Cisco Digital Network Architecture – An Overview of the Architecture Tools and Vision
Design principle #1: Security everywhere
Security is essential in any environment, public or commercial. With the recent threats of ransomware, including Not Petya and other hacks no extra explanation is needed. A secure network is critical for the security of the data that runs through the organization. By using the network as a sensor and enforcer (the network sees all flows), the network infrastructure can support in analysing the threats and risks to the organization. So the network must become a sensor and enforcer in the security framework. Of course the before-during-after paradigm for a security framework assists in this design guide as well.Design principle #2: Virtualize everything
SDN has become common in many organizations, where the control plane is separated from the data plane (software defines how data flows through the network). SDN was always restricted to the type of hardware that is in place, e.g. a switch doesn’t have router functionality, a firewall is not a router, etc. What if you could virtualize these network functions in such a way so that the software defines what role the hardware has, without impact on performance (hardware asics)?This means that a network component can fulfil different network functions during its lifecycle, being a switch, a firewall, a router, a WAAS or any new network function that is invented. Based on this design guide that all network functions are virtualized, an SDN controller can truly control the behaviour of the network infrastructure
Design principle #3: Designed for automation
Design the network in such a way that automation can take place. Automation is key to fast, standardized, delivery of changes across the infrastructure. This can only take place if the network infrastructure is standardized on software releases and configurations.For example, only when the voice VLAN on all branch locations is the same, can a generic standardized policy (and assignment) be created for voice devices.
Design principle #4: Cloud service management
Cloud has become a common part of many IT environments. Cloud applications have very high availability and capacity. By using the cloud one can define and provision network services (applications, services) and policies (who is allowed to do what) from a central environment. Of course there is choice to run this centrally managed cloud app in a public cloud or on premise, depending on the organizations requirements and cloud maturity.Design principle #5: Pervasive analytics
Machine Intelligence, big data lakes, and analysis of microflows help with the prediction of failures in your network. By proper analysis, problems in performance or behaviour can be predicted in a proactive manner. As an example, we all know that when a client cannot connect, it’s always the network. But with pervasive analytics, telemetry reports that the DHCP server isn’t responding back on the DHCP requests, so it is more a DHCP server problem. The average time to resolve a problem and find a root cause can be reduced dramatically because pervasive analytics provide you the insight. Perhaps this design guide could be the best part of the business case for DNA, imagination is only the limitation to what can be done.Design principle #6: DNA-ready infrastructure
On the bottom is the infrastructure layer, consisting of all network components like your routers, switches, firewalls and wireless controllers. It doesn’t matter if the equipment is physical or virtual like ASAv, CRS1000V, or NGFWv.The features of DNA (faster delivery of services, detecting problems and increasing flexibility) can only be implemented if your network devices are also DNA-ready. In fact, almost all actual switches, wireless components, firewalls and routers are DNA ready. Proper life cycle management is supportive for this.
DNA Framework
Principles alone do not create an architecture, it also needs a conceptual framework in which the different elements come together for the solution that meets the requirements (both technical and from the business) and the design principles. The network infrastructure communicates, via open API’s, with two processes:• Automation is responsible for the so-called day0 (provisioning of new equipment) and day1 operations (create, change, update or delete of services). These API’s could be implemented in different ways, although more and more devices supported NETCONF and YANG models.The automation block can be filled with different kind of tools, for example APIC for ACI, Cisco NSO or APIC-EM for campus networks. It is dependent of the organisation itself.
Model, Tools and technology
A model is one step, but that doesn’t bring any company to a network infrastructure ready to adopt changes faster and become a more predictive less complex network. For that, Cisco has announced (and available) several products and solutions, that meet the above mentioned model. Below is a list of products from Cisco with a short explanation on its role within DNA.