Cisco CCIE Security 350-701 – SDN & SDN Controllers Part 2
3. SDN Controllers
Okay, so the next thing we’ll try to get into more details about the Sdn controllers and the different forms. Like it comes in physical or some kind of software. And then we’ll also see some list of vendors opening the Sdn controllers here. So we already discussed, the Sdn controller is like a brain of your network. So this Sdn controller will be having some kind of software, probably we call it as management software or some kind of software. With the help of this software, we can control or we can decide the forwarding decisions of your networking devices. So probably the networking devices, whether routers or switches, they will interact with the Sdn controller through the software. And then this Sdn controller can actually send some kind of instructions or maybe some kind of scripts or maybe some kind of specific commands to change the security policy or change the quality of service policy as per the application requirements.
Okay, so the Sdn controller will be running a software to control the devices. And with Sdn you’ll be controlling everything from the controller, which is going to be a centralized console. And you don’t need to actually touch any of the single devices. Means whether you are adding any new device you can do automatically, you can provision that device to come up. Like we discussed plenty of things in the previous topic with the network automation, what can be automated in the previous topics.
So let’s try to see the different Sdn controllers. The Sdn software comes in two different forms. The first form is you can get something called a physical chassis or the physical appliance. Now physical appliance is just like a dedicated appliance or the device, let’s say a box where normally the vendor sells the box or appliance. Now you’re going to fix this in the rack and then you are going to provide the connectivity. And then this particular box comes with the software, the pre installed Sdn software inside it. So this is the common way of doing the Sdn controller in general.
Or you can also have your software installed on the server where you can have your own dedicated server. And you can get a software in a form where some vendors offer in the form of software, where you can install the software, install or running on your own server. Or you can also run in a cloud because most of the applications nowadays hosted on the cloud. Like we have something called Amazon Cloud or Microsoft Cloud or even Cisco Cloud. And that particular cloud is nothing but a network where you are hosting your applications and that is going to connect to your network and you’re going to run these applications here or the software here on the cloud or on the remote servers. And from there you are going to control your network via Sdn controllers.
So the common option now different vendors offer in different forms. Like we have multiple vendors offering these LGM controllers here. Like specifically if you talk about Cisco, cisco offers LGM controllers in the form of something called appliance. We have something called Cisco Epic appliance. Now this Epic stands for Application Policy Infrastructure Controller. Now this is a dedicated appliance which where you can run the Sdn software. So if you are going with Epic controller, you may have a pre installed Sdn controller software.
Okay, now we do have something called Cisco ACI. So let’s first see about Cisco. Cisco ACI. ACI is again software application setring Infrastructure. That’s what it stands for. Cisco entered into this SGN market by acquiring companies, something like Insem probably in 2013 and started with a product called Cisco ACI. Cisco ACI again is a new fabric based data center architecture automation. So most of the data center automation is done with help of software or call as ACI, which is referred as again Application Centric Infrastructure. Now this ACI generally runs in multiple hardware. So you can run this on an Epic controller or even this also runs in Cisco 9000 series switches. Again, this API, there are different models in this API. We have something like M three and L three models, which is like for medium configurations or maybe for large configurations.
And also this also can be a part of a virtual appliance. Even this Epic comes in a virtual appliance where you can run on your own server as well. Now, even there is something called Epic Em. Epic Em is for enterprise network, for enterprise management. Now, this is again end of sale, I think somewhere around mostly in 31st January 2020. Cisco has stopped this Epic Em product for enterprise management. Now you have a dedicated Cisco Epic model and then there is M Three, L three based on the size of your network or size or the requirement in general. So we’ll be running something called Cisco Epic product, which runs some kind of data center management software like ACI or Cisco DNM. Probably we’ll talk about DNL a little bit more in detail later on for the enterprise management with Epic. Now we talk about other vendors, other vendors like apart from Cisco Epic, we have something called VMware NSX.
Now this VMware comes into picture for SDM probably in 2012, where it has acquired something called a different company. Like I think there is something called Nicira acquired this company and getting to the Sdn market. Now, this NSX is going to provide a full range of networking capabilities in the form of Virtualized Network Farm. Apart from that, again, you have something called Nokia Newage Networks. The Nokia is one of the leaders in the telecom. Mainly it focuses on offering the service Porter virtualized network platform, service portal platform, virtualized service platform, we can say. And mainly it offers you the products to optimize your data center or the cloud or end the LGN operations.
Again, we have something like Juniper. Juniper entered into LGN market probably in 2013. After acquiring a company called Systems in 2002, it has acquired and now the product from Juniper. We call it as juniper contrail. And also there are some other vendors like Big Switch Networks. Now this Big Switch Networks is mainly a US based cloud and data center networking company which was founded in 2010. So these big switch have different products like Cloud Fabric. There is something called big switch cloud fabric. And there is something called switchlight software. It offers and with the help of these tools it is going to offer you something thing called SGN Solution.
4. Networks Managed by SDN Controllers
Okay, so the next thing we’ll try to understand the difference like if you’re managing with the traditional networks, how it’s going to be. Already we have covered majority of things we’ll quickly overview and with the help of controllers, how we are going to do networking or how it’s going to be different when you compare with your traditional networks. So first we’ll try to see the traditional networks overview and then then we’ll also see controller based networking, how it is going to default.
Now, again, when it comes to managing traditional networks, we do box web box management. As already said, you need to go to each and every box, go to the command line of each and every box, whether Telnet or SSH and you will be doing boxware box management whether you want to make any changes or whether you want to do some kind of troubleshooting. So most of the time you’ll be using Telnet, SSH. If your device supports graphical, you still use Http for graphical interface and most of the monitoring will be done with the help of SNMP again, okay, so that is one thing and if there is any device, device generally starts with no or the minimum configurations.
This means whenever you want to add any new device, probably the device either do not have any configurations or just a minimum configurations and it will be very difficult. Probably you need to go and add a lot of complex configurations as per your company requirements either via command line or via GUI options.
And apart from that, most of the traditional networks they do support a feature called ESIC. Now probably like if you take an example of your switches do most of the forwarding inside the hardware. That is your essay chip. Now, with this chip so it’s a kind of chip which will provide you most of the forwarding done in the hardware for faster switching, like referring the Mac tables or IP. Lookup, these other things. So generally the actual forwarding of your packets done inside your hardware which makes the switching of your packets much faster like application specific integrated circuit chip.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »