IID—Instance-ID (LISP). 0 introduced VRF-lite support. Lab 8-5: testing mode: identify cabling standards and technologies for sale. As a wired host, access points have a dedicated EID-space and are registered with the control plane node. ● Provision—Provisions devices and adds them to inventory for management, supports Cisco Plug and Play, creates fabric sites along with other SD-Access components, and provides service catalogs such as Stealthwatch Security Analytics and Application Hosting on the Cisco Catalyst 9000 Series Switches. The guideline numbers for the site reference sizes are based on the design strategy to maximize site size and minimize site count. Anycast RP Technology White Paper: Campus Network for High Availability Design Guide, Tuning for Optimized Convergence: Campus Network for High Availability Design Guide: Cisco Catalyst 9800-CL Wireless Controller for Cloud Data Sheet: Connected Communities Infrastructure Solution Design Guide: Cisco DNA Center & ISE Management Infrastructure Deployment Guide: Cisco DNA Center and SD-Access 1. The fast convergence is a benefit of quick link failure detection triggering immediate use of alternate topology entries preexisting in the routing and forwarding table.
The services block serves a central purpose in the campus design: it isolates or separates specific functions into dedicated services switches allowing for cleaner operational processes and configuration management. The response received from the control plane node is stored in the LISP map-cache, which is merged to the Cisco Express Forwarding (CEF) table and installed in hardware. Physical geography impacts the network design. Lab 8-5: testing mode: identify cabling standards and technologies available. This is where the term fabric comes from: it is a cloth where everything is connected together. Traffic is forwarded with both entries using equal-cost multi-path (ECMP) routing. In an environment with fixed multicast sources, RPs can easily be placed to provide the shortest-path tree.
Specifically, there must be a known underlay route between the Loopback 0 interfaces on all fabric nodes. A wireless LAN controller HA-SSO pair is deployed with redundant physical connectivity to a services block using Layer 2 port-channels. Lab 8-5: testing mode: identify cabling standards and technologies.com. Using Cisco DNA Center to automate the creation of virtual networks with integrated security and segmentation reduces operational expenses and reduces risk. This allows for both VRF (macro) and SGT (micro) segmentation information to be carried within the fabric site. Network-level policy scopes of isolated control and data planes are possible using VNs, while group-level policy scopes are possible using SGTs within VNs, enabling common policy application across the wired and wireless fabric. In MPLS Layer 3 VPN, these generic fusion routers are used to route traffic between separate VRFs (VRF leaking). The relay agent sets the gateway address (giaddr field of the DHCP packet) as the IP address of the SVI the DHCP packet was received on.
● Data integrity and confidentiality—Network segmentation using VNs can control access to applications such as separating employee transactions from IoT traffic. The underlay network is defined by the physical switches and routers that are used to deploy the SD-Access network. This configuration is done manually or by using templates. This physical network should therefore strive for the same latency, throughput, connectivity as the campus itself. The most straightforward approach is to configure VRF-lite hop-by-hop between each fabric site. In addition, PIM sparse-mode is enabled on Loopback 0 and all point-to-point interfaces configured through the LAN Automation process on the devices. Migration is done, at minimum, one switch at a time. PIM—Protocol-Independent Multicast. When considering colocating the control plane node and border node, understand that the lowest common denominator is the Fabric WLCs which can only communicate with two control plane nodes per fabric site.
HSRP—Cisco Hot-Standby Routing Protocol. Relay Agent Information is a standards-based (RFC 3046) DHCP option. Networks need some form of shared services that can be reused across multiple virtual networks. This creates a complete decoupling of the virtual and physical networks from a multicast perspective.
Network should have a minimum starting MTU of at least 1550 bytes to support the fabric overlay. StackWise Virtual can provide multiple, redundant 1- and 10-Gigabit Ethernet connections common on downstream devices. PSN—Policy Service Node (Cisco ISE persona). To prepare for border node handoff automation along with having initial IP reachability, SVIs and trunk links are commonly deployed between the small site switches and the upstream routing infrastructure. Client information is synced from the Active to the Standby, so client re-association is avoided during a switchover event. RTT—Round-Trip Time. Security-levels can range from 0 (lowest) to 100 (highest). SD-Access also places additional information in the fabric VXLAN header including alternative forwarding attributes that can be used to make policy decisions by identifying each overlay network using a VXLAN network identifier (VNI). This requires an RTT (round-trip time) of 20ms or less between the AP and the WLC. IETF—Internet Engineering Task Force. In the reference topology in Figure 42 below, each fabric site is connected to a metro-Ethernet private circuit. MAN—Metro Area Network.
Cisco DNA Center can support a specific number of network devices in total and also a maximum number per fabric site. Additional design details and supported platforms are discussed in Extended Node Design section below. An RP can be active for multiple multicast groups, or multiple RPs can be deployed to each cover individual groups. This next-hop device may even continue the VRF segmentation extension to its next hop.
Deployment Models and Topology. A border node is an entry and exit point to the fabric site. High availability in this design is provided through StackWise-480 or StackWise Virtual which both combine multiple physical switches into a single logical switch.