It is difficult to work in IT and not hear endless buzzwords. We are constantly being told to learn software-defined networking, network automation, and DevOps. Or this and that. It can be overwhelming. It can be overwhelming.
Then along comes Cisco. Cisco announced a new platform at Cisco Live a few years back that would revolutionize networking in large enterprises. Cisco DNA Center is the complete package for implementing intent based networking in your company. We’re back with more buzzwords than I was able to understand at first.
Before we can discuss what DNA Center does and why it is important for you to learn it, let’s address the buzzwords that keep popping up. Let’s talk about intent-based networking in the context of DNA Center.
What is Intent-Based Networking?
Consider how you currently enforce a network rule. A subnet contains all your IoT devices, such as cameras, thermostats, refrigerators, etc. It is understandable that you would not want these devices to reach your servers, which are protected under HIPAA regulations. You may need to SSH into one or more devices and then create rules (such as an Access Control List) on each device to prevent this traffic. You can also create VRFs on all devices in your network. However, this requires more work.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start training Your business’s intention is that these two types of devices should not communicate. You only need to focus on this intent. This, my friends is one of the most important things Cisco DNA center can do.
DNA Center uses a cool technology called the SD-Access fabric. It has many moving parts and does many cool things. Let’s talk about how the SD Access fabric can help you implement your business’s goals.
Business Intent: Micro-segmentation & Macro-segmentation
Segmented traffic is the first thing DNA Center and SD-Access fabric implement. Virtual Networks are created within DNA Center. You can add users and groups to these virtual networks. Let’s say that you create a Virtual Network called IT-Net. It will contain IT roles such as domain admins and help desk staff.
Each Virtual Network you create in DNA Center is, at the end of the day essentially, a VRF that is deployed across your campus. When a Domain Admins user connects to the network for the first-time, they enter their username and password and are then placed in their respective Virtual Network. Users in the virtual network cannot reach other virtual networks unless you allow it. You have implemented macro-segmentation by seperating the IT-Net and the HR-Net, which contains all HR staff.
You can be more specific within each virtual network. You can define which groups or users have access to other endpoints or users in the same virtual network. This policy is called micro-segmentation.
It takes only a few minutes to create a virtual network, groups and users, and deploy it to an entire campus. DNA Center does all the heavy lifting through a variety of automation technologies. Network engineers can now focus on the policy and business purpose rather than individual network configurations.
Seamless Routing with SD-Access Fabric
Although there are many technologies that make up the SD-Access fabric, there are three main protocols. They are LISP, which is primarily used in the service provider sector. VXLA is another option.