I will be updating this post with information and links out to Cisco DNA-C and SDA resources. Most of this information doesn't belong to me and is snippets of information I have found and pulled together onto a single page.
SD-Access introduces several new concepts in enterprise network design that add ease and flexibility:
IP pools follow people, not locations.
In a traditional design, a network architect allocates a pool of IP addresses, typically handed out via DHCP server, to be associated with a single physical location. With SD-Access, there’s still a DHCP server – but now, IP pools are bound to fabric domains rather than physical location. This allows much greater mobility and flexibility in associating users and policies, regardless of physical location.
IP pool size is based on the size of the entire user base across the enterprise.
With SD-Access, each user gets the same IP address regardless of location (within the limits of a DHCP lease duration). This is a significant change from the old practice of allocating IP address blocks at each location, which made it much harder to grow or reallocate IP address pools in response to changing business needs.
Every edge device uses the same anycast gateway.
A conventional network requires each edge device to define a gateway address, with different gateway addresses in use even at the same location, such as different buildings or floors within the same campus. In contrast, SD-Access uses IP anycast so that all edge devices within each IP pool use the same gateway address. This reduces not only configuration complexity but also the scale of IP routing within an enterprise campus.
Network and group segmentation can be applied at the fabric edge for both wired and wireless users.
For the first time, SD-Access allows definition of VRF instances and access policies at each individual edge switch and access point (AP). This allows an unprecendented level of granularity in routing and access control for wired and wireless users and devices.
There’s a common thread across these changes: SD-Access is a much more business- and user-centric approach to network design, instead of the old device- and network-centric approach. With SD-Access, business drivers define network intent and dictate the mechanics of network connectivity, not the other way around.
Cisco SDA Book (2nd edition):
Cisco SD-Access YouTube channel:
https://www.cisco.com/go/sda - provides an overview and additional information on all com‐ponents and aspects of SD-Access: automation, assurance, supported platforms, cus‐tomer references and testimonials, and a wealth of the most up-to-date information on
https://www.cisco.com/go/dnacenter - provides an overview and additional information on Cisco DNA Center.
cs.co/sda_tech_paper — SD-Access solution white paper. It provides a mid-level technical overiview of all of the major Cisco DNA and SD-Access components and their relationships. It's a great place to continue your journey!
www.cisco.com/go/cvd — includes the Software-Defined Access Cisco validated design (CVD) document covering SD-Access design options, operational capabilities, and recommendations for deployment. It provides direct insight into the best practices for the
design, operation, and use of SD-Access in customer network deployments.