Sunday, 12 November 2023

Cisco Intent-Based Networking: Part I - Introduction

 Introduction

This chapter introduces Cisco's approach to Intent-based Networking (IBN) through their Centralized SDN Controller, Cisco DNA Center, rebranded as Cisco Catalyst Center (from now on, I am using the abbreviation C3 for Cisco Catalyst Center). We focus on the network green field installation, showing workflows, configuration parameters, and relationships and dependencies between building blocks. The C3 workflow is divided into four main entities: 1) Design, 2) Policy, 3) Provision, and 4) Assurance, each having its own sub-processes. This chapter introduces the Design phase focusing on Network Hierarchy, Network Settings, and Network Profile with Configuration Templates. 

This post deprecates the previous post, "Cisco Intent-Based Networking: Part I, Overview."

Network Hierarchy

Network Hierarchy is a logical structure for organizing network devices. At the root of this hierarchy is the Global Area, where you establish your desired network structure. In our example, the hierarchy consists of four layers: Area (country - Finland), Sub-area (city - Joensuu), Building (JNS01), and Floor (JNS01-FLR01). Areas and Buildings indicate the location, while Floors provide environmental information relevant to wireless networks, such as floor type, measurements, and wall properties.


Network Settings

Network settings define device credentials (CLI, HTTP(S), SNMP, and NETCONF) required for accessing devices during the discovery process. Additionally, network settings describe global configurations (DHCP, DNS, NTP, AAA, and Telemetry) applied to devices during provisioning at a site. We also configure a global IP pool, which we can later break down into site-specific subnets.

In order for you to use the Cisco Identity Service Engine for device/client AAA services (Authentication, Authorization, and Accounting), C3-ISE integration is required. To integrate the Cisco Identity Service Engine with C3, enable the pxGrid persona and External RESTful Service (ERS) in  Cisco ISE. Subsequently, connect C3 to pxGrid as an XMPP client. As the final step, migrate ISE Group-Based Access Control policies to your C3. Through the ISE-C3 integration, you can utilize C3 not only as an AAA server but also for configuring Scalable Group Tag (SGT) policies between groups.


Configuration Templates and Network Profiles

Next, we build a site and device type-specific configuration templates. As a first step, we create a Project, a folder for our templates. In Figure 1-1, we have a Composite template into which we attach two Regular templates. Regular templates include CLI configuration parameters and variables. Then, we create a Profile into which we associate our templates. In Figure 1-1, we have attached the Composite template to the Profile. We make the templates available for devices, which we later provision to the site using a profile-to-site association. Note that we are using Day-N templates. Day-0 templates are for the Plug-and-Play provisioning process.


Figure 1-1: Design – Network Hierarchy, Global Network Settings, and Network Profiles.


No comments:

Post a Comment