Please enable JavaScript.
Coggle requires JavaScript to display documents.
SD Access (Control Plane based on LISP (Problem with traditional way…
SD Access
Control Plane
based on LISP
Simplify Your Routing
Separate the host address from topology or location
Problem with traditional way
Heavy
Complex
Keep track of host address and access control
Keep track of every single address
when it change i have to update it
Use more CPU
Pros on new way based on LISP
Light weight
Keep track of host local to me
Map based system, central map keep track of all things
Location Identity Separation Protocol
Like DNS analogy
Policy Plane
based on Cisco Trust Sec
Decouple Host from its IP address
as long as I have IP address I must build my policy around addresses
Address based address list is complex and tracking is headache
Key goal is to give something else to identity instead of ip address
ISE dynamically to authenticate end points, users, devices and assign SGT
Dynamic meaning I dont have to use VLANs or subnets anymore
Different person can same group even though they could be in different VLAN. You dont care..
Data Plane
based on VxLAN
LISP does have its own encapsulatiuon becoz it is ip based but it throws away layer 2 so no MAC address so its layer 3. It can only communicate IP
We chose VxLan becoz it carries the Ethernet frame (widely used in DC), so best of both world support both layer 2 and 3. Layer 2. Broadcast traffic or multicast based on MAC can now be supported
Best of both world
MAGIC
VxLAN header now carries more info like Scalable Group Tags
BROWN
Field
You can use static classification
MAP IP, VLAN , SUBNET to a SGT
Slowly migrate