SD-Access Fabric is a network architecture that uses three key technologies to create a virtual overlay network on top of the physical underlay network. These technologies are:
VXLAN: Virtual Extensible LAN is a tunneling protocol that encapsulates Layer 2 frames in UDP packets and transports them over an IP network. VXLAN enables the creation of large-scale virtual networks that span multiple Layer 3 domains. VXLAN is used in SD-Access Fabric to carry user traffic between different fabric nodes and to provide network segmentation based on virtual network identifiers (VNIs).
TrustSec: Cisco TrustSec is a security framework that uses software-defined segmentation to enforce granular access policies based on the identity and context of users, devices, and applications. TrustSec uses scalable group tags (SGTs) to classify endpoints into logical groups and applies security policies based on the source and destination SGTs. TrustSec is integrated with SD-Access Fabric to provide micro-segmentation within a virtual network and to simplify policy management across the fabric.
LISP: Locator/ID Separation Protocol is a routing protocol that decouples the endpoint identity (EID) from its location (RLOC) in the network. LISP uses two types of devices: ingress tunnel routers (ITRs) and egress tunnel routers (ETRs) to map EIDs to RLOCs and to encapsulate and decapsulate packets. LISP is used in SD-Access Fabric to provide control plane functions, such as endpoint registration, discovery, and mobility. LISP also enables seamless integration of SD-Access Fabric with external networks, such as the Internet, WAN, or data center.
The other options, OTV, RSVP, and MPLS, are not used in SD-Access Fabric. OTV is another tunneling protocol that extends Layer 2 connectivity across Layer 3 domains, but it is not compatible with VXLAN. RSVP is a signaling protocol that reserves network resources for quality of service (QoS), but it is not required for SD-Access Fabric. MPLS is a packet-switching technology that labels packets and forwards them based on label switching routers (LSRs), but it is not involved in SD-Access Fabric. References := : Cisco SD-Access Solution Design Guide (CVD) - Cisco1, Cisco Software-Defined Access - Cisco Software-Defined Access Solution Overview2
