devices, users, and “things” (Internet of Things). You can monitor everything that NDP collects through DNA center.
I know by intuition that are subtle differences but i can’t differentiate roles/functions (remarked in bold) between them.
Notice that Cisco ISE and NDP are two separate entities. These are actually separate software processes that are run on either dedicated hardware, or on virtual machines. In each case, each one serves a very specific purpose:
ISE is a security policy management platform that enables organizations to enforce security policies across their network infrastructure. This includes things like Network Access Control, Authentication and Authorization, Endpoint Compliance, Device Profiling, Security Intelligence Integration, and Policy Enforcement Across Wired, Wireless, and VPN. ISE can be used as a standalone solution, but or it can be integrated with DNA Center, where the policies defined in DNA can then be enforced by ISE. More about ISE can be found here.
Cisco Network Data Platform or NDP is a multipurpose real-time network data collection and analytics engine used to significantly increase the business potential of network data. It is essentially an analysis tool that “ingests” a multitude of logging and monitoring info and does data correlation analysis, visualization, and action through a whole series of APIs connected to the DNA system.
Now the provision and assurance sections, as they are described, are actually parts of the DNA center dashboard. The provision section essentially lists the network devices that are “registered” to the DNA center and are configured and prepared to receive commands and to be controlled by the DNA center. The assurance section essentially gives you an overview of the network where you can view various aspects and vitals. You don’t control anything there, you only view. Does that make sense?
I believe that the only way to be able to further and more deeply understand the various concepts and their inner workings is to gain hands-on experience with these systems. You can do a bit more reading about each one, but nothing can replace the benefit of real hands-on experience.