New Training: Explain SD-Access Fabric Operation
In this 10-video skill, CBT Nuggets trainer Jeff Kish covers the three planes of SD-Access, the protocols that comprise the solution, the packet flow of an SD-Access environment, and more. Watch this new Cisco training.
Learn Cisco with one of these courses:
This training includes:
- 10 videos
- 53 minutes of training
You’ll learn these topics in this skill:
- SDA Control Plane – LISP
- SDA Data Plane – VXLAN
- SDA Policy Plane – CTS
- User Authentication
- Endpoint Onboarding
- Endpoint Roaming
- External Networks
- Packet Walk
- Review and Quiz
3 Planes of SD-Access: An Introduction
Cisco's SD-Access is part of their Digital Network Architecture (Cisco DNA), which automates segmentation to separate device, user and application traffic as well as policies with no changes to the underlying physical and wireless network.
The Fabric overlay network is a logical topology connecting devices virtually and provides access to all the familiar devices like routers and switches. As the name implies, it sits atop a physical underlay, generally providing additional features not available in the underlay. The three components of the fabric overlay are:
The Policy plane is based on Cisco TrustSec (or CTS) for short. CTS is a broad term from Cisco covering ACLs and general security improvements.
The Control plane is based on the LISP protocol. LISP acts as a destination lookup, similar to DNS and helps save CPU cycles and create smaller routing tables
The Data plane based on Virtual Extensible LAN or VXLAN. Simply put, VXLAN greatly expands the address spaces available in a LAN by adding a 24-bit segment ID