cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Using Multiple DNACs with a Single ISE Deployment - Limited Availability

1035
Views
0
Helpful
0
Comments
 
Using Multiple DNACs with a Single ISE Deployment - Limited Availability 
 
For customers who need to scale SDA deployments beyond a single DNAC cluster, with DNAC 1.3.3.5 onwards we have a Limited Availability capability to enable up to 4 DNAC clusters (or 4 single DNAC appliances) to work with a single ISE deployment, which must be using ISE 2.4 patch 11, 2.6 patch 3 or 2.7 patch 1 onwards.
 
The approach uses ISE to share SGTs, VNs and SGT-based policies across DNAC appliances/clusters so they are considered global and are managed from one designated DNAC cluster, known as the policy author.
 
Static SGT & VN mappings and IP pools are managed locally, meaning on each DNAC cluster. Caveats apply to modifying or deleting SGTs and VNs, as they may be used in static assignments not known to ISE or the policy author.
 
Caveats also apply to certain objects which are not stored in ISE and therefore cannot be shared across DNAC clusters:
  • Contract definitions using application definitions (as opposed to the usual Advanced format)
  • Marking a VN as a Guest VN
 
Slides are attached that I normally use to explain the capabilities and the limitations to customers.
 
This is Limited Availability for a variety of reasons, such as failover of the policy author being manual, specific scale limitations and the caveats mentioned. These will be addressed in the general availability version.
 
More detailed info is also available here:
 
For anyone who has a customer who needs access to the capability, SDA Design Council approval is needed as this is a non-standard capability.