Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:


Cisco Products that Strengthen Software-Defined Network Solutions

Jan. 22, 2019
Chris Olsen

In support of software-defined networking, Cisco has introduced several products to strengthen networks and meet the increased demand for flexible and cost-efficient solutions. The Cisco SDN solution in the data center is ACI. Outside the data center the primary Cisco solution is DNA.


Cisco Application Centric Infrastructure (ACI)

In April 2013, Cisco announced the release of ACI, which is the premier software-defined networking solution in the data center. ACI is based entirely on the declarative programming model. Cisco ACI must contain three categories of hardware:

  1. Spine
  2. Leaf
  3. Cisco Application Policy Infrastructure Controller (Cisco APIC)

The spine and leaf switches are always Cisco Nexus 9000 series products. All leafs are cabled to all spines. Leafs are never cabled to each other and spines are never cabled to each other.

In ACI, the SDN overlay protocol is always VXLAN and the underlay is always IS-IS. These protocols require zero configuration and operate functionally as a team the instant ACI is provisioned. Network infrastructure engineering is fully automated.

The APIC is the mandatory SDN controller. Three or five APICs are supported in an ACI production environment. The APICs are all in an active arrangement and each contains the identical database of all network and security configurations. The APICs always cable into the leafs. All network intelligence is in the APIC, and its policies are pushed to all spines and leafs with the SDN southbound protocol called opflex. There is nothing to configure in opflex—it is functional from the first instance that ACI is provisioned. Instead of configuring every network device, only the APIC requires configuration.

ACI is exceptionally secure as it operates on a whitelist model, which only allows network connectivity between data center devices to exist if it is declared.


Cisco Digital Network Architecture (DNA)

DNA is Cisco’s newest management solution and is an implementation of SDN. While ACI is SDN in the data center, DNA is SDN and can be implemented for campus and WAN devices.

DNA is based on intuitive workflows and also on a declarative model. The result is a reduction of time to provision network devices.

DNA Center is the Cisco single dashboard for network automation that contains zero touch provisioning and can be used for the campus, branch and WAN networks. Policy driven provisioning can be implemented with DNA Center with guided remediation.

Troubleshooting networks can be time consuming. DNA Center contains DNA Assurance, which learns, adapts and troubleshoots problems before they happen.

With intent-based APIs, DNA Center can improve the billing and compliance of applications such as, Microsoft Exchange and Oracle. Previously, security was focused only on dedicated devices such as firewalls. Now, DNA Center increases security visibility by advanced security analytics with encrypted traffic.


Cisco SD-Access

Software-defined access, or SD-Access, is built on the principles of Cisco DNA and operates from a controller. Traditionally, the main focus of networking was to create connectivity. The reality is that if all devices can communicate to all devices in a network, security becomes inherently lower.

Of course, devices that need to communicate to each other require connectivity. But for all devices that do not have a business need to communicate, isolation is best for networking security. In a large network, such detailed isolation can be a massive task. SD-Access provides a solution to scalable isolation by providing end-to-end segmentation for different users and devices over the LAN and WLAN.


Cisco SD-WAN

Cisco DNA can be extended further into the WAN transport of MPLS and 3G/4G LTE with SD-WAN. Users connect to services hosted by multiple cloud providers, which often causes user performance to suffer due to non-optimal WAN networking. SD-WAN optimizes user experience to cloud-based applications, offered as SaaS, by optimizing bandwidth utilization and improving security. SD-WAN uses a centralized controller to create a secure experience over the WAN that is scalable to thousands of users.

SD-WAN can also be extended into unified communications by improving QOS from the WAN to integrated service routers acting as voice gateways.


Network Programmability

The most powerful programming language to perform network changes in either imperative or declarative programming is Python. Python is a free open source programming language. Its value has grown exponentially in network engineering as a result of the robust Application Programming Interface (API) support.

An API is simply a mechanism to allow two or more software programs to communicate with each other. The API with the largest growth in implementation is representational state transfer, or REST. If you take a web browser and go to a website with HTTP or HTTPS, you are using a RESTful interface. The most popular SDN controller, API, is REST. The sheer number of global websites that exist demonstrates the value and implementation of REST. Python has full support for RESTful interfaces. A Python script can run from a Linux or Windows machine across the network to a RESTful interface on an SDN controller like the ACI APIC. This powerful combination allows the network programmer to automate.

Software-defined networking has evolved. It now encompasses many different products and protocols that allow network changes to be made more efficiently than ever. The traditional approach of network configuration one device at a time with the CLI is being replaced by software-defined networking and network programmability. The Python programming language has evolved to become the most powerful language to implement SDN as well as traditional networking. The result of implementing Python and SDN is a major increase in agility as well as network productivity.


About the author

Chris Olsen has been an IT trainer since 1993 and an independent consultant and technical writer since 1996. He has taught over 60 different IT, data center and telephony classes to over 15,000 students. He is a technical editor for Global Knowledge’s lab manuals and has published three books with Cisco Press, CIPT part 2 version 6 and 8 and CCNA Voice Flash Cards. He is an author and technical editor for both Microsoft OCS 2007 and 2007 R2 certification exams. He is a technical author for Cisco-certified courses. He has also authored technical exams for Cisco’s certification program. Mr. Olsen can be reached at


Learn more

Learn more about software-defined networking and Cisco programming.

Cisco Software-Defined Networking 
Cisco Application Centric Infrastructure (ACI) 
Cisco Digital Network Architecture (DNA) 
Cisco Software-Defined Access (SD-Access) 
Cisco Software-Defined WAN (SD-WAN) 
Cisco Network Programmability

Visit or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor.

Related resource

Article: What is Software-Defined Networking?

White paper: Cisco’s Intent-Based Networking and the Journey to Software-Defined Networks