Showing results for 
Search instead for 
Did you mean: 

Ask the Expert: Network of the future - Software Defined Networking

Hilda Arteaga
Cisco Alumni


This topic is a chance to discuss more about Cisco’s Digital Network Architecture (DNA) and enterprise networking solutions within Software-Defined networking (SD-Access). As a network engineer you might be wondering what the future looks like for us, and if the current skills we hold will not become obsolete. The feature has a lot of amazing things on the network engineering field, the ability to automate the network and simply management tasks, lower costs and enhance current solutions, predict performance and act automatically without any user impact. Cisco’s Digital Network Architecture (DNA) roadmap will allow you to deploy new solutions faster, support larger environments with high precision, predict and adapt faster.


To participate in this event, please use the Join the Discussion : Cisco Ask the Expert button below to ask your questions


 Ask questions from Monday, October 9 to 20, 2017


Featured Expert 


enrique_ramírez.jpgEnrique Ramirez is an Enterprise Architect with the Main Street America Group in Jacksonville, Florida. Previous to this position, he was a Network Consultant at Dell Inc in Guadalajara, Mexico. With over more than 10 years of experience in Enterprise Networking, his main focus is in Routing & Switching, Security, Cloud, and Data Center Networking. Currently, Enrique is a CCIE R&S candidate and holds certifications like CCNP R&S, Security and CCDP, CCDA and CCNA R&S, Security and Wireless, AWS Solutions Architect and is part of the Cisco Champion program.


Enrique might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Contact Center Community

Find further information 


**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions


15 Replies 15

Hilda Arteaga
Cisco Alumni

Hi Enrique

Please help us to solve a coumple of common doubts related to this topic: 


  • Is there a way to predict performance in my network environment and implement automatic policies to prevent user impact?


  • How can I provide secure access to an application quickly within the enterprise? 

Metin Altan

Hello Enrique:

I am still doing research on SDN and its benefits.  What resources can you recommend that would help develop a plan to develop a plan to go from a traditional hardware model to an SDN network?  I am interested in developing a white paper for my upper management in hopes of convincing them to investing in this type of infrastructure.  Thanks.

Hi Metin, I'd strongly suggest you going through the following Cisco Live sessions.  This will give you a great understanding about the SDN approach cisco is taking in the enterprise network and where you can take advantage of the solution.




let me know if you are looking at the enterprise networking or if you're going more with a DC approach, then the ACI sessions would work.





Deseo participar a este gran evento.




Ing. Fred Aviles Caro

Hola favilescaro


Gracias por tu interés, para participar solo debes presionar el botón de  "Reply"

ubicado al final de la descripción del evento. 


Te saldrá una forma (rich htlm) en la cual podrás escribir tu o tus dudas relacionadas al tema. Posteriormente el experto te ayudará a resolverlas. 


Espero esto sea de ayuda ¡Gracias por tu interés y que todas tus dudas sean resueltas!  




Is APIC also SDN ? I am facing difficulties in preparing CCIE DC ... What should i follow....

APIC-EM is the controller for iWAN.

DNA Center is the controller of Software defined access and runs on top of APIC-EM (not as an app but the architecture is the same) and is the SDN flavor for enterprise networks.

APIC is the ACI controller and is the software defined flavor for DC.




Could we have a 'Hello World' example of an SDN. Is there a way to start learning SDN hands-on?



I'm not sure what you mean by a hello world example. but with SD-Access you can, for instance, create a massive LISP control-plane network with the click of a button. This will push all the configuration to your overlay fabric devices and it will only take 10 minutes con to configure lisp, ETR/ITR/PXTR/MSMR.


With 5 more minutes you can have your fabric devices provisioned with AAA, dot1x, and a lot of other neat features. Please refer to BRKCRS-2811 in on-line library and that will get you ramped up with SD-Access  which is the DNA flavor for enterprise networking.


Let me know if you have further questions.

I completely agree with Alexandro, SD-Access is an extremely powerful tool that will allow you to overcome most of the challenging issues in enterprise networking.


I also suggest taking look at the following introduction video.


Best Regards,

Enrique Ramirez

Hi Enrique


I have a questions about the APIC-EM that are part of the CISCO DNA.

  1. With the version 1.5 from the app IWAN, i see that i can modify the configuration from the APIC, but when i realice some changes directly on the equipement and not with the APIC, the APIC doesn´t know the changes that are realiced on the router, how i can add the configuration that i realiced on the equipement to the APIC???
  2. When i have 2 ISP with the APIC, i see that i can select from the APIC what application goes for the ISP that i select, but when i realiced the test this feature doesn´t work, how i can review where is the problem??. 


Hello Jonathan,


Related to your first question, do you mean that a configuration done directly to the router doesn't sync back to APIC-EM? If that is the case, that is a limitation of APIC-EM, as custom configurations do not sync back to the database.

As for your second question, you would need to analyze your PRF policy. Do you have Live Action configured on your network?


Best Regards,

Enrique Ramirez

Hi Jonathan,


Good day


To answer your questions.


1.APIC-EM 1.5 (iWAN-App) does not synchronize new new configuration added to the controller via CLI into the database. Example: if you add a new ACL or a route leaking, APIC-EM does not synchronize that automatically to the database. What APIC-EM does is pushing the iWAN prescriptive configuration to the devices (Policies, PfR, VRFs etc) and its polling the device to check if that configuration that it pushes to the device its still matching its database. If you add a configuration that may conflict to what APIC pushed, it will override.


For more info please check this link: Limitations of Custom Configuration


2. In that case, make sure that APIC-EM indeed pushed the policy path preference for that class to the Hub MC (You can check that via cli at each MC "show domain <name> master policy" and look for your policy). If that's the case, we may have to troubleshoot if the traffic classes are controlled or not by each MC at the site you are sending the packets from. For that I may suggest to open a TAC case.








Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers