Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

Note

Fabric Extend with IP fragmentation is supported with the Fabric Connect VPN XA1400

platforms as well as with the Extreme Networks VSP4450/4850 platforms (latter require

use of the Open Network Adapter - ONA).

Note

Fabric Extend with IPsec encryption is supported with the Fabric Connect VPN XA1400

platforms.

Data Center Architecture

The Extreme Networks Fabric Connect provides an ideal multitenant architecture for the data center where

both L2 and L3 VSN service types can be tightly integrated, fully supports IP Multicast applications, and

remains topology agnostic to adapt to small- and large-scale data centers alike.

For smaller size data centers, the ToR switches can be intermeshed using high speed 40GbE interconnects

which in turn reduces the overall cost of the solution. This is because the data center distribution layer no

longer needs to aggregate the same amount of ToR uplinks as the east-west traffic flows are handled via

the ToR high speed interconnects.

Figure 10 Smaller (Meshed) vs Larger (Spine-Leaf) Topologies

For larger scale data centers where it becomes impractical to fully mesh or interconnect the ToR switches

or where the east-west bandwidth requirements exceed the ToR single high speed Ethernet uplink speed,

the topology of choice is spine-leaf, which ensures a consistent lowest equal cost path and multi-path

capability between any pair of ToR switches. To achieve the multi-path capability in a spine-leaf topology,

the Fabric Connect will need to be deployed with as many BVLANs as there are spines.

Caution

Extreme’s SPB implementation currently supports two BVLANs. This could be increased

to 16 BVLANs in the future.

In larger data centers and those where multi-tenancy is required, east-west flows will often be IP routed L3

flows where the communicating VMs are located in different IP subnets of the same “tenant” VRF domain,

yet VMs can be highly mobile and are prone to being moved to any hypervisor within or across different

data centers. Having those L3 east-west flows redirected to a centralized default gateway node in the

Spine/Distribution does not necessarily ensure the shortest path and lowest latency (both VMs could even

be connected to the same ToR switch on different or the same hypervisor).

The only way to ensure that such east-west L3 flows are also switched along the shortest path, like L2

flows, is for the ToR switches to implement a distributed anycast gateway function whereby the ToR switch