Re: Underlay/overlay conception in DNA

madmin.kz · ‎01-23-2018

Hello, all!

I have read a lot of documentation about DNA but still have some questions.

1) What is the purpose of using underlay/overlay conception in SD-ACCESS? The only reason i see is to allow any devices not change its IP if they change their location. But may be there are some other reasons?

2) Does anyone know something about Virtual DNA Controller?

Mohammad Roos · ‎01-25-2018

Hello Evgeniy,

1)The overlay is the main idea behind the fabric, once you have built the fabric, having the DNA controller, you don't need to define and configure vlans, trunks, spanning tree, SVIs and routing within the enterprise, which is really cool and reduces the overhead of operating an enterprise network, also the security part is more simple and more automated, as you can build the policies based on the SGT/Identity, not based on the IP.
so overall concept of operating a network is different, more simple and more automated.
compared to WLC/AP once AP joins the controller, you don't think much of the capwap traffic flow, you think only of the wireless part, and user traffic going out from the controller, and so in the fabric, you will think of the end point, and how traffic is going out of the border.
i hope that helps.

2)for the virtual DNA center, it is not officially available as a product, not even for partners to do PoC or Labs.

madmin.kz · ‎01-28-2018

You wrote

1)The overlay is the main idea behind the fabric, once you have built the fabric, having the DNA controller, you don't need to define and configure vlans, trunks, spanning tree, SVIs and routing within the enterprise, which is really cool and reduces the overhead of operating an enterprise network, also the security part is more simple and more automated, as you can build the policies based on the SGT/Identity, not based on the IP.

These are advantages of overlay network WITH DNA controller. But i am asking about only underlay/overlay.From my point of view, It gives me cool ability for roaming users to move from one part of network to another.

Anything else?

AndiBuchmann157 · ‎07-13-2018

Hi Mohammad,

i am trying right now to map ad groups / users to scalable groups via ise/dnac. i dont know where and how this mapping can be done. Can you provide some more information how i do assign, for example, my ad group "TestlabUsers" to my ScalabableGroup "TestlabUsersSG"?

syrehan · ‎04-28-2018

Please refer to the below mentioned URL:

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/software-defined-access/white-paper-c11-739642.html

DNA Center appliance is only available as a physical appliance.

VM for it is not supported.

cassiolange · ‎05-07-2018

Hello All,

Cisco has a free book about SDA. Worth reading.

https://www.cisco.com/c/dam/en/us/products/se/2018/1/Collateral/nb-06-software-defined-access-ebook-en.pdf

Andersjul · ‎08-15-2018

Hi Evgeniy,

The reason for an overlay and underlay is to have an abstract level of carrying and segmenting data which runs through the network. With the use of an overlay we are able to keep specific information about the end-host such as source/destination MAC and IP, QoS, SGT and VNI, which is used by our Leafs and Borders to make right forwarding and security decisions. Furthermore, we are removing the need for Spanning-tree within the fabric because all traffic is routed, and we make good use of uplinks as ECMP preferably is part of the underlay.

It's easier to expand the underlay as intermediate devices doesn't have end-host information. They only care about forwarding traffic between VTEP's.

/Anders

nitekum5 · ‎09-04-2018

Please refer the below link.

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/software-defined-access/white-paper-c11-740585.pdf

2.DNA center is only available on the DN1-HW-APL (DNA Center appliance) by Cisco