Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

Reference Architecture

The goal of network virtualization is to decouple the physical infrastructure from the network services used

to interconnect distinct user communities and their applications. Users and devices connected to the

network will only see the virtual network to which they belong and are allowed to communicate only with

other devices in the same virtual network. User communities can be kept separate from one another and

made to access only the applications that they need, increasing the security of the network. Each virtual

network holds the addressing (IP routes, MAC addresses), QoS parameters, and security and access policies

that pertain to that user community, increasing the scalability of the network.

Apart from these obvious benefits, true network virtualization brings about greater benefits in terms of

agility in adapting the network to new applications, new users, and business needs. Much like server

virtualization has brought about a transformation in the way applications are managed and deployed in the

data center, a virtualized network infrastructure fundamentally changes the way networks are managed,

providing the ability to dynamically create, modify, or remove services without affecting other services or

requiring maintenance windows.

Extreme’s Fabric Connect, which offers virtualization capabilities for L2, L3, and multicast, is based on the

Shortest Path Bridging (SPB

) protocol, delivering the above-mentioned benefits. It provides a scalable

architecture over a dramatically simplified protocol stack (as compared to MPLS or EVPN), which in turn

results in efficiency gains in network design, operation, and maintenance.

An SPB network uses a single instance of Intermediate System to Intermediate System (IS-IS) routing

protocol whereas MPLS and EVPN require and depend on multiple protocols (OSPF, BGP, LDP, PIM, etc.).

As only one protocol is used in the core all service types benefit from the same fast resiliency without any

protocol dependencies.

Shortest Path Bridging Fabric

Shortest Path Bridging (SPB) is rapidly becoming one of the leading network technologies to deliver an

Ethernet based fabric where all networking services, whether IPv4, IPv6, IP Multicast and/or simply L2

VLANs can be decoupled from the physical infrastructure and virtualized to meet the needs and demands

of typical mid to large enterprises.

SPB was originally defined for carrier Ethernet networks to complement and extend carrier MPLS

backbones. The attributes that made SPB valuable for carrier network providers provide a solid foundation

for virtualized enterprise networks based on a dramatically simplified architecture.

SPB is the combination of three IEEE standards (Table 1) that deliver a new paradigm to the way in which

Ethernet-based networks can operate. SPBM uses Mac-in-Mac encapsulation with the edge device source

and destination IP/MAC addressing encapsulated by the backbone MAC addresses of the nodes on the

edge of the fabric servicing the edge devices. This provides a simple forwarding function because the core

only needs to know the shortest path to the target fabric edge node. The MAC address of the edge node

(switch) is referred to as the Backbone MAC (BMAC), which is used for reachability to other SPBM nodes

using IS-IS as the Interior Gateway Protocol (IGP). A node in the core has a very simple job to do as it only

has to look at the backbone MAC address and forward the packet. The Mac-in-Mac encapsulation

mechanism has no IP addressing required in the core, providing stealth for the network infrastructure.

The IEEE802.1ah Mac-in-Mac encapsulation used by SPBM brings an addressing hierarchy to Ethernet

where the network addressing of end-stations and user devices (whether at L2 with MAC addresses or at

L3 with IPv4 or IPv6 addressing) are always seen as being reachable via a fabric node using the node’s MAC

address (BMAC). From any given source node, the destination BMAC uniquely defines a cut-through

forwarding path without any label swapping (MPLS) or hop-by-hop IP routing.

IEEE 802.1aq/IETF RFC 6329