SD-Access & DNAC Blogs – an Index

Peter Welcher
Architect, Operations Technical Advisor

NetCraftsmen has recently had an upsurge of SD-Access design and deployment work. I’ve found myself spelunking through my old blogs (and internal/customer-facing documents) in support of that. To my relief, my prior blogs and content seem to be holding up pretty well as things have evolved.

TL;DR: This blog provides links to either prior content, or to blogs that have links to a relevant series of blogs.

SD-Access Basics and Key Design Topics


Related LinkedIn Blogs

Here are my LinkedIn blogs that are relevant to SD-Access/DNA Center.

Note: I have been periodically looking, and here in early 2023 I *still* can’t find resources on this topic online. That includes how to configure to bias LISP Pub/Sub to prefer one exit location over another.

I intend to blog about some recent thinking I’ve done on the topic.

The short version is that if you have site interconnects on the inside and outside of the fusion firewalls, then the problem is really more about firewall (cluster) cross-site failover design. The secret is to accept that LISP may bring traffic to the “wrong” site and shunt it if necessary, preserving symmetric flows through your firewall clusters at each site. Trying to “swing” LISP to prefer the secondary Internet/firewall site, well, I need configuration details and a lab to check it out …

(And yes, I’m not brave or foolhardy enough to want to cluster firewalls across sites, even if my vendor supports it.)

Note: This is more a high-level overview of Cisco IOT. See the above for some of what Cisco does to integrate industrial and IOT networks into SD-Access designs.

Disclosure statement