Describe SD-Access from Cisco CCNP Enterprise ENCOR (350-401) | Best of ITProTV

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi I'm Dom pizzette co-founder and agitator at IC pro TV we've curated a playlist of select episodes so you can get an idea of what it's like to choose IT Pro TV for your IT learning it wasn't easy there are more than four thousand hours of IT training a nice Pro TV enjoy this episode and be sure to subscribe so you won't miss a thing we now have an understanding of what SD wins about what about SD access find out next right here on IT Pro TV you're watching IPTV SD when SD access what in the world is that about well we're about to find out with Anthony Sequeira so Anthony as we get started here and we start to actually realize that we're starting to see more and more of these terms beginning with SD we just talked about SD when SD access that sounds kind of silly what are we really talking about here yeah well once again we're talking about that high level of programmability automation even full-blown orchestration - the access layer of the enterprise network remember Ronnie when we say access layer we're talking about getting all of our users on to the enterprise environment what's broken about that well I don't know it seems like a lot of times we're not all that well equipped for like mobile right now so what if we have a user that's gonna be like hey look I need to work instead of in the production area I need to work all next week out of marketing could they take all of their stuff and relocate it and could our network dynamically evolve regarding that or would we have a bunch of manual processes the answer is in most networks it's a manual process we have to go in and redo VLAN assignments and do all this stuff manually so this is an area that really begs for automation now once again Ronnie one of the things that our students should really concentrate here on is that separation of the control plane the data plane so let's look at the SD access architecture and I don't want our to panic when you first look at this you're like oh my gosh all that is going on well yeah but it's really not that much let's start down at the bottom so we've got our routers we've got our switches we've got our wireless access points and potentially wireless LAN controllers there's two ingredients here that we might not be all that accustomed to and that's the Cisco's DNA Center that's that incredible single pane of glass for management Ronnie and then we've got the ice no not the cocktail party variation of ice it's the identity service engine right so that is the replacement technology for the old Cisco ACS that you know was like ubiquitous the access control server was everywhere now we're trying to see the ice be the device that's everywhere the ice by the way can be a physical appliance or can be implemented as a virtual machine so there's all the stuff that makes up the physical layer now look there's already a concept here we're familiar with underlay and overlay just like we add with SD when we have an underlay Network layer here that would be like your routing protocol or if you're in a layer to only environment and you want to do rapid spanning tree protocol that's the technology there in the underlay and then notice there's the overlay layer and that is Lisp which we're gonna talk about in detail with you because that is first a tricky one to get your head around there's VX LAN which there's more to that than meets the eye and then CTS so we'll we'll talk about those in separate episodes but that's the dynamic like new exciting technology that makes up the overlay Ronnie and then at the controller layer it's just the intelligence of the DNA Center and the ice that we added to our network down at the physical layer and then one step up from that they're just showing us here what they call the management layer and that's DNA Center again so you can see there really isn't all that much new in a design like this to make this programmable automated orchestrated access layer notice that the automation design policy provision assurance those are just major divisions that we have inside of DNA Center that would allow you to drill in into those different areas so for example Ronnie if you said to me Anthony we've got three new cap switches that we want provisioned inside our access layer I went ahead and wrapped him and stacked them they're ready to go now I would go into the provision area inside DNA Center I would see those devices and I would go ahead and give them the policy that provisions them on the network so it's drill into the different areas as needed so as I'm looking at this diagram in the control or layer there you have both Cisco DNA Center and ice got to be together great question great question first of all technically the ice would be optional although to get every possible functionality out of SD access you would want ice for sure right next to DNA Center and yet those are definitely separate entities Ronnie and they are really really really doing different things the DNA Center is in charge of all of that automation right and provisioning some security but the Isis job is everything involving security now what looks like the big change here at least from from what I can tell because when I take a look at your diagram it seems like it's almost trying to match up like OSI model style things when it would not break it down yes so love to think that way yeah but in the network layer where you have this divided up where you actually have both the overlay and the under layer and that Network layer there it looks like that there's different technologies than what I was expecting my IP and MAC addresses and stuff like that so so why the big change there what's going on here well I think the big thing is there is this real emphasis on overlay technologies and and you want to realize that just like we had in the sd1 what's so cool about it Ronnie is the underlay it just doesn't matter as long as it works right you know so that's really the big point of that separation and I can't believe I haven't mentioned this yet in fact Ronnie I haven't even mentioned this to you back at our desks there was this big panic with software-defined networking that we were all gonna be out of jobs well this is proof that that's not correct because someone has to be responsible for that underlay right right that's traditional networking and that still has to go on there is as we'll discuss in a minute an automated underlay that you can roll out with this but companies aren't going to move to that right away of course not they're gonna build the underlay with the traditional skills and technologies that they know and then they will put the overlay on top and start doing this SD access so there's job security in here all right so with the underlay here on the details that we need to try and understand as we start taking a look at this is is really I couldn't wait for you to see this slide I know I did it actually in production and forever is is is making a huge comeback okay it's it's remarkable there's a technology I was telling you about this Ronnie in the data center and in the data center now we tend not to run any spanning tree protocol instead we run something called fabric path right and fabric path is essentially MAC address routing and the routing intelligence is is is okay but you don't interact with ISAs at all you don't see it okay it's built into fabric path it just runs itself right okay but now it's official is is is making a comeback because yes this is the recommended IGP of the underlay they want you to go in and configure is is could you use another IGP sure you could but their recommendation is is is so notice you would not be doing any spanning tree you know that's kind of amazing now you had talked about using automation but here you have manual or automated so if we're doing automated why do why would we choose a manual per pram for many organizations it's because they wouldn't trust okay full complete automation of their access layer from scratch right they're just like no no no no let's get comfortable with this first so for a lot of companies they just make sure that their underlay is working great and then they'll go and start automating with their overlay but it is pls worth noting and these are the kinds of things that might come up on an exam technically you could take all of the gear Ronnie for your access layer you could click a few buttons in DNA center and provision it all from the ground up that means the underlay would be automated and then the overlay on top of that alright so if we do this manually do I have to learn how to configure is is you sure do if you're gonna and that's why you're seeing it come back in all of the blueprints is is is making the resurgence I'm teaching what am i teaching n sled so the the the 420 class the design yes right I promise no jokes on 420 but yes so that's the design when Ronnie and it's really funny like one of the very early modules is I have to take students through designing is is yeah well I haven't taught that in like 15 years I'm not kidding or longer so very funny that it's making a comeback so the overlay that's where we just have some I mean you talk cutting edge yeah this is it these are the new cutting-edge technologies folks at the control plane we have that Lisp it's actually a modified version of Lisp to work better with SD access there's the VX land we're going to elaborate on those for you in episodes coming up and then something else we're going to elaborate on them for it's trust SEC that's right the identity service engine there is your trust SEC workhorse and that's a great reason to bring it into the fold now Trust SEC just give you a heads up on that it's super super simple so don't get all freaked out that oh my gosh I'm gonna have to relearn how to secure a network no it's security based around tag values and you're gonna love what a straightforward you know relatively simple idea that is by the way don't forget now on the VX land peace and the list peace Ronnie and I are gonna do separate episodes for you on those just so you know let me just not completely gloss over those now the idea behind Lisp is an easier way to quickly track the end users and their devices in our infrastructure we're gonna actually circumvent the routing table and we're gonna very quickly locate those entities with Lisp it's really cool and then the VX land peace that's gonna give us a super hyper scalable way to do VLANs yeah we can have 16 million of the things and you'll see where we are going to take advantage of VX land to eliminate a ton of disadvantages about the traditional VLAN and then like spanning-tree approach so you're gonna really love those technologies and we'll elaborate on them for you now when we look inside the fabric Ronni of the SD access solution you're gonna notice like there's a virtual network that we create out of these components there's a host pool that identifies the participants there's a scalable group there's an anycast gateway all of these are necessary components so that the overall SD access works as planned and all of this you're going to be setting up through that single pane of glass in the Cisco DNA Center the anycast gateway is a cool feature in and of itself that's going to enable you Ronnie to have one IP address as a default gateway across all of the different areas of your access cloud so it's like kind of mind-boggling it's like taking a default gateway and magically making it available everywhere so it's some very cool technology so that's the major that's the major aspects of the SD access solution and I know it looks like an intimidating volume of stuff but just like anything else I just highly recommend you break it all down so in this episode just understand that overall architecture that makes up SD access and then build upon that in our episodes to come like you'll know all about VX LAN you'll know all about Lisp and those different new technologies that make it a reality all right Anthony thank you again for helping us here with SD access right there's a key feature that we've already heard about in SD 1 as well as SD access which is that separation between overlay and underlay those teams actually be a theme that you're gonna carry through with anything that actually deals with some type of software-defined networking as well now when we start talking about that to Anthony also helped us to reveal to review some of those different technologies as well as understand what this is about now when I first thought about I always thought that it was more about identity management than anything else sure but Anthony actually helped us to understand that this is about getting access to well those access layer devices that we think about so all that's good review for us and make sure that we actually go ahead and take the time maybe to watch it again if we need to but this is a great place for us to go sign off then for IT Pro TV I'm your host Ronnie Wong and I'm Anthony Sequeira stay tuned right here for more of your CCNP encore show thank you for watching IP
Info
Channel: ITProTV
Views: 6,008
Rating: undefined out of 5
Keywords: sd-access cisco, sd-access deployment, cisco encor 350-401, cisco encor 350-401 training, cisco encor review, cisco encor 350-401 exam
Id: k7_0On3pcY4
Channel Id: undefined
Length: 15min 46sec (946 seconds)
Published: Tue Mar 24 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.