Software-Defined Access (SDA) is a new Local Area Network Architecture that uses Software Defined Networking with physical network devices. It is the last technology for Enterprises, that provide an efficient network built, management, operationand more. In Cisco SD Access Architecture, there is a central Cisco DNA Center (Digital Network Architecture Center) as a contoller and users that manages network over a software GUI, provide network automation with APIs. SD- Access is an important product of Cisco DNA Architecture.
Users can access to the Controller in two ways in Cisco SD Access: With GUI and with APIs.
SDA Access Architecture
In Software-Defined Access (SDA), Cisco SD Access, Conroller has two sides as all SDN Architectures. These are:
- Southbound Interface
- Northbound Interface
Southbound Interface has three sub parts. These are:
Underlay is the physical part of the SDA Southbount part. Pyhsical network devices like cables, switches,routers etc. resides in this part.
Overlay is the part with which VXLAN Tunnels are created between SDA switches to provide data transfer between different fabrics.
Fabric is the combination of both physical underlay and the logical view overlay. In other words it is the complete solution of virtual overlay network over physical traditional network.
Now, let’s learn each of these part detailly.
SDA Underlay is the physical part of the Cisco SD Access southbound part. Here, there are physical switches, routers, cables etc like traditional networks. It is also a traditional network. The main aim of this connectivity is to support VXLAN tunnels that will be used on SDA Overlay.
There are different nodes used in SDA Underlay according to their roles. These nodes are:
- Fabric edge node
- Fabric border node
- Fabric control node
Fabric edge nodes are similar to the Access switches. They are close to the user and connected to the endpoint device.
Fabric border nodes are the border node that connects devices that resides in outside the SDA.
Fabric control nodes are the high capacity nodes that provide control plane processes of SDA Underlay.
To support Cisco SD Access, these devices can be purchased for you company or you can use your existing devices according to their support. The advantage of getting new devices is, DNA Center’s auto recognize and making the configuration automatically.
SDA Underlay uses Routed Access Design. The configuration of Routed Access is done by DNA Center. Routed Access will be explained in another lesson but basically we can define is as “Using layer 3 instead of layer 2” fort he communciation between SDA Underlay nodes. For this capability, Routed Access Design uses the below features:
- All links between devices are Layer 3 links
- All used switches are multi layer switches
- IS-IS Protocol is used as a Routing Protocol
- Traffic routing is done with routing protocols
Basically, instead of switching, we are using routing in Routed Access. And with DNA Center, this can be confiugred automatically fot SDA Underlay.
SDA Overlay is the logical part of the Cisco SD Access southbound part. Here, the VXLANs Tunnels are used to transfer data between fabrics.
Overlay is the part with which VXLAN Tunnels are created between SDA switches to provide data transfer between different fabrics. Here at the first Fabric edge node, the frame is encapsulated with VXLAN and send to the network. The nodes SDA network send the data without doing anyting, with VXLAN tunnel. At the other end VXLAN encapsulation is removed and the data reached the other end.
SDA Overlay: Data Plane and VXLAN Tunnels
VXLAN is the abbreviation of “Virtual Extensible LAN”. This technology is used to transfer data between SDA End Points as Tunnelled. VXLAN is a good performing technology, because it is using ASICs.
Basically when the end points send data to the SDA Fabric Edge Node, it encapsulate the data with VXLAN. The data travels in this VXLAN Tunnel and at the other end VXLAN part is removed.
This tunnel end poins are configured with different IP blocks that the original block of the network as other tunnelling technologies. Think about GRE tunnels. These tunnels are also use different IP block fort he tunnel end points. In other words, physical interfaces uses different ip blocks and tunnel interfaces uses another.
SDA Overlay: Control Plane and LISP
LISP (Locator ID Separator Protocol) is a network protocol that allows using two addresses instead of single IP address. These addresses are
- Endpoint Identifier (EID)
- Routing Locator (RLOC)
Endpoint Identifier (EID) is the address that is assigned to end hosts.
Routing Locator (RLOC) is the address that is assigned to primary routers.
In Control Plane of Cisco SD Access, we will use both of these addresses. Let’s see how.