1
00:00:04,450 --> 00:00:09,190
Now in the official search guide that Wendell wrote, he spent a lot of time going over XDA or software

2
00:00:09,190 --> 00:00:10,270
defined access.

3
00:00:10,420 --> 00:00:14,180
Now just software defined could be software defined coffee.

4
00:00:14,200 --> 00:00:19,090
I mean, there's so many terms with this word of software defined networking got abused.

5
00:00:19,210 --> 00:00:21,490
We had software defined networking that was open flow.

6
00:00:21,490 --> 00:00:22,930
Then we had software defined networking.

7
00:00:22,930 --> 00:00:26,260
They were using APIs, we had software defined networking, there was overlays.

8
00:00:26,260 --> 00:00:31,240
So we spoke about overlays and under laser ready basically became software defined, whatever you like,

9
00:00:31,240 --> 00:00:33,860
but software defined access or XDA.

10
00:00:33,910 --> 00:00:39,730
Is Cisco solution of changing the way a enterprise network works?

11
00:00:39,730 --> 00:00:45,430
So traditionally in an enterprise network, we would have spanning tree that causes a whole bunch of

12
00:00:45,430 --> 00:00:50,110
issues because we have to match up forwarding of ports to HSP.

13
00:00:50,140 --> 00:00:53,050
Default gateways causes a whole lot of issues.

14
00:00:53,050 --> 00:00:58,630
So we want to do away with spanning tree and what we do is we just run routing protocols everywhere.

15
00:00:58,750 --> 00:01:03,490
So the default gateway of your PCs will be the local access switch.

16
00:01:03,490 --> 00:01:08,950
So the switch on the edge, the switch that they connect to rather than a call switch or a distribution

17
00:01:08,950 --> 00:01:12,550
switch, we run OSPF everywhere or routing protocol everywhere.

18
00:01:12,550 --> 00:01:17,200
So we do away with spanning tree, we do away with port blocking that kind of stuff.

19
00:01:17,650 --> 00:01:24,100
But in my experience of the CCNA exam, I think it was overkill, the SDA stuff in the OCG.

20
00:01:24,370 --> 00:01:28,210
Now, if I hear otherwise, I'll change this course.

21
00:01:28,450 --> 00:01:30,970
But I wouldn't spend too much time on SDA.

22
00:01:31,510 --> 00:01:37,180
Basically, the idea is the network gets managers of fabric, so we have all these routers and switches

23
00:01:37,180 --> 00:01:43,990
that are controlled by a controller and then similar to NSX from VMware, what we do is we building

24
00:01:44,020 --> 00:01:51,040
tunnels automatically VXLAN Tunnels once again where we build an overlay across the underlay network.

25
00:01:51,040 --> 00:01:57,250
So the core underlay network can be fairly basic rather than configuring a whole bunch of access lists

26
00:01:57,250 --> 00:01:58,300
on the core devices.

27
00:01:58,300 --> 00:02:05,050
We can do everything as a policy on the SDA server and then apply a policy on the network devices and

28
00:02:05,050 --> 00:02:07,960
DNA center will basically build stuff automatically.

29
00:02:07,960 --> 00:02:12,670
So it will build the VXLAN tunnels, it will apply the policies.

30
00:02:12,670 --> 00:02:19,420
So we have this concept once again of intent based networking and intent is I want to do something,

31
00:02:19,420 --> 00:02:24,370
but I don't want to have to explicitly write everything down to make that happen.

32
00:02:24,370 --> 00:02:27,880
So as an example, I want to stop PCA talking to PCB.

33
00:02:28,300 --> 00:02:32,260
In a traditional environment, you have to create access lists that stop those devices from talking

34
00:02:32,260 --> 00:02:39,970
to each other, but with an intent based scenario and, and some of the other controller based implementations,

35
00:02:39,970 --> 00:02:44,260
I would basically say, okay, this guy can't talk to this guy, put a cross there.

36
00:02:44,500 --> 00:02:46,750
So that's all done through a GBE as an example.

37
00:02:46,750 --> 00:02:51,850
And then that applies a policy to the network that basically stops that.

38
00:02:51,850 --> 00:02:56,320
So you as a network engineer don't have to go and configure access lists manually.

39
00:02:56,320 --> 00:03:01,960
Your intent is stop this guy talking to this guy and the network just makes that happen automagically,

40
00:03:02,380 --> 00:03:05,410
which is quite scary in some ways because what happens if it goes wrong?

41
00:03:06,910 --> 00:03:12,400
So the whole idea of this stuff is fantastic and I don't want to blow it out of the water straight away,

42
00:03:12,400 --> 00:03:17,170
but just be aware that you should kind of understand what's going on under the hood because what happens

43
00:03:17,170 --> 00:03:18,130
if something goes wrong?

44
00:03:19,150 --> 00:03:26,230
But the principle is we have an underlay network, then we put VXLAN tunnels over it, which allows

45
00:03:26,230 --> 00:03:30,700
us to apply policies on the overlay network rather than on the underlay network.

46
00:03:30,700 --> 00:03:37,150
So we can stop this guy talking to this guy much more easily using these tunnels then to try and have

47
00:03:37,150 --> 00:03:42,410
a single access list on an interface of a router that blocks people across the entire network.

48
00:03:42,410 --> 00:03:44,530
A much better way of doing things.

49
00:03:44,530 --> 00:03:45,940
It's basically the way it's going.

50
00:03:45,940 --> 00:03:53,440
So we have a controller that manages a whole bunch of devices in the enterprise.

51
00:03:53,500 --> 00:03:56,380
Now, just stepping back a second, sorry to jump around.

52
00:03:58,060 --> 00:04:05,710
Software defined networking was more for the data center so it was NSX was a fantastic success in the

53
00:04:05,710 --> 00:04:06,490
data center.

54
00:04:06,640 --> 00:04:11,470
Cisco have ACI also data center product, but what about enterprises?

55
00:04:11,470 --> 00:04:19,899
So SDA is an enterprise solution where we take software defined principles and apply it to an enterprise

56
00:04:20,079 --> 00:04:25,450
and we apply policies on that network rather than in a data center.

57
00:04:25,930 --> 00:04:30,910
So basically simple things like, okay, let's get rid of spanning tree.

58
00:04:30,910 --> 00:04:33,940
So we run OSPF or routing protocol everywhere.

59
00:04:33,970 --> 00:04:36,520
Everything's layer three rather than layer two.

60
00:04:36,610 --> 00:04:39,640
But how do we get this device to talk to this device?

61
00:04:39,640 --> 00:04:45,820
We can apply a policy through a GOOEY or a management station or a controller if you want to use the

62
00:04:45,820 --> 00:04:46,810
the right term.

63
00:04:46,900 --> 00:04:53,170
That applies the policy onto the network without you having to manually configure a whole bunch of stuff.

64
00:04:53,590 --> 00:04:56,710
The idea is, is this term of abstraction?

65
00:04:56,950 --> 00:04:58,600
Abstraction is used everywhere.

66
00:04:59,350 --> 00:05:05,860
As an example, if I want to write a piece of Python code, I don't have to know how to make that do

67
00:05:05,860 --> 00:05:07,060
something on a hard drive.

68
00:05:07,060 --> 00:05:10,360
I'm abstracted from the low level programming.

69
00:05:10,360 --> 00:05:17,110
The operating system abstracts me from the hardware operating system, abstracts me from network cables,

70
00:05:17,110 --> 00:05:18,070
stuff like that.

71
00:05:18,070 --> 00:05:24,100
I'm programming in a high level programming language python that goes all the way down through the stack

72
00:05:24,100 --> 00:05:26,350
and actually make something happen.

73
00:05:27,040 --> 00:05:29,350
Something happen on the the network.

74
00:05:29,440 --> 00:05:33,580
So I'm extracted from assembly language as an example.

75
00:05:33,580 --> 00:05:35,830
I'm abstracted from low level stuff.

76
00:05:35,830 --> 00:05:40,390
I use my brain for doing high level stuff rather than low level stuff.

77
00:05:40,540 --> 00:05:42,220
So very real world.

78
00:05:42,220 --> 00:05:43,540
Example Pilots.

79
00:05:44,380 --> 00:05:49,240
A pilot today doesn't fly from the UK to the US manually the whole way.

80
00:05:49,570 --> 00:05:50,320
What do they use?

81
00:05:50,320 --> 00:05:51,550
They use autopilot.

82
00:05:51,760 --> 00:05:59,830
So the idea is autopilot allows the pilot to take care of high level tasks while the low level stuff

83
00:05:59,830 --> 00:06:01,990
is taken care of using autopilot.

84
00:06:02,380 --> 00:06:08,470
Now the airplane has all of these sensors that give information about altitude, stuff like that, and

85
00:06:08,470 --> 00:06:10,690
then the plane can guide the pilot.

86
00:06:10,690 --> 00:06:19,870
But autopilot can cause problems where the pilot tries to manage the network, or should I say the plane

87
00:06:19,870 --> 00:06:25,360
through autopilot by adjusting various high level parameters rather than just grabbing the plane and

88
00:06:25,360 --> 00:06:26,170
flying it.

89
00:06:26,170 --> 00:06:31,780
And there was a really interesting video where they were talking about this issue where automation has

90
00:06:31,780 --> 00:06:38,110
actually caused crashes because pilots no longer fly the plane like physically fly it.

91
00:06:38,140 --> 00:06:41,680
They try and adjust the planes flying through autopilot.

92
00:06:41,680 --> 00:06:47,260
So they they try and feed information to autopilot that then flies the plane and adjusts adjusts the

93
00:06:47,260 --> 00:06:47,680
plane.

94
00:06:47,680 --> 00:06:53,830
But if you've got a plane flying at you, you as a pilot should grab the airplane and fly it out of

95
00:06:53,830 --> 00:06:56,350
the way rather than trying to adjust autopilot.

96
00:06:56,350 --> 00:07:00,490
And I think that's the same thing that we as network engineers need to be careful of, is don't rely

97
00:07:00,490 --> 00:07:06,010
on the autopilot or the cleverness of all of these applications.

98
00:07:06,010 --> 00:07:12,010
When the network is burning or there's a fire, you need to jump in and fix the problems.

99
00:07:12,010 --> 00:07:17,560
So automation has its place, but it's still important to understand how networks work because automation

100
00:07:17,560 --> 00:07:23,050
will allow you to break a network very, very quickly if you don't understand what your automation is

101
00:07:23,050 --> 00:07:23,620
doing.

102
00:07:24,040 --> 00:07:30,520
I mean, if a programmer just writes a script that sends a whole bunch of beeps into a network running

103
00:07:30,520 --> 00:07:33,160
spanning tree, it could mess up your whole network.

104
00:07:33,160 --> 00:07:37,930
So you need to understand what your program is doing, what these applications are doing.

105
00:07:38,080 --> 00:07:43,990
So there's huge advantages to abstraction, huge advantages to automation, but you still need to understand

106
00:07:43,990 --> 00:07:44,680
networking.

107
00:07:44,680 --> 00:07:46,840
So I think Cisco have done a good thing here.

108
00:07:46,840 --> 00:07:51,400
10% of the CNA is automation and programming or programmability.

109
00:07:51,640 --> 00:07:54,580
90% is a lot of traditional network stuff.

110
00:07:54,580 --> 00:07:57,280
You still a network person, it's still a network engineer.

111
00:07:57,280 --> 00:08:05,350
You still need to understand protocols like spanning tree, OSPF, etc. But I think for me the programming

112
00:08:05,350 --> 00:08:11,620
side is very exciting because Cisco now have this dev network, so you have this world in front of you

113
00:08:11,620 --> 00:08:13,000
which didn't exist.

114
00:08:13,510 --> 00:08:17,680
I'm recording this, you know, not long after the CCMA was released.

115
00:08:18,280 --> 00:08:25,090
You've got this world now where you can go traditional networking with a bit of programming, or you

116
00:08:25,090 --> 00:08:27,370
can go programming with a bit of networking.

117
00:08:27,490 --> 00:08:31,360
So I think if you're starting in your career, you have two wonderful choices.

118
00:08:31,360 --> 00:08:33,880
And I mean, you just got to decide what you enjoy.

119
00:08:33,880 --> 00:08:38,710
Do you enjoy programming with a touch of networking or do you enjoy networking with a touch of programming?

120
00:08:38,710 --> 00:08:42,340
I think those are going to actually become closer and closer in future.

121
00:08:42,340 --> 00:08:47,950
So five or ten years from today, the line between networking and programming will just draw closer

122
00:08:47,950 --> 00:08:48,730
and closer.

123
00:08:49,000 --> 00:08:51,820
Networking is changing, and I've been saying this for many years.

124
00:08:51,820 --> 00:08:53,920
I mean, now we're going more to the cloud.

125
00:08:53,920 --> 00:08:57,130
So cloud stuff is becoming more important, but.

126
00:08:57,770 --> 00:09:00,760
To think that if you put it in the cloud, it's going to solve your network problems.

127
00:09:00,770 --> 00:09:01,750
It's still a network.

128
00:09:01,760 --> 00:09:05,660
You still have to manage the network cloud as in your network.

129
00:09:05,780 --> 00:09:08,210
I mean, if you put a VM in in the cloud, it's cool.

130
00:09:08,210 --> 00:09:08,990
It's just a VM.

131
00:09:08,990 --> 00:09:15,170
But what happens if you have virtual machines in Asia and in America and in Europe, suddenly you start

132
00:09:15,170 --> 00:09:19,310
working with load balancers, you start working with firewalls, you start working with access control

133
00:09:19,310 --> 00:09:24,470
lists, you start working with VLANs, not call that, but you start working with all the traditional

134
00:09:24,470 --> 00:09:25,390
networking stuff.

135
00:09:25,400 --> 00:09:28,520
So just because it's in the cloud doesn't mean that you can ignore networking.

136
00:09:28,520 --> 00:09:31,250
Still going to be a lot of work for network engineers.

137
00:09:31,520 --> 00:09:35,210
It's just the roles may change rather than typing on the CLI.

138
00:09:35,240 --> 00:09:41,710
You might be working in a controller or in the cloud, but you still need to understand networking principles.

139
00:09:41,720 --> 00:09:48,050
Okay, so that was quite a long ramble, a hope that kind of discussion was valuable to add to the course.

140
00:09:48,260 --> 00:09:57,170
I'm going to show you some more practical stuff now in the rest of the course, but hopefully that gives

141
00:09:57,170 --> 00:10:03,380
you a good idea of what's important for the exam and kind of sets the, the 10,000 foot view and overview

142
00:10:03,380 --> 00:10:06,350
of of programming and network automation.