Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

Guiding Principles

The goal of network virtualization is to decouple the network users and their applications from the

underlying infrastructure so that those users and applications can be segmented from other users and

applications while still sharing the same physical network infrastructure resources (bandwidth and

connectivity). One network must therefore support many different virtual networks.

These networks become logical and their addressing (IP routes and user-VLANs where end-station MACs

are learned) is only applicable within the Virtual Services Network (VSN) to which they belong. Leveraging

network virtualization to segregate network users into different domains is always far superior than trying

to achieve and maintain the same goal by leaving all users and services in a single Global Routing Table

(GRT) with a common addressable IP address space, and then attempting to manage connectivity with

extensive use of Access Control Lists (ACLs) or by making all VLANs non-routable within the network and

performing all routing across firewall interfaces.

Figure 7 Virtualization of Logical Networks over SPB

The demarcation of physical and virtual networks has never been as rigorous as it is with SPB where the

Ethernet Fabric deals with SPB Backbone MAC addresses (BMAC) tied to the physical infrastructure and

used by IS-IS to compute the shortest path across the physical topology. End-user MAC addresses are

handled within L2 VSN service types and IP routes (IPv4 or IPv6) are advertised within L3 VSN service

types. In short, with SPB, IP routing is no longer the foundation of the network backbone, but becomes

purely a service above it.

Tip

For the sake of comparison, MPLS needs an underlying IPv4 IGP in order to operate,

which in carrier networks is contained inside the core and used only by MPLS (and LDP

and iBGP). But in Enterprise networks, this is seldom the case. MPLS deployed in an

enterprise environment is thus inconsistent in its use of VRF-0 (Global Router), which

plays a dual role of foundation of the MPLS’s heavy control plane protocol stack as well as

acting as a legitimate L3 domain for some network users and applications.

When virtualization is combined with a simple and consistent end-point provisioning based on a common

Service-ID (I-SID) concept, as is the case with Fabric Connect, we have a powerful solution for creating

virtual networks on demand.

This makes the Extreme Networks Fabric Connect architecture an ideal SDN framework, which is not based

on overlay technologies and is not limited to the data center alone but instead becomes an end-to-end

network foundation and enables a highly automated and programmable SDN edge

with IEEE 802.1Qcj

See Fabric and VSN Security on page 154.