Transcription of 시스코 SDA로완성하는 차세대캠퍼스네트워크
1 Engineer, Commercial SE team SDA Engineer, Architecture SE team SD-Access ? SD-Access Benefits SD-Access SummaryINDEXSD-Access ?SDA End-to-End Security , IOT Business SeamlessMobilityWANVLAN 2 HQACL 1 ACL 2 ACL 2 VLAN 1 RemoteBranch ABranch AACL 3 VLAN 3 VLAN 1 VLAN 2 VLAN 3 IT Network .. , IOT DNA (Digital Network Architecture)Intent-based Network InfrastructureDNA CenterAnalyticsPolicyAutomationI N T E N T ( )C O N T E X T ( )S E C U R I T Y ( )L E A R N I N G ( )DCBranchCampusPOLICYPOLICYPOLICYPOLICYS egmentation Workflow POLICYSDA Framework Automation EngineAssurance EngineDNA CenterPolicyDesignProvisionAssuranceRout erWireless LANC ontrollerAccessPointSwitchIdentity Services EngineIntelligent Network FabricNetwork Fabric ? DNA Center(GUI )Overlay EncapsulationUnderlay IntentUnderlay vs.
2 Overlay SD-Access Benefits SD-Access IP Tool IP (ACL)Static IP / IP IP = Overload(Identity, Location, Policy) SD-Access IP Identity IP = ConnectivityDNA CenterAllan AP Overlay , (High CPU ) AP SD-Access Internet/WANA llanDNA CenterSD-Access access-list 102 deny udp gt 4230 eq 2165access-list 102 deny udp lt 907 gt 428access-list 102 permit ip eq 639 gt 1511access-list 102 deny tcp gt 4437 gt 1945access-list 102 permit icmp lt 2361 eq 116access-list 102 deny udp eq 1112 eq 959access-list 102 deny tcp eq 2587 lt 4993access-list 102 deny tcp eq 970 lt 848access-list 102 deny ip eq 1493 gt 4878access-list 102 permit icmp lt 4962 eq 1216access-list 102 deny icmp gt 26 gt 1111access-list 102 deny ip eq 3914 eq 4175access-list 102 permit tcp lt 3146 gt 1462access-list 102 permit tcp gt 1843 lt4384 Segmentation Topology ( , )IP (ACL)
3 VLAN Segmentation EnterpriseBackboneVoiceVLANV oiceDataVLANBYODBYODVLAN Voice-2 VLANV oiceData-2 VLANBYODBYOD-2 VLAN VACLSD-Access Segmentation Segmentation -VN (Virtual Netowrk)-SG (Scalable Group)IOT VN(Virtual Network)Campus User VN(Virtual Network) App serversShared servicesSD-Access Segmentation SD-Access Segmentation VN (Virtual Network) SG (Scalable Group)Network Fabric Topology Identity Intelligent Network FabicISE Workflow CLI Device Error DHCPADSD-Access WorkflowDNA Center Design, Policy, Provision IP, / WirelessRoutersSwitchesDNA CenterISEDHCPSD-Access End-End Security * Source: Internal TCO Analysis with Large Enterprise Customer (actual results may vary)** Capex Reduction based on converging NOT NetworksBenefits of THE 80% 48% 61% SD-Access SDA ASR-1000-XASR-1000-HXISR 4430 ISR 4450 WIRELESSROUTINGSWITCHINGAIR-CT5520 AIR-CT8540 Wave 2 APs (1800, 2800,3800)Wave 1 APs* (1700, 2700,3700)Catalyst 9400 Catalyst 9300 Catalyst 9500 Catalyst 4500 ECatalyst 6 KNexus 7700 Catalyst 3850 and 3650 AIR-CT3504 CSR 1000V*with CaveatsSummarySummary1 SDN 4 Workflow2 5SD-Access 3 Segmentation
