Cisco CCIE Security 350-701 – SDN & SDN Controllers
1. Automation Origination Points
Okay, so the next thing we’ll try to see the automation origination point. So probably in this section I’m going to cover some few things relating to automation originating points, and then we’ll try to understand what is Sdn and STN controllers. And also we’ll see what are the different ways we manage managing the traditional networks and how it’s going to differ when it comes to managing with your Sdn controllers. So let’s get started here. So the first thing we’ll see what are the automation originating points. So from where exactly you do automation.
So in the previous sections we know generally in our company, let’s say I decided to go with automation now. Now you have to do the automation nothing, but you have to run some kind of scripts or maybe some kind of commands. These things you have to do or you have to start at any one point. Okay, so there are different options where we can do the automation.
There are three different options, but our main focus will be on the Sdn controllers. The third one, but the first one is we can go with something called onbox automation management by using inbuilt scripts, like in the basic topics, I will recover that we can use something called TCL TCL scripts, tool command language scripts.
Now with the help of these particular scripts, we can execute some set of commands and once we execute those specific commands, we can save a lot of time where we can specify multiple IProcess and we can generally do some kind of thing or we can execute a set of commands at one go.
So these are like inbuilt scripts present inside your operating system, apart from the normal commands, what they support. So we can run these scripts, each of them automatically whenever you want to generate some kind of automatic set of commands or automatically automatic policies by using these builtin scripts. Apart from that, we can also use something called Embedded Event Manager. Now, Embedded Event Manager is another inbuilt script inside the Cisco operating system which is going to provide you something called real time protection with some kind of detectors. Real time detection, actually not protection, real time detection.
There are 20 plus detectors present in that. Like one of the example as I showed you, it can detect the log message and according to this log message, we can tell our device to automatically execute specific set of commands. So again, this Embedded Event Manager is also one feature integrated inside the Cisco IBASE software. But again, the problem with this unbox is again it is limited every box supports, but still you need to go to each and every device to automate this specific scripts. So which is again something not scalable. So we can go with some second option where you can still have some servers which will be running some automation software, like network automation software. Like what I can do is I can place one dedicated server, let’s say any of your server, maybe a Dell or maybe a Cisco UCS or any specific server or hardware. And I can install the automation software which I get from the different vendors. Like we have something like puppet shape and ancient. These softwares, I can install it. And this particular software is going to be a guest. This is a sample screenshot of Ansible tower, that is a software from Ansible.
So this software is going to provide you the management management options with the different types of tools available again, and they will provide you some Guip based centralized control where you can not only monitor your network, we can also run some kind of automated scripts and send the instructions to the devices. And also it will provide you some visual, visual board, same like kind of monitoring, but you have a more better control over the network and you can automate automate by using some kind of service which are running the network management protocols. But again, the third option is something what we’ll be focusing here and the third option will be using something called Sdn controllers. Now we’ll talk about Sdn a little bit more detail in the next section. What is Sdn? Sdn stands for Software Defined Working. Now with Sdn we’ll be having one centralized device called Sdn controller.
Okay. Now this controller is going to run some kind of software and this is going to tell how exactly your hardware is going to work. Like the definition wise we can say Sdn stands for Software Defined Networking where the software is going to control how the hardware should behave or how the hardware devices or the networking devices should forward the packets like router switches. Or if any security policy you want to apply, the software is going to instruct the security policies or any quality of service policies you want to apply. So we can say like this is like your brain of your network where all the decisions will be taken or the software is going to control how the networking devices are going to forward the traffic. So we’ll talk about a little bit more in detail with Sdn and Sdn controller a little bit in our next sections. We will be having a software running here. So the Sdn controller with SGN controller will be having a software, the automation software is running inside the controller.
So from the controller we are going to manage the networking devices. So most of this Agent Controller do supports more like SNMP box, where you can do some kind of basic basic most of the monitoring to some extent. You can do some changes if you’re using some vendors, which they offer some kind of agent Controllers where they can provide you the monitoring statistics, like the CP utilization or the Interface status or it can be like bandit utilization. These options just like a monitoring tool like an Snip box. Apart from that you can also push some of the configuration changes towards the devices. But nowadays most of the SGN controllers or the vendors offering these SGN controllers, they do have more power to control the forwarding decisions on the network, so they can send out the instructions to the networking devices.
Based on that, the networking devices will be forwarding the traffic or it will figure out some kind of application requirement. As per the application requirement, the networking devices will be making the decisions. So even if from the engine controller we can have something called artificial intelligence and the machine learning options. With help of these options, you can also automate the troubleshooting steps in the form of a simple easy language. So with SGN controllers, SGN controller is an integral part where the Sdn controller will be having a software which controls your hardware.
2. SDN – Software Defined Networking
To understand how it lets with Sdn which is software defined networking. So the same thing network automation and software defined networking. So Sdn stands for software defined networking. It is the future of networking automation. So in software defined networking we will be using some kind of software or the applications are going to control hardware or the networking devices. So which means in simple words we are going to say that we’ll be using some kind of application or the software on the centralized device, we call it as controller. So I’ll talk about more on this controller probably in the next topic. So probably this controller, the centralized device where you are going to run this application is going to decide how the traffic is being forwarded.
Means just like we have STP, if you’re running STP, STP runs in your network and STP decides the forwarding path, right? If you are using routing, routing protocols will decide the forwarding path which are installed inside the device which is going to do the control plane job where it is going to decide the forwarding path. But that’s no more decided by the devices. So the actual decisions will be taken by the controller. So this particular software resides inside the device called controller. We call this as Sdn controller. So what exactly this and how it’s going to relate with automation? Let’s try to see here. So if you take a simple example over the years, let’s say you got a network. So if you just take a simple example of a network here. So any network which is being built. So how you’re going to build the network? Normally the first thing you’re going to design, you’re going to design like how many clients you have and how many servers you require and what are the different types of servers again and what are the number of switches, routers, firewalls. So all these things you are going to design and based on that you’re going to build the network.
So the next thing is once you design your network, the next step is you provide some kind of connectivity. And once you set up the connectivity, then simply connecting is not sufficient. You will be implementing some protocols, like starting protocols if you’re doing routing. In the case of switching, you have some STP. There are different protocols which are by default enabled which allows you to forward because you have to assign an IP address, you have to configure the routing protocols, you configure the VLANs to submit the traffic. So these all come under this. And after that you are going to run the applications which are going to run like you’re running some kind of video conferencing application on your network. And these applications will work depending upon the network, whatever you set up, right? So the end requirement of setting up the network is to ensure that your applications or the end users applications or whatever the resources you are trying to access over the network so those should be working fine.
So most of the time these applications normally works, but again the applications may not work as per the requirements. If there is some kind of networkrelated issues like maybe the application may not work. If there is a bandwidth requirement is high and your network is not having enough bandwidth to process or maybe that particular path is not having the required bandwidth to forward that traffic. So the applications may work, may not work, it depends upon your network again, but again these two are like separate process so the applications and the network are totally separated. Means if there is any application requirement I’m not going to say to the network that I got this requirement so you please change the forwarding path. So these two are like separated and also in the future you may want some kind of policy you need to apply. Maybe a security policy should be applied for specific applications later on and these policies may vary for different different requirements or different types of applications. So this is a kind of traditional network, so this is a kind of traditional network, what we generally use and one of the problem with this traditional network is the application requirements will keep changing. Like let’s say I’m running some XYZ application which is the main core application in my company network, maybe I’m working for a company which hosts video conferencing applications and this core application requirement may change depending upon the number of users connect, right?
Because let’s say I have a client, let’s say I have some 1000 clients in my network. According to that my network has been set up, designed and it’s working fine with this. So maybe in the future, next two years the number of clients may go may double, maybe 2000 or 5000 like that. Again, that’s where the problem comes. Okay? So the requirement may change dynamically. So we need something this policy should dynamically change based on the requirements. So what I want is if the application requirement is not, let’s say the application requirement is using the specific path and if there is any kind of delay or if there is some problem, I want this to be used as an alternate path.
So I want my network device like router to change the routing path dynamically depending upon the application requirements or change some kind of quality of service policies like new priority to specific traffic or change the reservation, the bandwidth reservations or change the bank requirements. So you want some kind of dynamic policies to be applied according to the requirement of the applications. But in normal traditional network applications we do configure some quality of service but this is more like a static policy and when the requirement changes you need to identify and then you need to manually change again, so there is a lot of manual intervention is required here. So this is one kind of challenge you generally see. So with Sdn we are going to overcome these challenges. So with Sdn, how we are going to overcome these issues? Like now let’s take the same example, the similar example with Sdn. Now the software defined networking like nothing but automation.
So we are going to still have the same basic network, like we still have the networking devices, we still design the network, we still connect them and then we implement some kind of routing to provide the reachability. So this is something the core network, we can say the core network, you configure the VLANs, those kind of things. So on the top of it, probably on the top of the existing network, we are going to set up something called Sdn, the software defined networking. So with the help of Sdn, the software defined networking, what we are going to do is we are going to tell that particular applications or the application of the softwares which are going to decide the forwarding path or we can say the applications are going to interact with network.
So it’s like by default there is a separation. Applications have no control over the network. Unless administrator comes and says this application requires more bandwidth, I go and say okay, change the bandwidth requirement on the network. So manually you have to do normally. But here the manual intervention is no more, so there’s no more manual. So the applications are going to interact with the network like they are going to talk to each other and then the application is going to say that okay, this particular application is going to say this is my requirement. So some requirement, maybe you want this amount of bandwidth required for this application right now, maybe that can change next time. But right now this is the amount of bandwidth which are required for a proper working of that particular application. Or maybe whenever you run this application you need to apply this security policy. And this security policy says that okay, this application is only accessible to specific users or specific users or specific servers only you can access specific servers, something like that. Or maybe the quality of service policy. So it can be anything. I’m just listing few of these options here. Now based on this particular requirement, now the controller, of course you do have something called controller, the controller. So probably the controller will be aware of these requirements. So the controller will get these requirements and this controller is going to dynamically tell these devices dynamically to apply few changes like maybe it can tell okay, change this particular route or add the routing table, new route entry or the new forwarding path.
So don’t use this path because this path is not having enough bandwidth. So use this path or apply this particular quality of service policy because according to that application requirement you have to change the policy a little bit or maybe you need to change, you need to add this particular security policy for this particular application. So now here the application is going to decide how the network is going to power the traffic. So in simple words probably I’ll talk more on this in the later on, like control plane, data, plane separation. So these devices, they actually forward, they only forward just like in the traditional network. Also they do forward, but in SGN also they will be forwarding. But actually the decision will be taken by the controller. So the controller is going to take the ration, not the router. Like normally the router maintains some kind of routing table. And this routing table you have what is the next hop and what’s the interface. According to that it will route or based on the configurations, what you do on the router. So it’s no more like router. Router can be a dumb device. It depends where it will just do the forwarding, where the actual decisions will be taken by the centralized software running on the controller. We call this as Sdn controller.
So technically that is what we call as SGN controller. And this is what the Sdn, the software defined networking, where the softwares are going to control the hardware devices or the networking devices, what they should do, how they should forward. The same thing with the SDM. As I said, the network administrator or the engineer can shape the traffic from the centralized console, that is from controller. We call it as technically Sdn controller. Without going to individual devices to make any changes means we are not going to these devices. So there is some kind of communication. So this controller is going to push the policies, push the configurations to these devices and they just act according to the controller and there’s no more manual, you don’t need to touch individual devices, it can be switches, routers or any other devices.
So that’s what software defined networking is what makes this network automation possible. So in other words, we can also define the Sdn as the same thing like network devices. If I just describe the same scenario, what I have explained here, the same thing in the points here. So all these networking devices will do forwarding the forward the messages, typically ethernet frames or IP packets in the case of routing. So what we are doing is with the help of network programmability or with the help of Sdn, we are going to take those particular ideas and what we are going to do is we are going to rearrange means the decision is not taken by the individual devices.
So the controller will take the particular edition. So all the ideas analyze the species and probably this controller is going to analyze all the individual requirements and then it’s going to figure out what is the best way to forward as per the requirement and then reassemble all those things. And it’s going to decide how the forwarding or the networking should work. So at the end, you will see the devices will still forward the traffic, but it’s a kind of rearrangement of the way it forwards the packets, because the network is going to still forward the messages, but how it is going to forward and those things has been changed. So how and why has have changed here? So with Sdn, with the software defined networking, the network engineer can shape the traffic from a centralized console. As I said.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »