These are the questions out network team has with regards to DNA. Prior to implementation, We need to validate all these questions.

A) What does the flow and characteristics of DNA control plane traffic look like, to be specific; or more generally – where does it need to reside in relation to the devices it’s communicating with and what do those patterns resemble?

We need to figure out how DNA works and how it is going to work, to see what considerations need to be made for locating this network in our environment:

1. Is this a ‘chatty’ application or is it more ‘batch-based’ communications that aren’t impacted by firewalls and inspection?
1. This could necessitate more optimization like just making it a layer 3 hop to the endpoints without firewall inspection, the security concern about having our endpoint analytics in the user environment could be mitigated if communications between the infrastructure devices and the DNA collector(s) are encrypted, in terms of integrity.
2. Is the future plan for this to monitor the datacenter as well?
1. Currently DNA is only available on user access switches – but I assume it’s eventually destined for the Nexus datacenter gear… where do we see ourselves using this today, tomorrow, and next year?
3. Does this data actually need to be protected or is it useless without a frame of reference?
1. I don’t actually understand everything that DNA is storing/doing – so, maybe it’s just that I need to understand better the service it provides.  But this still begs the question, does it actually need protection or can it just reside in the user-side of the network for all intents and purposes?

Thanks & Regards

Ravindra Tumu