Cisco's SDA Architecture maps the new SDA Fabric design to the traditional "core-distribution-access" network. This blog provides an introduction to compare the traditional network designs with the new SDA Fabric designs.
Cisco's Software-Defined Access (SDA) is their offering for the future of enterprise networking.
Enabled by Cisco DNA Center, the traditional enterprise network is converted into a physical underlay and logical overlay, making the network fabric which is "software defined". We've covered this in our blog "What is Cisco SDA Fabric?"
Traditional Architecture vs SDA Architecture
In order to consider SD-Access as a technology, it is important to understand the role that each device has in the fabric, and how the architecture of SD-Access relates to the traditional network.Traditional network designs are built from the three layer architecture we are all familiar with:
- Core: Typically where Layer 3 terminates and the routing protocols exist
- Distribution: Layer 3 in larger designs, typically only Layer 2 (VLANs) in smaller designs
- Access (edge): Layer 2 only typically, with all the access devices connecting
I must have read about the above in so many Cisco press books!Cisco SDA Fabric designs though have some differences:
- Border and Control Plane Node: Connects the Fabric to the outside world. Control plane nodes are used to map endpoint to devices relationships
- Fabric Edge: Connects devices into the Fabric
- Policy Extended Node: In simple terms, these are used to extend the reach of the Fabric
This blog will contrast and compare the above, so we can see how they map to each other.
Traditional Network Architecture
Traditionally we have all learnt how networks are built based on the 'three layer design'. This encompasses the Core, Distribution and edge layers.
For many smaller networks, the Core and Distribution and collapsed in to one layer (known as a 'Collapsed Core' design).
There is of course the WAN router / firewall, which allows for interconnection between differing switch blocks (normally because they have a different security level of traffic), or acts as your internet connection.
The overview diagram below sets the scene for our classic network architecture high level design:
The three layer hierarchy has stood the test of time - we have been building networks in this way for decades now.
For the most part these networks are built with the Layer 3 terminated at the Core (or possibly distribution for a large network), with Layer 2 VLANs (and other protocols) cascaded through the layers of the design.
Let's take a look at Cisco's SDA Architecture design next.
Cisco SDA Architecture
While the physical layer looks pretty similar with Cisco SDA Architecture, the logical does not.
Essentially the extensive Layer 2 designs with traditional are a thing of the past, with a lot more Layer 3 in use - and with this change, we are able to abandon many legacy protocols.
Legacy protocols (which I'm really using to describe Layer 2 protocols) are becoming deprecated in favour of Layer 3 and a much greater level of granular control - and mobility.
Let's take a look a the base set of building blocks for an SDA Fabric design:
The fabric roles that a device can be given in SDA include:
- Border node
- Control plane node
- Edge node
- Policy extended node
Control plane nodes coordinate the flow of traffic around the fabric (like the brain of the solution).
Border nodes serve as the ingress and egress point for all fabric data. Think of these as the perimeter for each fabric site.
Edge nodes are the part of the fabric where endpoints connect.
Each edge node acts as an anycast default gateway, so that regardless of where it is in the campus or which switch an endpoint is connected to, the network will appear to be the same.
This allows the SDA network to operate as a switched fabric. Endpoints can be directly
Policy extended nodes operate as traditional layer 2 switches, like a typical access layer, with the added bonus of enforcing Cisco TrustSec policy.
Mapping Traditional Architecture to SDA Architecture
Bringing the two diagrams in the sections above together, we can see how these map between traditional (legacy) network design, and the new Cisco SDA Fabric design.
Each of these devices roles can be mapped to a traditional device role for the sake of simple migration. For details, refer to the diagrams below:
In smaller networks, all of these device roles can be shared by one device, or split across and handful of devices as required. In large networks, key roles like border and control plane can be distributed among multiple devices for redundancy and scalability.
- Cisco DNA Center Enablement
- Software Defined Networking Explained
- Cisco AI Analytics in operation
- Cisco Machine Learning and AI
Cisco SDA Architecture: Summary
This blog has been all about introducing some of the key concepts of SDA Fabric - which is what are the relevant layers with which Fabric is built.
Roughly speaking, they can be mapped - while the protocols are now different - and Layer 3 is must more prevalent, the way in which networks are designed and built still requires the connection of edge / access devices, as well as interconnect points, running Layer 3.
If you're interested to learn more about how we can help, download our Cisco DNA Center Enablement brochure.
It will take a little while to get across all the new terminology in the move into the world of SD-Access.
Hopefully this blog has been of some use in that journey!