Cisco CCIE Security 350-701 – SDN-Control-MGMT-DATA Plane

  • By
  • February 28, 2023
0 Comment

1. Management Plane

The next thing we’ll try to understand the management plane. The management plane relates to, we can say, the most of the tasks which are relating to managing your device. Like you may want to configure the device. Let’s say I have a router and I want to make some changes to the router configurations. So what you do is you go to the command line and then you initiate a telenet connection or SSH connection, and then you go to the CLI of that particular router and you start typing the commands. So this is one example of your management plane task.

So maybe you want to monitor or maybe you issue some of the show commands to verify the status of the interfaces or you verify the routing table. This is again another example of your management plane. So maybe you’re trying to monitor or maybe you make some changes to troubleshoot as well. So most of the things like here when we talk about most of these things, comes under the management plane.

Not only that, even if you are using some kind of network device management options like maybe you’re running some kind of SNMP to collect the statistics of your network information like these kind of things also comes under the data print or collecting the traffic using the NetFlow or enabling some other services like Time Synchronization by using NTP or generating some log messages or triple A options. Now, these are all the examples common as a management plane.

The management plan relates to not only managing your network, apart from that, you’re also using some other tools or some other protocols which are generally used for collecting or monitoring your network, collecting the statistics. And then those statistics will be displayed by using SNMP softwares running on SNMP SNMP servers. So with the help of management plan, we can, we can identify the problems and take an action.

2. SDN-Management Plane

So the next thing we’ll try to understand the management plane with Sdn as we are moving on to the Sdn topic, how the management plane is going to impact or is there any change in the behavior of the management plane with respect to Sdn. So we’ll try to understand that. So again, the functionality of the management plane remains the same. So we are not going to make any changes here as well. Like we’ll take simple example, let’s say I got my router here and if you want to manage this router, let’s say in this example, this is router two, I want to make some changes, maybe changes or you want to verify the configurations, whatever you want to do.

You generally go to the command line and initiate telnet or SSH connection. So you log into the computer and then use some footy software and you log into the command line by using either SSH or telnet to individual router, individual device. And then you type in the specific commands on that particular command line. So this is a typical way you do in general before Sdn we can say now with Sdn we almost do the same thing. So we are not going to replace the Internet protocol or SSH, we use SSH majorly here SSH, or if it is in GUI then probably we use Http, Https. So here also we do the same thing. But the only difference is now in our network we do have a controller now. So in the previous topics we already discussed the job of a controller. Now what I want is I want to tell it to the router. Now my task is the same thing, I want to log into the router too, and I want to make changes to the router too. That’s something that I want. So now you don’t need to do it from your PC or from your laptop or you don’t need to log into the particular device. Now we have a centralized software we’ll be using, like in our case with Cisco, we have something like Cisco DNA. So we’ll be using some kind of centralized software running on your controller or on the application on the server. Now, with this from this controller, what we are going to do is we are going to issue the specific commands. Now in this software you have a list of devices already present in a GI format.

Now what I’ll be doing is I’m going to select router two from the list or router three. Router four, you need to select all the routers at once. And then I can go to a specific command utilizer. There is an option called over there, I can go and say okay, issue this specific command. I can say that connect to these devices and issue a specific show commands or make these changes. I can type in the commands, whatever you want. Now what I’m doing is I’m not using external putty software or I’m not using any computer. So everything we are going to manage from the controller so the controller can have the capability to initiate SSS session to the individual device where no longer the user has to log in manually. Or even you can schedule this, you can go and say okay, I can schedule this at around maybe 05:00 A. m.

On this particular date I want my software to do this task and you don’t need to be physically present over there. Okay, so this is something what you can do with the controllers. So still we are doing a similar job, but it can be automated. It can be automated with the help of Sdn software or the SGN controllers. Okay? So that’s what I said. Schedule it and issue the commands. Or even you can say okay, at this particular point of time, maybe in the 05:00 A. m. I want my controller to go and issue specific command. Let’s say show process CPU like someone reported around five four a. M. The CPU utilization is going high. Or collect the network statistics, get all this information around this, you can display that information back to the controller. Here the controller. When we are using the SGN controllers, we are not actually changing the existing management plane job.

It still does the same thing and still it uses the similar same protocols. But instead of doing it manually, we are telling the controller to do the same thing. So we are doing it from the centralized console by using some software over there. So this part is same. Additionally, you may see some of the new mechanisms has been developed to manage the devices. Not all the devices support this. It like we have something called Netcom young and some USB chooses some kind of XML based commands. Now these things, let me just quickly give you an overview on this exactly. Netcom stands for network configuration protocol. So it is basically providing a mechanism to install the configurations or install some kind of configurations or make any changes to the existing configurations.

Or you can also delete the configuration on the networking devices. Now, the agents are nothing but your networking devices. You can send these instructions from a centralized console using this one. So basically this NETCONF uses some kind of scripts which are XML based. XML stands for Extensible Markup Language which is a kind of data encoding for your messages or we can say for your configuration data. And whereas again, Yang is actually a modal language. We call it as a modeling language which is going to describe the format of the changes or the configuration changes. Whereas Net confuses actually a protocol that is going to apply. So we can say this Yang is like a model data model which defines the format. Whereas Net conf is actually a protocol which is going to apply the changes and they use some kind of XML based scripts. So not all the devices may support. Like maybe you have some router, maybe not all vendors. Or if you’re using some Cisco devices, maybe all Cisco devices may not support this new mechanism. So that is something you need to know.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img