Network Virtualization using Extreme Fabric Connect

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesHigh-end Wiring Closet Switches

Table Of Contents

Table of Contents
Table of Contents
Table of Contents
Table of Figures
Table of Figures
Table of Tables
Conventions
Introduction
Reference Architecture
- Shortest Path Bridging Fabric
- Layer 3 Virtualization Overview
- Layer 2 Virtualization Overview
- Data Center Virtualization Overview
- Fabric Connect Positioning
Guiding Principles
- Fabric Connect and Fabric Attach
- Fabric Extend
- Data Center Architecture
Architecture Components
- User to Network Interface
- Network to Network Interface
- Backbone Core Bridge
- Backbone Edge Bridge
- Customer MAC Address
- Backbone MAC Address
- SMLT-Virtual-BMAC
- IS-IS Area
- IS-IS System ID
- IS-IS Overload Function
- SPB Bridge ID
- SPBM Nick-name
- Dynamic Nick-name Assignment
- Customer VLAN
- Backbone VLAN
- Virtual Services Networks
- I-SID
- Inter-VSN Routing
- Fabric Area Network
- Fabric Attach / Auto-Attach
- FA Server
- FA Client
- FA Proxy
- FA Standalone Proxy
- VPN Routing and Forwarding Instance
- Global Router Table
- Distributed Virtual Routing
  - DVR Domain
  - DVR Controller
  - DVR Leaf
  - DVR Backbone
- Zero Touch Fabric (ZTF)
Foundations for the Service Enabled Fabric
- SPB Service primitives
- SPB Equal Cost Trees (ECT)
IP Routing and L3 Services over Fabric Connect
- Core IGP / GRT IP Shortcuts
- Virtualized L3 VPNs / L3 VSNs
- VPN Security Zones / IP IS-IS Accept Policies
- ISIS IP Route Types and Protocol Preference
L2 Services Over SPB IS-IS Core
- E-LAN / L2 VSNs with CVLAN/Switched UNI
- E-LINE / L2 VSNs with Transparent UNI
- E-TREE / L2 VSNs with Private-VLAN UNI
Fabric Attach
- FA Element Signalling
- FA Service Assignment (I-SID) Signalling
- FA Message Authentication
- FA Zero Touch Provisioning
IP Multicast Enabled VSNs
- Initial Considerations
- IP Multicast Over SPB
- Multicast Services
- SPB Multicast PIM Gateway
  - Deployment Model with PIM-SM
  - PIM Gateway with PIM-SSM
- Inter VSN IP Multicast
Extending the Fabric Across the WAN
- Fabric Extend
- Fabric Extend over IPVPN Service
- Fabric Extend over the Public Internet with IPSec
- Fabric Extend over E-LAN/VPLS Service
- Fabric Extend over E-LINE Service
- VSN Extend with VXLAN Gateway
Distributed Virtual Routing
- Traffic Tromboning Challenges
- DVR Deployment Model
- DVR Host Tracking and Traffic Forwarding
- Eliminating North-South Tromboning
- DVR limitations and Design Alternatives
Quality of Service
- Initial Considerations
- QoS Implementation Over SPB
- QoS Considerations with Fabric Extend
Consolidated Design Overview
- Campus Distribution
- Data Center Distribution
- Data Center Access
High Availability
- System Level Resiliency
  - Hardware Component Redundancy
  - High-Availability Mode
- Network Level Resiliency
- Human Level Resiliency
  - Loop Detection and Protection Mechanisms
Fabric and VSN Security
- Address Space, Routing, and Traffic Separation
- Concealment of the Core Infrastructure
  - Extreme’s Fabric Connect Stealth Networking
- Resistance to Attacks
- Impossibility of Spoofing Attacks
- Stealth Networking Design Guidelines
Fabric as Best Foundation for SDN
Glossary
Reference Documentation
Revisions

Network Virtualization Using Extreme Fabric Connect

Caution

Transparent UNIs should not be assigned to the same I-SID as CVLAN or Switched UNI.

Figure 32 Transparent UNI

E-TREE / L2 VSNs with Private-VLAN UNI

An E-TREE service type is an enhanced version of an E-LAN L2 VSN that uses a CVLAN UNI where the

VLAN used is a Private-VLAN. A Private-VLAN is a special VLAN construct where port members can be

assigned one of three possible roles:

• Promiscuous role: Devices connected to these ports are able to communicate with every other

device in the same L2 segment. Promiscuous ports are usually untagged ports that are only

members of the Private-VLAN.

• Isolated role: Devices connected to these ports are only able to communicate with devices hanging

off Promiscuous ports. Isolated ports are usually untagged ports that are only members of the

Private-VLAN.

• Trunk role: These ports must be used to q-tag extend a Private-VLAN between two switches. A

Trunk port is always q-tagged and can carry one or more Private-VLANs as well as other regular

VLAN ids.

When a Private-VLAN is created, it is necessary to provide two VLAN-IDs: a Primary VID and a Secondary

VID. In general, a Promiscuous port will always transmit traffic on the primary VID but will receive traffic

from both the primary and secondary VIDs. An Isolated port will transmit traffic into the secondary VID and

will only receive traffic from the primary VID. Both VIDs share the same MAC table and are both q-tagged

on Trunk ports. This is the industry standard IEEE 802.1Q implementation of Private-VLANs used by many

networking vendors as well as server hypervisor vendors such as VMware with ESX.

Extreme Networks Fabric Connect conforms to this implementation and enhances it to seamlessly operate

over the SPB Fabric by being able to assign an L2 VSN I-SID to a Private-VLAN with end-point provisioning.