Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

The third standard is IEEE802.1ag, which is the new foundation for Operations, Administration &

Management (OAM) over Ethernet-based networks for Connectivity and Fault Management (CFM). Defined

by carriers for use on carrier-grade networks (including MPLS-based ones), this standard brings to Ethernet

and SPB a far more sophisticated troubleshooting toolkit than Enterprise customers are used to with IP.

Ethernet-based CFM can test for the most basic connectivity tests (ping) to path tracing (traceroute) over

both unicast and service-specific multicast trees (tracetree & tracemroute), as well as network performance

monitoring (latency/jitter measurements) via Continuity Check Message (CCM) and Y.1731 extensions.

Figure 2 Comparison of SPB’s Simplicity with Traditional Protocol Stack

The benefits of delivering MPLS service types over an SPB-based Fabric are many. To start, MPLS is

complex and relies on a multitude of control plane protocols each with its own complexities and protocol

layer dependencies. Being able to deliver an Ethernet-based Fabric with a single control plane (IS-IS)

supporting all of the same service types as MPLS/EVPN but without needing to engineer the backbone with

OSPF, Multiprotocol BGP, BGP Route Reflectors, LDP, and PIM-SM makes for an easier life for enterprise

network administrators, both in terms of design and maintenance, but inevitably in terms of cost.

Layer 3 Virtualization Overview

L3 Virtualization is designed to support the concept of multi-tenancy. Enterprise networks can separate

portions of the network into separately addressed “communities of interest,” or logical segments. This

improves enterprise security by isolating unrestricted communications to only those members of the

specific logical segment. Inter-segment communications may be controlled by using stateful firewalls with

interfaces residing in each of the network segments, or through carefully applied inter-segment route

leakage policies, or a combination of both.

The deployment of virtualized L3 routing domains over an SPB Ethernet Fabric is achieved in a manner that

bears many similarities with the MPLS-based IPVPNs. Virtualized L3 routing domains in Fabric Connect are

called Layer 3 Virtual Service Networks (L3 VSNs). Every L3 routing domain is terminated on a Virtual

Router and Forwarding (VRF) entity on a BEB, usually located on the distribution layer nodes. These nodes

exchange I-SID-IPv4 (or I-SID-IPv6) routes via IS-IS well defined Type Length Values (TLVs). These TLVs

exist in the IS-IS Link State Data Base (LSDB) of the SPB Fabric, but will only be inspected by nodes where

the same L3 VSN I-SID is terminated.

Core nodes (BCBs) take no notice of these TLVs and simply forward packets based on the shortest path

towards the destination BMAC. The BEB distribution nodes participating in the L3 VSN service have directly

connected interfaces for access layer subnets that can be extended to edge switches or Fabric Attached

switches. If attached to a Fabric Attached switch, the corresponding L2 VLAN can be derived either via