Certifications / Cisco

DNA Center: The Enterprise Network Has Forever Changed

by Knox Hutchinson
DNA Center: The Enterprise Network Has Forever Changed picture: A
Follow us
Published on March 29, 2021

It's hard to be in the IT field and not hear endless buzzwords. All around us, we're being told to learn network automation, software-defined networking, and DevOps. Or this and that new technology. It can be overwhelming. Who really uses this stuff anyway?

Then along comes Cisco. A few years ago at Cisco Live, they announced a new platform that is going to revolutionize networking in large enterprises. Cisco DNA Center is the total package for implementing intent-based networking in your business. Here we go again with more buzzwords that even I still wasn't quite familiar with at first.

So before we can talk about what DNA Center does and why you should learn it, we need to address these buzzwords that keep flying around. Let's start with intent-based networking, but talk about it within the context of DNA Center.

What Exactly is Intent-Based Networking?

Think about how you currently enforce a network policy. You have a subnet that has all of your IoT devices on it like refrigerators, thermostats, and cameras. It makes sense that you wouldn't want those devices to reach your servers that are protected by HIPAA regulations. So you may have to SSH into a device or a few devices, and create rules on each device (like an Access Control List) that prevent that traffic. Or better, you may create VRFs on every device in your network, but that requires a lot more work.

With intent-based networking, you can simply declare that IoT devices should never reach HIPAA servers — and the network configures itself to create that policy. It is your business's intent that these two categories of devices should never communicate, so you only have to focus on our intent. And this my friends, is one of the key things Cisco DNA center can do for you.

DNA Center implements a cool technology called an SD-Access fabric that has a bunch of moving parts and does several really cool things. So let's chat about how the SD-Access fabric can implement your business's intent.

Business Intent: Macro-segmentation and Micro-segmentation

The first thing that DNA Center and the SD-Access fabric implements is segmented traffic. Within DNA Center, you can create what are called Virtual Networks. Within those virtual networks, you add users and groups. So let's say you create a Virtual Network named IT-Net, consisting of IT roles, including domain admins, the help desk, and NOC staff.

At the end of the day, each Virtual Network that you create in DNA Center is essentially a VRF that is deployed throughout your campus. When a user in the Domain Admins group connects into the network for the first time, they type in their username and password, and once authenticated, are placed into their respective Virtual Network. Unless you explicitly allow it, users in the virtual network will not be able to reach any other virtual network and vice versa. By separating the IT-Net from, say, the HR-Net (which contains all HR staff), you have implemented macro-segmentation.

But within each virtual network, you can get more granular. You can specify which groups or users are allowed access to other groups, endpoints, or users within the same virtual network. This is known as micro-segmentation policy.

The crazy thing about this is that it takes a couple of minutes to create a new virtual network, groups, users, endpoints, and deploy to an entire campus. DNA Center simply handles all the heavy lifting for you through a series of automation technologies. So now, network engineers can spend their time focusing on the policy and business intent rather than the individual network configurations.

Seamless Routing via SD-Access Fabric

The SD-Access fabric is composed of several different technologies, but at the heart of it, there are three main protocols at play. Interestingly, they are LISP, which primarily is used in the service provider industry. There is VXLAN, which is primarily seen in the data center world. And there is Cisco TrustSec, which is primarily seen by security professionals.

Without getting into the details, combining these three technologies together allows for total roaming by an end user anywhere on campus without a single change in network configuration. That's right, an end user can move from one end of campus to another without ever changing their IP address, gateway, and most importantly, policies.

Whether a domain admin is sitting at their desk, or eating in the cafeteria, they will remain in the IT-Net virtual network, and their macro- and micro-segmentation policies will still apply to them.

The DNA Center: Unparalleled Insight Into Your Network

Once DNA Center has control over all of the network devices throughout a campus, it begins pulling in a tremendous amount of data. This data comes from numerous protocols, such as SNMP, Netflow, Syslog, and arguably the most important, Netconf streaming telemetry subscriptions, which we cover in detail in our ENAUTO course.

Each device you have in your network will be pushing data into DNA Center seemingly nonstop — and DNA Center will store and aggregate this data for 7 days. What does DNA Center do with a week's worth of streaming data from hundreds or even thousands of network devices?

A lot.

DNA Center begins using machine learning algorithms to determine what is normal for your network so that it can detect anomalies. It also can pinpoint when certain network events or outages occur. It highlights when network devices have any issues, failures, warnings, alerts, or information. Also, it can alert you when malicious traffic is occurring within the network.

And once it has all of this data, DNA Center presents it via easy-to-digest dashboards that are broken down into three categories: Client Health Dashboard, Network Health Dashboard, and Application Health Dashboard.

Because users are authenticated once they connect to the network, DNA Center can collect client-specific information, so you can work with end users simply pulling up their username and looking at all of their events the past seven days.

The network device data shows you any issues that could be occurring within the routing or fabric domain. And the Application Health dashboard classifies traffic collected from Netflow and Telemetry subscriptions to determine which applications and protocols end-users are requiring or perhaps experiencing issues with.

So, what's the point?

DNA Center is a single comprehensive solution that greatly simplifies operating a large campus network. That being said, large campus networks are still not simple. Because the technology itself can be somewhat complex, what you will find quickly is that learning DNA Center on your own is quite a challenge. Until now.

We, at CBT Nuggets, recognized that the DNA Center represents the future for campus networks. This is on top of the fact that it is a significant portion of the new CCNP and CCIE exam blueprints. So, we felt it was our obligation to bring to you the most comprehensive DNA Center training around. If you are ready to begin your journey into intent-based networking on a large campus with DNA Center, we hope you learn with us.


By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522