Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

Figure 14 IS-IS NNI Parallel Links

In the Extreme Networks implementation, IS-IS interface authentication is also possible using either simple

password authentication or HMAC-MD5 or HMAC-SHA256 authentication. This increases security and

ensures that only trusted SPB nodes are allowed to form an IS-IS adjacency in the SPB fabric.

Backbone Core Bridge

A Backbone Core Bridge (BCB) is an SPB node with only NNIs. It is a core node whose role is purely to

transport traffic to the destination BMAC along the IS-IS shortest path. As such, a BCB only looks at the

outer MAC header of the Mac-in-Mac encapsulated traffic it switches; it does not look at the I-SID

information and is completely unaware of the information and addressing within the virtual network (VSN)

traffic it transports. There are no VRFs or user-VLANs configured on a BCB node, and therefore the BCB

node does not learn any end-station MAC addresses nor does it hold any IP routes for the L3 VSNs it

transports. Hence the Ethernet Fabric SPB Core can scale to a virtually unlimited number of services.

Tip

An SPB BCB node is conceptually identical to an MPLS P node.

Typically, a BCB node is provisioned with one single IP interface in the default Global Routing Table (GRT),

on a circuit-less loopback, purely for management (e.g., SSH, SNMP) purposes.

Backbone Edge Bridge

A Backbone Edge Bridge (BEB) is an SPB node with both UNI and NNI interfaces. Its role is to terminate

virtual networks (VSNs) onto a locally defined VRF (in the case of L3 VSN) or user-VLANs (in the case of L2

VSN). It is the BEB’s responsibility to add or remove the Mac-in-Mac encapsulation for traffic entering or

leaving the SPB fabric. A BEB must take an active role in the existence of all the VSNs it terminates by

holding all the necessary IP routes in the VRFs as well as learning all the user MAC addresses it sees in the

user-VLANs defined on it. Naturally a BEB will have a scaling limit with the number of VRFs it supports (and

hence the number of L3 VSNs it can terminate), the number of IP routes it can scale to (and hence the

number of L3 VSNs and their cumulative number of IP routes), the number of VLANs it supports, and the

number of MAC addresses it can learn across those VLANs (and hence L2 VSNs). It is therefore important

to select the right platform to meet the required scaling needs. Note however that even if a BEB reaches its

VSN scaling limit, this is in no way limiting the wider Ethernet Fabric, as one can always provision additional

BEB nodes to scale to more VSNs over the same fabric.

In general, a BEB also performs a BCB function in that it can act as transit node and be part of the shortest

path between other SPB BEB nodes (i.e., it can also switch traffic between its NNIs). The BCB function of a

BEB node can be manually turned off by enabling the IS-IS overload bit, which will result in IS-IS not

computing any shortest paths via this BEB node.

Tip

An SPB BEB node is conceptually identical to an MPLS PE node.