Cisco SD-Access Architecture: Controller Layer

Cisco’s SD-Access technology automates the enterprise network using the Cisco DNA Center. The Cisco Software Defined Access controller layer leverages its main components, Cisco DNA Center and Cisco ISE, to provide the management subsystems for the management layer.

The image below shows the different controller layer components and how they interact with each other and with the campus fabric:


The image also shows the Cisco SD-Access controller layer’s three main controller subsystems above. These are the Cisco Network Control Platform (NCP), the Cisco Network Data Platform (NDP), and the Cisco Identity Services Engine (ISE).


Cisco Network Control Platform (NCP)

The NCP is a subsystem of Cisco DNA Center, and it provides the SDA physical and network layers with fabric and underlay network automation and orchestration services. It configures and manages the network devices using SNMP, SSH/Telnet, NETCONF/YANG, etc. It also provides network automation status and other relevant information to the management layer.


Cisco Network Data Platform (NDP)

The NDP assurance subsystem is directly integrated into the Cisco DNA Center. It collects data, identifies historical trends, and analyzes and correlates network events from various sources, such as SPAN and NetFlow. The collected information provides contextual information for Cisco NCP and ISE. It also provides the management layer’s network operational status and other relevant information.


Cisco Identity Services Engine (ISE)

Cisco ISE provides all of the physical and network layer’s identity and policy services. It also provides the policy definition and dynamic endpoint-to-group mapping with Network Access Control (NAC) and identity services. ISE places the profiled endpoints into the scalable group and host pool. The information provides contextual information to Cisco NDP and NCP, enabling the user management layer to create and manage group-based policies. Cisco ISE also programs group-based policies on network devices.


Cisco SD-Access Controller Layer Contextual Information

Cisco DNA Center, NCP and NDP, and Cisco ISE share contextual information with each other using APIs. The contextual information is provided to the management layer in the following manner:

  • NDP shares contextual analytics information with Cisco NCP and ISE. The information is then provided to the management layer by NDP.
  • NCP connects directly with Cisco ISE and NDP, providing contextual automation information between them.
  • ISE integrated directly with the Cisco DNA Center subsystems, NCP and NDP, to provide contextual identity and policy information.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: