乾颐堂数据中心新课发布：《LISP in SDA》

上课时间：11月份中旬授课（具体时间将在DC群里通知）

授课老师：DC马海波

听课学员：仅限DC学员

课程简介：

The SD-Access architecture is supported by fabric technology implemented for the campus, which enables the use of virtual networks (overlay networks) running on a physical network (underlay network) in order to create alternative topologies to connect devices. SD-Access is enabled with an application package that runs as part of the Cisco DNA Center™ software for designing, provisioning, applying policy, and facilitating the creation of an intelligent campus wired and wireless network with assurance. Fabric technology, an integral part of SD-Access, enables wired and wireless campus networks with programmable overlays and easy-to-deploy network virtualization, permitting a physical network to host one or more logical networks to meet the design intent. In addition to network virtualization, fabric technology in the campus network enhances control of network communications, providing software-defined segmentation and policy enforcement based on user identity andgroup membership. Software-defined segmentation is seamlessly integrated using Cisco TrustSec® technology,providing micro-segmentation through the use of scalable groups within a virtual network. Using Cisco DNA Center to automate the creation of virtual networks reduces operational expenses by simplifying deployment, reduces risk through integrated security, and improves network performance through assurance and analytics capabilities. 

思科软件定义访问架构是部署在园区网的互联矩阵技术，它能够使用运行在物理网络（底层网络）之上的虚拟网络（叠加网络）来创建非传统的拓扑联接设备，软件定义网络可以利用作为DNAC软件一个部分的应用包实现设计，置备，应用策略和实施创建智能的可靠的有线和无线园区网络，互联矩阵技术作为软件定义访问的集成的部分，允许底层物理网络去承载一个或多个逻辑网络用于满足意图设计，此外网络虚拟化，在园区网里的互联矩阵技术增强了网络互通的控制，提供的软件定义分段使用了思科TrustSec技术

被无缝的集成，通过使用虚拟网络里的扩展组实现微分段，使用DNA中心可以自动的创建虚拟网络减少运维的花费以简化部署，通过集成的安全以减少风险，以及通过审计和分析功能提高网络的性能

SD-Access configures the overlay network with a fabric data plane by using virtual extensible LAN (VXLAN) technology. VXLAN encapsulates and transports complete Layer 2 frames across the underlay, with each overlay network identified by a VXLAN Network Identifier (VNI). The VXLAN header also carries the SGTs required for micro-segmentation.

软件定义访问使用VXLAN技术配置带有互联矩阵数据平面的虚拟叠加网络，VXLAN封装和传输完整的2层帧数据通过底层网络，利用VNI标示每一个虚拟叠加网络，VXLAN的头部也携带了用于微分段的SGTs（乾颐堂数据中心基础课程已经包含了详细VXLAN技术的课程）

The mapping and resolving of endpoints requires a control plane protocol, and SD-Access uses Locator/ID Separation Protocol (LISP) for this task. LISP brings the advantage of routing based not only on the IP address or MAC address as the Endpoint Identifier (EID) for a device but also on an additional IP address that it provides as a Routing Locator (RLOC) to represent the network location of that device. The EID and RLOC combination provides all the necessary information for traffic forwarding, even if an endpoint uses an unchanged IP address when appearing in a different network location. Simultaneously, the decoupling of the endpoint identity from its location allows addresses in the same IP subnetwork to be available behind multiple Layer 3 gateways。

映射和解析末端点需要一个控制平面，软件定义访问使用LISP完成这个任务。LISP拥有路由优势基于不仅具有IP地址或MAC地址作为设备末端点的身份（EID）还有一个额外的IP地址作为提供路由定位（RLOC）用于表示设备的网络位置，EID和RLOC混合在一起提供流量转发的必要信息，假设一个末端点设备出现在一个不同的网络位置环境下依然可以使用一个不改变的IP地址。同时，末端身份和它的网络位置解耦性允许相同子网的地址可以在多3层网关的后面依然可用。

课件展示：

欢迎继续关注乾颐堂，视频继续更新中，视频资料问题联系小美3240149070，

乾颐堂提供

思科.华为.Python学习

CCNA｜CCNP｜CCIE｜HCIA｜HCIP｜HCIE

路由交换｜安全｜DC数据中心｜无线｜云计算

乾颐堂客服热线：400-618-8070

乾颐堂官网：www.qytang.com

乾颐堂网络实验室 我们为您想的更多