Cisco’s Campus Fabric: Preparing For the Internet of Things
In this article, we take a close look at Cisco’s Campus Fabric. Let’s understand what Campus Fabric does and why it is important.
First, you will need to know what SDN is. SDN denotes a switch from the traditional hardware-based IT delivery to the more nimble and flexible software-based resources, which can be called up through a code. This signifies a big change seen recently in which most network functions have been virtualized through NFV and are now run separately from the main hardware.
The changes seen here signify a fundamental change in the way networks are designed or provisioned. But in spite of the changes, the fact remains that there is still a strong requirement for robust LAN and WAN architectures that come with well defined capabilities. Campus Fabric from Cisco is an attempt to make that happen. It features top-of-the-line technologies such as TrustSec. It adds a much superior level of functionality which is much easier to configure and deploy.
Campus Fabric is very complex, and cannot be explained fully in just a short blog post. But let’s look at some examples of how it has made such a big difference when it comes to security, and made it easier to configure and control the secure access. For this, you should know what it means to segregate a network. Segregation of a network has been achieved for many years through manual mechanisms, such as using various forms of IP subnets or creating VLANS.
Using Campus Fabric, you will be able to create a multiple segregated virtual network (VN), which spans the same hardware that the network is based on. TrustSec allows you to create role-based security group tags, which make it easier for you to detect people that are on the edges of the network and provide them with the right VN. This way you will be able to enforce a proper security policy across the network. The important thing to note here is that Campus Fabric secures and authenticates the access by an individual and not the access by a device. This is a major difference.
Virtual networks provide you with a very robust level of segregation, which allows for a very strong security. This is perfect for most scenarios such as controlling access through various user groups and also for more complex situations. When you take two entirely different organisations which share the same campus and need total security from one another, you should know that they may use the same hardware but need to penned into two separate and independent virtual networks.
Scenarios where Campus Fabric can be useful
Campus Fabric is Cisco’s solution to an issue that most data center managers would know about – stretched VLANs. When you have a main office in Houston and a branch in Dallas, for example, you will be running a legacy app at both sites, which functions only if all instances are based on the same subnet. The way this was done is the past was to stretch the VLAN across multiple sites, but that leads to complications such as network outages and spanning tree loops.
Is there a better solution to this? Yes – Campus Fabric makes it possible for you to build an underlying network based on a sophisticated network design which allows the single-stranded VLAN to be tunneled on it. Another scenario where Campus Fabric will be useful is one where your server team has decommissioned a server but have forgotten to inform the other members of your staff who manage your routers, firewalls and switches about it. So, if there is another device in place and it takes up the IP address of the server that has been vacated, you have a problem on your hands.
In the past, when this happened, the device was exposed to hackers and could have been compromised easily, allowing them access to your main resources.This issue has been resolved through TrustSec, which enforces network policies on the basis of identity and does not allow for any privileged level of access once the server is switched off. This identity based network service offers an extra layer of protection to your network.
We have discussed a few scenarios in which Campus Fabric could make such a big difference to your network. Networks today are getting more simplified and automated, and this has made it possible to provide them with more powerful features. What this does is to make things easier for the IT department and presents you with a much more modern and dynamic network.
Why is this important? You are no doubt familiar with the Internet of Things and how it has led to a massive increase in the number of security breaches of the devices that are going to be connected to the network or will want access to it. Segregation of the network is absolutely essential to manage this massive IoT traffic. Segregation makes it possible for you to control the access to the devices, and ingress and egress of the data which is created by the surge in traffic caused by these devices.
What we are going to have in the future are more intelligent, smarter networks that are defined by software. This will allow you to take advantage of the surge in the number of connected devices and limit the damage that can be caused by external factors beyond your control on the network.