Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

101

102

103

104

105

106

107

108

109

110

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

routes) such that the customer IP subnets can be re-advertised by the WAN IPVPN between the distant

sites.

With Fabric Extend the IP address provided by the WAN provider will become the Fabric Extend source IP

and will be used to originate and terminate all IP (VXLAN) tunnels. Thus the only IP traffic which will be

seen by the WAN provider will be VXLAN encapsulated traffic between the IP addresses it supplied. The

need to run an IP routing protocol with the provider goes away.

Because the WAN service becomes an underlay to Fabric Connect, it is necessary that any IP interfaces used by

Fabric Extend to build the IP tunnels should be isolated from any other IP interface used to carry VSN services

above the Fabric. The correct design approach is to allocate a VRF for Fabric Extend and use this VRF to

allocate the Fabric Extend IP interfaces used to send and receive traffic from the WAN.

This is illustrated in Figure 55. The Fabric Extend VRF should not be used to terminate any L3 VSN (via I-SID

assignment) and thus any IP routes used by Fabric Extend will remain isolated from IP service domains

running above the Fabric (IP Shortcuts and L3 VSNs).

Figure 55 Fabric Extend Deployment Model over WAN L3 IPVPN Service

Note

Use of the GRT (VRF-0) or an L3 VSN enabled VRF for terminating Fabric Extend tunnels

is technically feasible and supported. Such a deployment could be envisaged where there

is a need to preserve IP management to distant Fabric Extend equipment natively over the

WAN service or where Fabric Extend is deployed over a campus LAN architecture and

there is a need to preserve connectivity between the Fabric Extend overlay and the

campus IP routed underlay.

However, such designs should be avoided as they are fraught with additional complexity

to ensure that the IP routes necessary to form the Fabric Extend overlay tunnels must

never end up being replaced with IS-IS IP routes from the overlay, which would result in

the overlay falling apart.

Fabric Extend over the Public Internet with IPSec

The diagram in Figure 56 shows how Fabric Extend can be performed over the public Internet. Only the

Fabric Connect VPN software (e.g. running on XA1400 platforms) can be used in this mode as Fabric

Extend over the Internet requires IP fragmentation and, for security reasons, IPsec must be used to encrypt

the traffic.