Cisco Software-Defined Access (SD-Access) and Cisco SD-WAN are two powerful solutions that provide network administrators with the tools they need to create efficient and secure networks. In this blog post, we will explore the key features and capabilities of both technologies, as well as how they can be used to build and manage modern network infrastructures.

Cisco SD Access

Cisco SD-Access is a comprehensive network automation and fabric design solution that empowers organizations to transform their networking infrastructure. This innovative platform simplifies network operations, enhances security, and enables seamless integration with other networking domains. By leveraging advanced technologies and a robust fabric design, Cisco SD-Access equips organizations to streamline their network management, improve overall connectivity, and maintain a secure and scalable network environment.

Underlay

The underlay of Cisco SD-Access provides the foundation for the overlay network and is responsible for transporting the overlay traffic between different endpoints. Manual configuration of the underlay network involves LAN automation and Plug and Play (PnP) features, which simplify the deployment of network devices by automating the configuration process. Additionally, device discovery and management tools enable administrators to easily identify and manage network devices, while support for extended nodes and policy extended nodes ensures that the network can accommodate a wide range of devices with different requirements.

Overlay

The overlay network in Cisco SD-Access is built on top of the underlay and consists of several key components. Location Identity Separation Protocol (LISP) and Border Gateway Protocol (BGP) control planes provide the foundation for the overlay network, while the Virtual Extensible LAN (VXLAN) data plane enables the efficient and secure transmission of data between endpoints. Furthermore, the Cisco TrustSec policy plane allows administrators to define and enforce security policies within the overlay network, while support for L2 flooding and native multicast ensures that traffic can be efficiently distributed across the network.

Fabric Design

Cisco SD-Access supports a variety of fabric designs, including single-site campus deployments, multi-site networks, and fabric in a box solutions. These designs provide administrators with the flexibility to create networks that are tailored to their specific requirements, whether they are managing a single location or a distributed network infrastructure.

Fabric Deployment

The deployment of a Cisco SD-Access fabric involves several key steps, including host onboarding, authentication template configuration, port configuration, multi-site remote border setup, and border priority assignment. These steps enable administrators to seamlessly integrate new devices into the fabric and ensure that they are properly configured to meet the requirements of the network.

Fabric Border Handoff

The fabric border handoff feature in Cisco SD-Access enables seamless integration with other networking technologies, such as SD-WAN and IP transits. Additionally, support for peer devices, such as Fusion routers, and layer 2 border handoff capabilities ensures that the fabric can be easily integrated into existing network infrastructures.

Segmentation

Segmentation is a key aspect of Cisco SD-Access, enabling administrators to create both macro-level and micro-level segmentation within the network. Macro segmentation is achieved using Virtual Networks (VNs), while micro-level segmentation is implemented using Security Group Tags (SGTs) and Security Group Access Control Lists (SGACLs), providing granular control over network access and security.

Cisco SD-WAN

Cisco SD-WAN is a powerful and comprehensive network solution that revolutionizes the way organizations manage their wide-area networks (WANs). This innovative platform combines a robust controller architecture, flexible underlay deployment options, and advanced overlay 
management capabilities to empower administrators with centralized control and visibility over their network infrastructure.

Controller Architecture

The controller architecture of Cisco SD-WAN consists of three key components: the management plane (vManage), the orchestration plane (vBond), and the control plane (vSmart). These components work together to provide administrators with centralized management and control over the SD-WAN infrastructure, enabling them to efficiently configure and monitor network resources.

SD-WAN Underlay

The underlay of Cisco SD-WAN supports a variety of deployment options, including WAN cloud edge deployment in cloud environments such as AWS, Azure, and Google Cloud, as well as WAN edge deployment using hardware appliances. This flexibility enables administrators to deploy SD-WAN in a wide range of environments, including greenfield, brownfield, and hybrid deployments.

Overlay Management Protocol (OMP)

The Overlay Management Protocol (OMP) in Cisco SD-WAN is responsible for managing the overlay network and includes features such as OMP attributes, IPsec key management, route aggregation, redistribution, and additional features such as BGP AS path propagation and integration with Cisco SD-Access. These features enable administrators to efficiently manage and optimize the overlay network to meet their specific requirements.

Configuration Templates

Cisco SD-WAN provides support for configuration templates, including CLI templates, feature templates, and device templates. These templates enable administrators to quickly and consistently deploy configurations across multiple devices, reducing the risk of errors and simplifying the management of network resources.

Centralized Policies

Centralized policies in Cisco SD-WAN enable administrators to define data policies, application-aware routing policies, and control policies that are applied across the entire SD-WAN infrastructure. These policies provide administrators with granular control over how traffic is routed and managed within the network.

Localized Policies

In addition to centralized policies, Cisco SD-WAN also supports localized policies, including access lists and route policies. These localized policies enable administrators to define specific rules and configurations at individual sites or for specific network segments, providing flexibility and control over local network resources.

Conclusion

In conclusion, both Cisco SD-Access and Cisco SD-WAN offer powerful capabilities for building and managing modern network infrastructures. By leveraging these technologies, administrators can create efficient, secure, and scalable networks that meet the demands of today's digital business environment. Whether deploying a campus network with SD-Access or implementing a wide-area network with SD-WAN, these technologies provide the tools and features necessary to succeed in today's dynamic networking landscape.