NetCraftsmen has recently had an upsurge of SD-Access design and deployment work. I’ve found myself spelunking through my old blogs (and internal/customer-facing documents) in support of that. To my relief, my prior blogs and content seem to be holding up pretty well as things have evolved.
TL;DR: This blog provides links to either prior content, or to blogs that have links to a relevant series of blogs.
SD-Access Basics and Key Design Topics
- What Is SD-Access and Why Do I Care?
- Navigating Around SD-Access
- Managing SD-Access Segmentation
- Securing SD-Access Traffic
- SD-Access Single-Site Design
- SD-Access Multi-Site Design
- SD-Access Multi-Site Lab
- SD-Access Multi-Site Lab Tasks
- SD-Access IP Pools
- SD-Access and E-911 Services
- Migration to SD-Access
- SD-Access and Wireless
- SD-Access Study Resources
- SD-Access and Internet of Things
- SD-Access: SD-Access Flows: Registration and Same Fabric Forwarding
- SD-Access Flows: SDA Transit
- DNAC Tour Part 1: Introduction to Cisco DNA Center
- DNAC Tour Part 2: DNAC Instant Demo: Beginning Your Tour
- DNAC Tour Part 3: General Navigation and Highlights: Dashboard, Drill Down, Assurance, and Troubleshooting
- DNAC Tour Part 4: Getting Started Tasks (Overview): Discovery, PnP, Templates, Provisioning
- DNAC Tour, Part 5: Using DNAC: Design, Inventory, SWIM
- DNAC Tour, Part 6: Exploring SDA Fabric Provisioning, Part 1: VRFs (VNs), GBACLs and SGTs
- DNAC Instant Demo Tour, Part 7: Exploring SDA Provisioning Part 2: Fabric Deployment
- DNAC Tour, Part 8: The Rest of DNAC
Related LinkedIn Blogs
Here are my LinkedIn blogs that are relevant to SD-Access/DNA Center.
- DNA Center Automates Your Campus!
- NFD26: Update on Two Cisco Fabric Automation Platforms
- Comparing AI Across Vendors
- Legacy Apps and Network Design
- Making SD-Access Transit Dual Datacenter Headends Work
Note: I have been periodically looking, and here in early 2023 I *still* can’t find resources on this topic online. That includes how to configure to bias LISP Pub/Sub to prefer one exit location over another.
I intend to blog about some recent thinking I’ve done on the topic.
The short version is that if you have site interconnects on the inside and outside of the fusion firewalls, then the problem is really more about firewall (cluster) cross-site failover design. The secret is to accept that LISP may bring traffic to the “wrong” site and shunt it if necessary, preserving symmetric flows through your firewall clusters at each site. Trying to “swing” LISP to prefer the secondary Internet/firewall site, well, I need configuration details and a lab to check it out …
(And yes, I’m not brave or foolhardy enough to want to cluster firewalls across sites, even if my vendor supports it.)
Note: This is more a high-level overview of Cisco IOT. See the above for some of what Cisco does to integrate industrial and IOT networks into SD-Access designs.