# Software-Defined Networking

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2FAR0GNjiiKwcLVQMRAlgO%2Fimage.png?alt=media&#x26;token=cf087342-29e1-446a-a493-4008584aff1f" alt="SDN layers" width="563"><figcaption></figcaption></figure>

The **application layer** contains scripts/applications that tell the SDN controller what network behaviors are desired. The **control layer** contains the SDN controller that receives and processes instructions from the application layer. The **infrastructure layer** contains the network devices that are responsible for forwarding messages across the network.

### SD-Access

Cisco **SD-Acces** is Cisco's SDN solution for automating campus LANs. **ACI** (Application Centric Infrastructure) is their SDN solution for data centers, **SD-WAN** - for WANs. Cisco **DNA** (Digital Network Architecture) Center is the controller at the center of SD-Access.

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2FUC3PX4Gm7Hr1nrCoqSCU%2Fimage.png?alt=media&#x26;token=a05579b4-9c1e-4175-bfd8-db51ee122a84" alt="DNA Center" width="563"><figcaption></figcaption></figure>

The **underlay** is the underlying physical network of devices and connections (wired and wireless) which provide IP connectivity (multilayer switches and their connections).&#x20;

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2F2fYB9hyB0xnTQdbPMVJy%2Fimage.png?alt=media&#x26;token=bae59a35-3f33-4ab6-ae89-4a481c9b8735" alt="underlay " width="563"><figcaption></figcaption></figure>

The **overlay** is the virtual network built on top of the physical underlay network. SD-Access uses VXLAN (Virtual Extensible LAN) to build tunnels.&#x20;

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2Fm3rHLrh2dLmfMdxV93Dw%2Fimage.png?alt=media&#x26;token=ecb0be2c-050c-44a2-930e-a1484ae81b2d" alt="overlay" width="563"><figcaption></figcaption></figure>

The **fabric** is the combination of the overlay and underlay - the physical and virtual network as a whole.&#x20;

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2FNXsCWE1UeI2oIkVkjYnu%2Fimage.png?alt=media&#x26;token=68a43d87-14f4-441b-b020-29896d6d03f5" alt="fabric" width="563"><figcaption></figcaption></figure>

#### Underlay

The underlay's purpose is to support the VXLAN tunnels of the overlay. There are 3 different roles for switches in SD-Access: **Edge nodes** - connect to end hosts, **Border nodes** - connect to devices outside of the SD-Access domain (ie WAN routers), **Control nodes** - use **LISP** (Locator ID Separation Protocol) to perform various control plane functions.

SD-Access can be configured on top of an existing network (**brownfield deployment**) if the network hardware and software support it. But in this case, DNA Center won't configure the underlay. A new deployment (**greenfield deployment**) is configured by DNA Center to use the optimal SD-Access underlay. In this case, all switches are Layer 3 and use IS-IS as their routing protocol, all links between switches are routed ports, so no STP is needed. Edge nodes (access switches) act as the default gateway of end hosts (**routed access layer**).

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2F8OzWPgTHkOLhbWUgbAyX%2Fimage.png?alt=media&#x26;token=9a830440-47b4-4fb2-ad39-fc0d38c25322" alt="SD-Access Underlay" width="563"><figcaption></figcaption></figure>

#### Overlay

LISP provides the control plane of SD-Access. A list of mappings of **EID**s (endpoint identifiers) to **RLOC**s (routing locators) is kept. EIDs identify end hosts connected to edge switches and RLOCs identify the edge switch which can be used to reach the end host. **Cisco TrustSec** (CTS) provides policy control (QoS, security policy, etc.). VXLAN provides the data plane of SD-Access.

<figure><img src="https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2FlXbHWdB3QrOAGvUUAyLS%2Fimage.png?alt=media&#x26;token=63e518f2-5629-46ab-9011-b2dcbdd06ab9" alt="overlay demo" width="563"><figcaption></figcaption></figure>

### DNA Center

Cisco DNA Center has two main roles: the SDN controller in SD-Access, and a network manager in a traditional network.  DNA Center is an application installed on Cisco UCS server hardware. The **SBI** (SelfBound Interface) supports protocols like NETCONF and RESTCONF (as well as Telnet, SSH, and SNMP). DNA Center enables **IBN** (Intent-Based Networking). The goal is to allow the engineer to communicate their intent for network behavior to the DNA Center, and then the DNA Center takes care of the details of the actual configuration and policies on devices (ie ACLs).

{% file src="<https://3642595937-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKsHxwINrQaKCeVpC90i9%2Fuploads%2FwL6IPcsB3q41LDeboGoi%2FDay%2062%20Flashcards%20-%20SDN.apkg?alt=media&token=506642d3-9657-4bec-ab0f-07495a626a7b>" %}