I’ve recently been on a study tour with Cisco to look at the latest and greatest innovations in networking.
As an upfront intro, I’ve been a networking engineer for over 20 years now, with over 15 years of that as a CCIE. In a nutshell, I’ve lived and breathed command line, as every network engineer worth their stripes has. Why change something that works? In this blog, we’ll take a look at that exact question.
We’re all learning, and this is my current understanding of all these terms. Know any different? Feel free to provide some feedback for discussion.
Defining Software Defined Architecture (SDA)
Have you heard the term Software Defined Access (SDA for short), or Software Defined Networking (unsurprisingly SDN for short)? These are banded around quite freely these days in regards to networking and are key concepts.
Essentially SDA is the concept of uncoupling that reliance on the CLI. Let’s start with a key concept – SDA underlay and SDA overlay.
I've got a blog just on the topic of what Cisco SD Access is, if you wanted to read more on that.
SDA Underlay vs Overlay
SDA underlay is where the network configures its routed core. Gone are the days of a layer 2, VLAN centric network. It is automatically configured and its layer 3 in nature. This is the SDA network underlay – essentially it’s about providing connectivity between all network elements, so all corners of the network can now route to each other (Cisco is using IS-IS for the underlying routing protocol, due to its ability to use L2 tags).
Once the SDA underlay is complete, you can move on to the SDA overlay. The overlay is the actual features (or Contracts) that you have configured. Devices are now tagged and based on the tag, functionality is provided to a device. The contract might determine and end-end QoS profile, or determine that one device can see a subset of other connected devices, but may not route to an external destination, and so on.
Hopefully this makes sense – the SDA underlay is the base network, the SDA overlay is the network functionality that a user experiences.
Policy Based Networking
Policy Based Networking is another related term, worth a quick look at. On the one hand, I think this term is pretty synonymous with the term SDA Overlay that I defined above. Perhaps though, it should be considered as a combination of the SDA Underlay and SDA Overlay combined functionality.
Policy Based Networking is all about freeing the user from the command line to really focus on the type of network policy they want to deploy and not worry about the CLI specifics.
Micro Segmentation is the concept of having multiple clients in the same VXLAN, but allowing them to all have a different policy.
This is based on tags and provides for an incredibly granular ability to determine what access different clients will have. Cisco have a pretty good video on what Micro-Segmentation is, which is worth a watch.
This is much more powerful than the existing (and at some point in the not too distant future, legacy technology) of allocating clients to different VLANs, with routed connections between them.
What is SDA Fabric?
And so, this takes us to the real question we want to answer in this blog – what is SDA fabric?
Answers on a post card, but this is my take:- we’ve defined SDA as the ability to use a GUI based management system to configure the network, and not have to use the CLI.
SDA frees the network admin to configure the network, based on policy, not your ability with the CLI.
Fabric is something a little different – but builds on this theme.
When you integrate the network elements (and I mean switches, WLCs, routers here), into the SDA Fabric, you hand them over to the SDA architecture.
What I mean by this is that you wipe the device and its completely configured – and controlled by DNA Center from this point.
The combined sum of all the switches now act like a single giant switch, where you can plug in anywhere you like and Policy Based Networking be applied to tag you and dictate the network experience you receive.
What is SDA Fabric Summary
In essence, SDA Fabric spins everything we’ve known about networking on its head. I’ve always designed networks with VRFs, VLANs and carefully allocated subnets. You’ve got your classic Cisco three tier model (core, distribution and access), but not its all changed. VXLAN is there to replace VLANs now, so this is another new term to add to the networking engineers vocabulary.
The network allocates most of the config for you – your job is to ensure you architect the physical layer to be efficient and resilient – and after this let the SDA Fabric overlay do its thing.
If you're looking for a bit more information on how SDA and Cisco DNAC work together, take a look our free onDemand Webinar with Cisco's Yousif Oraha - "The Power of SDA with Cisco DNA Center"