Design, Deploy and Configure Cisco Digital Network Architectures (DNA)



In this course, you will learn how Cisco�s Intelligent WAN (IWAN) solves many challenges related to today�s branch office deployments. You will learn what the IWAN main components are, including Transport Independent WAN connectivity (IPSec DMVPN and MPLS), Intelligent Path Control (with performance routing), Application Optimization (with AVC and WAAS), and Secure Connectivity (Strong encryption, firewalls, CWS). As part of IWAN deployment, you will be faced with Application Policy Infrastructure Controller - Enterprise Module or APIC-EM, as a management platform and automation tool.

At the beginning of the course, you will review Cisco�s Digital Network Architecture or DNA as open and extensible, software-driven architecture that accelerates and simplifies enterprise network operations. DNA, as a programmable architecture frees IT staff from time consuming, repetitive network configurations tasks, so they can focus instead on innovation that positively transforms their business. Relationships between DNA and IWAN will be discussed along the course. Labs are built using the latest software versions on related components like routers ISR and ASR, IOS XE, WAVE, vWAAS, APIC-EM, as well as latest conceptual model (IWAN version 2.x.x).


  • IP network designers
  • IP network administrators
  • System engineers
  • Individuals involved in IWAN and DNA deployment and administration


  • Knowledge level equivalent to Cisco CCNA Routing and Switching (CCNP Routing and Switching is preferred)
  • Basic to intermediate knowledge on tunnels, VPNs, and DMVPN
  • A good understanding of QoS basics
  • Basic knowledge and experience with Cisco IOS, IOS XE, and CLI
  • Basic knowledge on device and network virtualization

Learning Objectives

  • Cisco�s Digital Network Architecture (DNA) concepts, features, benefits, terminology and main component
  • How the architecture of DNA innovates common administrative tasks on today�s networks
  • Today�s branch office challenges and how IWAN helps to solve them
  • Four main pillars and components of Cisco Intelligent WAN (IWAN)
  • Transport Independent Design, the various connectivity options and the way they are configured
  • Intelligent Path Control
  • How performance routing is different from traditional destination based routing, routing protocol support and configuration tasks
  • Importance of application visibility
  • Use WAAS for application performance optimization and better WAN resource usage
  • Main elements to guarantee IWAN secure connectivity
  • How Cisco�s APIC-EM helps administrator automate deployment, administration, and compliance checking for network policies end-to-end

1. Cisco�s Digital Network Architecture (DNA)

  • Overview
  • Benefits
  • Guiding Principles
  • Main Components and Functions
  • DNA Automation and Management: APIC-EM
  • DNA Virtualization: NFV and Cisco IOS XE
  • DNA Analytics: CMX
  • DNA Security: TrustSec, ISE, StealthWatch

2. Intelligent WAN (IWAN) General Overview and Main Components

  • Today�s branch office challenges
  • IWAN as a solution for branch office connectivity
  • IWAN�s building blocks
  • Transport Independent Design
  • Intelligent Path Control
  • Application Performance Optimization
  • Secure Connectivity
  • IWAN Management

3. Implementing Transport Independent Design

  • IP Connectivity as transport independent option
  • MPLS Connectivity as transport independent option
  • IP-MPLS connectivity options for headquarter and branch
  • GRE Point to Point and Multipoint tunnels
  • DMVPN overview
  • DMVPN Phases
  • Front Door VRF
  • Unicast traffic over DMVPN
  • Multicast traffic over DMVPN
  • DMVPN sample configurations

4. Implementing Intelligent Path Control with Performance Routing (PfR)

  • Performance routing overview
  • Device Components and Roles
  • Hub Master Controller
  • Hub Border Routers
  • Transit Master Controller
  • Transit Border Router
  • Branch Routers
  • Differences between PfRv2 and PfRv3
  • PfR Policies
  • Enterprise Domain Provisioning
  • Topology Discovery
  • Collecting Performance Metrics
  • Path Enforcement
  • Enterprise Deployment
  • Monitoring (site prefixes, traffic classes, load balance)

5. Implementing AVC for Application Visibility and Adding Hierarchical QoS (HQoS)

  • Collecting Performance Metrics
  • Collecting Traffic Statistics
  • Application Response Time
  • Media Monitoring
  • Netflow and IPFIX
  • Adding Hierarchical Quality of Service (HQoS)

6. Cisco Wide-Area Application Services

  • Introducing Cisco WAAS
  • Identify Platforms and deployment options
  • Implementing Cisco Central Management
  • Installing and Configuring the Virtual Environment
  • Installing and Configuring Cisco vWAAS
  • Configuring Application Traffic Policies
  • Configuring Cisco vWAAS Virtualization

7. Cisco APPNAV

  • APPNAV overview
  • Installing APPNAV Controllers
  • APPNAV-XE Controller Configuration
  • Monitoring the APPNAV Controller

8. IWAN Secure Connectivity

  • Secure Connectivity Overview
  • Securing the WAN Transport
  • Secure Direct Internet Access
  • Full Services Direct Internet Access
  • Direct Internet Access Use Case Scenarios
  • Cisco Trustsec in Branch
  • Secure Connectivity IWAN Customer Scenario

9. Cisco APIC-EM for Management and Automation

  • APIC-EM overview
  • APIC-EM features and benefits
  • APIC-EM supported platforms and software release
  • APIC-EM licensing Model
  • APIC-EM Hardware&Software requirements (for installation � virtual appliance)
  • APIC-EM GUI and navigation
  • Main operations

10. Implementing UCS-E and Cloud Connectors

  • UCS-E
  • Cisco Cloud Connectors
  • Third-Party Cloud Connectors
  • Cisco Akamai Solutions