Fabric Connect (SPBM) & DCN

Fabric Connect (SPBm) & DCN
Workshop & Demonstration for Colissimo
Redouane BACHIR – Sr. Systems Engineer CCIE #63630

April 2020
What is Fabric Connect?
Powerful network virtualization technology (aka Fabric Network):
• Services abstracted from Infrastructure
• User traffic invisible to the network core
• Services operate as ships in the night
Layer 3 Layer 3 IPv6

virtualized* Layer 2
unicast
Technology attributes:
virtualized E-LAN E-Tree
unicast Service Service Service
Layer 3* Layer 3 Service
Network virtualized Service multicast (shortcut)
IPv6* VXLAN* E-Line
Services multicast
Service
Service
(shortcut)
Service Service Service
• Forwards traffic based on Ethernet

Switched Paths
• L2/3 service abstraction layer

Infrastructure
• Control plane is based on IS-IS

routing
• Controllerless technology
Abstracting Service from Infrastructure: Network as a Plug & Play Utility • Functions as an underlay as well as
an overlay technology
2 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Virtualization of logical networks
IP subnet 3 IP subnet 2
VLAN 30
VLAN 30 L2-VSN VLAN 30 L3-VSN L3-VSN
IP subnet 1 IP subnet 2 IP subnet 1 L2-VSN IP subnet 1
Logical
Physical
Fabric Attach Fabric Connect
FA/UNI NNI NNI
BVLAN #1
BVLAN #2
FA-Proxy FA-Server / BEB BCB BEB
§ Users and application reside in virtualized networks (VSNs)

§ Physical infrastructure is decoupled from virtual networks
§ Different user groups or applications can be easily segregated
§ Simpler deployment model for IPv4/IPv6 networks
Complex Protocol Stack vs Fabric Connect Simplicity
Traditional Protocol Stack Fabric Connect
MPLS layers
e.g. Draft Rosen
Connectivity Services independent from Infrastructure
Layer 3 Virtualized
Multicast Service Protocol
Infrastructure
Horizontally Independent
Top – Down Vertical dependency

e.g. RFC 4364
Layer 3 Virtualized Unicast Protocol
Service Layer 3 Layer 3 Layer 3 Layer 3
Infrastructure virtualized virtualized Multicast unicast Layer 2
Virtualized
multicast unicast Service Service
Service
e.g. VPLS Service Service IPSC IPSC
Cisco‘s Layer 2 Virtualized Unicast
Protocol
OTV Service Infrastructure
e.g. PIM
Layer 3 Multicast Service
Protocol
Infrastructure
e.g. RIP/OSPF
Layer 3 Unicast Protocol
Service Infrastructure
Layer 2 Virtualized 802.1D/Q e.g. 802.1q/D

TRILL /
Service Protocol
IP/SPB, L2/SPB Fabric
FabricPath (STP/VLAN) Single IS-IS Control Plane Attach
Infrastructure
Physical Physical
Ethernet Ethernet
Infrastructure Infrastructure
CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Shortest Path Bridging - Fabric
§ Enable IS-IS Globally
§ Enable IS-IS per interface
§ IS-IS forms adjacencies Extreme Management Center
‒ Discovers core topology

‒ Calculate Shortest Path to every node
‒ Programs forwarding entries in BVLANs BEB BEB BEB
BEB
§ Important Properties
‒ Shortest path based on link metrics with no blocked paths
‒ Reverse Path Forwarding Check (RPFC) eliminates loops BCB BCB
‒ Symmetric data path between any two nodes provides BEB
closed OAM system BEB
‒ Unicast path calculated from every node to every other BCB

BEB BEB
node
‒ Ability to calculate service specific multicast delivery trees
‒ No IP configuration required inside the Fabric
‒ Network becomes a Fabric

Shortest Path Bridging - Fabric Configuration
spbm
router isis
manual-area 49.0000
spbm 1
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 nick-name 0.00.81
system-id 02bb.0000.8100
exit
vlan create 4051 name "B-VLAN-1" type spbm-bvlan
vlan create 4052 name "B-VLAN-2" type spbm-bvlan
interface GigabitEthernet 3/16,4/1

isis
isis spbm 1
isis enable
no spanning-tree mstp force-port-state enable
exit
router isis enable

Traditional versus Fabric Connect
Traditional
VLAN 10 VLAN 10
VLAN 10 VLAN 10
Switched Ethernet network
I-SID 20010
FABRIC
VLAN 10 VLAN 10
Fabric Connect / IS-IS Routing

Layer 2 Service (Overlay GRE or VXLAN tunnel)
VXLAN / GRE Tunnel

Traditional
IP subnet 1 IP subnet 2
VLAN 10 VLAN 10
Routed Network (OSPF)
I-SID 20010
FABRIC
VLAN 10 VLAN 10

Shortest Path Bridging – L2VSN Service
§ Provision service at the edge
‒ Create VLAN
‒ Create I-SID Extreme Management Center
‒ Attach VLAN to I-SID

‒ IS-IS advertise service to the network
BEB BEB BEB
‒ Shortest path used BEB
‒ Path congruence VLAN 20
‒ FDB is updated with service entries

BCB I-SID 2000020 BCB
BEB
BEB
BCB
BEB BEB
VLAN 20

Layer 3 Virtual Private Networks
VRF-lite deployment
Traditional
Tenant A VRF VRF VRF VRF Tenant A

OSPF OSPF OSPF OSPF 10.1.2.0/24
10.1.1.0/24
Tenant X VRF VRF VRF VRF

Tenant X
10.1.1.0/24 OSPF OSPF OSPF OSPF 10.2.1.0/24
L3 Virtual Service Network I-SID 200

Tenant A Tenant A
FABRIC
10.1.1.0/24 10.1.2.0/24
Tenant X Tenant X
10.1.1.0/24 L3 Virtual Service Network I-SID 300 10.2.1.0/24

Shortest Path Bridging – L3VSN Service
‒ Create VRF
‒ Create VLANs Extreme Management Center
‒ Assign VLANs to VRF

‒ Create IP Networks in VLANs
BEB BEB BEB
‒ Create I-SID BEB
VLAN / IP Net 1
‒ Attach VRF to I-SID
VLAN / IP Net 2
BCB I-SID 3000001 BCB
‒ IS-IS advertise service to the network BEB
‒ Routing Table is updated with service entries BCB

BEB BEB
‒ IPv4 and IPv6 networks
‒ Local networks have to be redistributed
VLAN / IP Net 3 VLAN / IP Net 4

IPv4 / IPv6 Unicast Routing
OSPF OSPF RIP RIP

Traditional
OSPFv3 OSPFv3 RIPng RIPng VLAN 12

VLAN 11
10.1.2.0/24 10.2.1.0/24
OSPF and RIP for IPv4

OSFPv3 and RIPng for IPv6
IP Shortcut (Next Hop = Dest. Hop)

FABRIC
VLAN 11 VLAN 12
10.1.2.0/24 10.2.1.0/24
Fabric Connect / IS-IS Routing for IPv4

and IPv6
Shortest Path Bridging – IP Shortcut Service
§ Default routing instance
‒ Global Routing Table created by default
‒ Easy configuration for Fabric management Extreme Management Center
‒ No I-SID (shortcut)
‒ Prefer L3VSN to attach users
BEB BEB BEB
‒ But users can be attached BEB
VLAN / IP Net 1
VLAN / IP Net 2
‒ Create VLANs BCB BCB
‒ Create IP Networks in VLANs BEB
‒ IS-IS advertise service to the network BEB

BCB
BEB
‒ Routing Table is updated with service entries
‒ IPv4 and IPv6 networks
‒ Local networks have to be redistributed
VLAN / IP Net 3 VLAN / IP Net 4

Shortest Path Bridging – L2VSN & L3VSN Service
§ Offers Routing between Servers to Users Users
§ Provision service at the edge VLAN / IP Net 1
‒ Create L2VSN VLAN / IP Net 2 Extreme Management Center
‒ Create L3VSN
‒ Attach L2VSN to L3VSN BEB
BEB BEB
BEB
§ Routing anywhere in the Fabric
‒ L3VSN or IP Shortcut
‒ IPv4 and IPv6 networks BCB
I-SID 3000001
BCB
BEB
BEB
VLAN 21
IP Net3
BCB
BEB I-SID 2000021 BEB
VLAN 21 VLAN 21
DC-1 DC-2

Shortest Path Bridging – L2VSN & L3VSN Service
§ Offers Routing between Servers to Users Users
§ Provision service at the edge VLAN / IP Net 1
‒ Create L2VSN VLAN / IP Net 2 Extreme Management Center
‒ Create L3VSN
‒ Attach L2VSN to L3VSN BEB
BEB 3000001
I-SID BEB
BEB
§ Routing anywhere in the Fabric
‒ L3VSN or IP Shortcut VRRP
‒ IPv4 and IPv6 networks BCB BCB
VLAN 21 VLAN 21
§ Use VRRP for Redundancy BEB IP Net3 IP Net3
‒ VRRP in the Fabric BEB
‒ RSMLT/VRRP at the edge BEB

BCB
BEB
I-SID 2000021
§ Distributed Virtual Routing in DC
VLAN 21 VLAN 21
DC-1 DC-2

Distributed Virtual Routing - DVR
Campus
§ Routing Optimization in Data Center HOST ROUTE
IN ROUTING TABLE
§ Improves VRRP concept
‒ Virtual IP for Default Gateway
Fabric Attach
‒ No hello messages
Core
‒ No master/backup
§ Performs routing at leaf Fabric
Connect
§ Configuration on Controller
‒ Leaf get VLAN/IP/Mcast/VRF VRRP REDISTRIBUTE
SPINE MASTER HOST ROUTE
SWITCHING
ROUTING SPINE DVR Controller
• Attach port to vlan
• Endpoint tracking
LEAF LEAF DVR Leaf
§ Host route to local controller
‒ No east-west tromboning
§ Controller can redistribute host route L2 segment 1
‒ No north-south tromboning L2 segment 2
Data Center 1 Data Center 2

Endpoint Tracking - EPT
§ Dynamic assignment of virtual machines (vm) to
VLAN/IP subnets. SPINE SPINE
‒ no need to manually configure server VLANs on L2VSN
data center access switches LEAF
VLAN
I-SID
L2VSN VLAN
I-SID LEAF
VLAN
‒ vmware or HyperV I-SID
802.1Q
Designed for data center (DC) scenario with
802.1Q
§ Hypervisor
virtual machines (vm) connecting to DVR. servers
Hypervisor management RADIUS

§ Also work with regular SPB deployments. calls
§ Virtual machines (vm) learned from hypervisor Extreme

Hypervisor API
HyperV vmware
§ ExtremeConnect SCCM vCenter
Management
Center
§ Accept policies automatically created

L2 segment 1
§ Dynamic assignment is done using Radius server.
L2 segment 2
§ ExtremeControl
Data Center 1 Data Center 2

IPv4 Multicast Routing
PIM-SM PIM-SM
Traditional
PIM-SM PIM-SM
OSPF OSPF OSPF OSPF IGMP Snoop
IGMP Snoop
Sender 1 Receiver 1
PIM Rendezvous
Point
IP Shortcut (Next Hop = Dest. Hop)

FABRIC
IGMP Snoop IGMP Snoop

Sender 1 Receiver 1

*Can also be virtualized within a L2/L3 service

Shortest Path Bridging – Multicast Service
Receiver
§ A Multicast Stream received at the edge is automatically
mapped into a dedicated I-SID
IGMP
Join 239.0.0.10
‒ Class D IP address Extreme Management Center

‒ IS-IS advertise service to the network
Multicast Sender BEB BEB BEB
BEB
‒ Stream is not forwarded Group 239.0.0.10
‒ Receiver has to request flow IPMC I-SID 16000001
‒ IGMP at the edge

BCB BCB
‒ Only one copy BEB
‒ Service constrained within L2VSN, L3VSN or IP-Shortcut BEB
‒ No need for PIM ot DVMRP complexity BCB

BEB BEB
Join
IGMP
239.0.0.10
Receiver
IGMP
Join 239.0.0.10
Receiver

Summary of Fabric Connect Services
FA-Proxy BEB + FA-Server BCB BEB
§ All services can be IP
INFRASTRUCTURE
multicast enabled FA/UNI NNI NNI UNI
‒ Snooping VLAN 2 VLAN 4

IP Shortcut
‒ Routing 1.0.1.0/24 IP Shortcut 1.0.4.0/24
3000:0:1::0/64 3000:0:4::0/64
VLAN 10 I-SID 2000010 VLAN 10

§ L2VSN service types can L2VSN
also be combined with a VLAN 15 I-SID 2015017 VLAN 17
rich selection of UNI access

VLAN 101 VLAN 102
types : 1.10.1.0/24 I-SID 3000001 1.10.2.0/24
3000:10:1::0/64 3000:10:2::0/64
‒ CVLAN UNI
VIRTUALIZED SERVICES
L3VSN
‒ Switched UNI VLAN 201 VLAN 202
1.20.1.0/24 I-SID 3000002 1.20.2.0/24
‒ Transparent UNI 3000:20:1::0/64 3000:20:2::0/64
‒ ETREE UNI
VLAN 21
I-SID
VLAN 21 1.30.21.0/24
L2VSN 2000021
3000:30:21::0/64 VLAN 302
+ I-SID 3000003 1.30.2.0/24
L3VSN VLAN 22 3000:30:2::0/64
I-SID
20 VLAN 22 1.30.22.0/24 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
2000022
3000:30:22::0/64
L2VSN – UNI types - C-VLAN UNI
FC BEB or Fabric Connect

FA Proxy node
q-tag VLAN id 10
Tagged UNI
q-tag VLAN id 11 Port 1 VLAN10 L2VSN I-SID 2000010
PVID=12
untagged traffic
UNI
VLAN11 L2VSN I-SID 2000011
Untagged
untagged traffic Port 2 UNI
PVID=12 VLAN12 L2VSN I-SID 2000012
FC BEB : vlan i-sid <vlan-id> <i-sid>

FA Proxy ERS : i-sid <i-sid> vlan <vlan-id>
FA Proxy XOS : vlan <vlan-id> add isid <i-sid>
§ UNI is a VLAN (Customer VLAN = C-VLAN)

§ VLAN has global significance (Platform VLAN) on the BEB / FA-Proxy
§ Platform VLAN can have IP interface assigned (on BEB) and/or activated for SPB IP Multicast support
§ VLAN performs L2 switching on local VLAN port members & transports over L2VSN for remote end-points
§ Untagged traffic is assigned to VLAN corresponding to PVID configured on port
§ On tagged port, use UntagPVIDOnly mode to force PVID traffic to also go out untagged
§ Supported across all SPB capable VSP & ERS platforms and all FA-Proxy capable platforms
§ Not supported on DVR-Leaf
L2VSN – UNI types - Switched UNI
BEB node Fabric Connect
q-tag VLAN id 10 Tagged

L2VSN I-SID 2000010
q-tag VLAN id 11 UNI Port 1 ERS Stackables: vlan create <vlan-id> type spbm-switchedUni
i-sid <i-sid> vlan <vlan-id> port <port>
L2VSN I-SID 2001011
VOSS VSP: interface gigabitEthernet <port>|mlt <mlt-id>
q-tag VLAN id 10 flex-uni enable
UntagPVIDonly
exit
untagged traffic UNI Port 2 L2VSN I-SID 2000002 i-sid <i-sid> elan
c-vid <vid> port <port>
c-vid <vid> mlt <mlt-id>
untagged-traffic port <port> [bpdu enable]
untagged-traffic mlt <mlt-id> [bpdu enable]
exit
§ UNI is a VLAN-id on a Port or MLT § Untagged traffic

‒ VLAN id only has local significance ‒ On Stackables can be picked up by setting the port to
on the Ethernet port / MLT UntagPVIDonly and setting the PVID on the port (not BPDUs)
§ Same VLAN-id can be re-used on different ports and belong to a ‒ On VOSS VSPs there is an express command and the optional
different I-SID ability to pick up BPDUs with it as well
§ Different VLAN-id on different (or same Stackables only) ports § Switched UNIs and CVLAN UNIs can be assigned to the same I-SID
can be assigned to same I-SID § Supported in VSP7024 10.2, ERS4800 5.7, ERS5900 7.0, ERS4900
‒ can do VLAN Mapping on local switch 7.1 and VOSS VSPs 5.0

L2VSN – UNI types - Transparent UNI
BEB node Fabric Connect
q-tagged traffic Transparent

untagged traffic UNI Port 1 L2VSN I-SID 2100001 ERS Stackables:
VOSS VSP: i-sid <i-sid> elan-transparent
port <port> | mlt <mlt-id>
exit
q-tagged traffic Transparent
UNI Port 2 L2VSN I-SID 2100002
untagged traffic
§ UNI is an Ethernet port / MLT § Reverse MAC learning is still used, so can be used with 3 or more
§ Ethernet UNI port / MLT is not VLAN tag aware end-points in an any-any service
§ Packets with or without a VLAN q-tag are transported into the ‒ NOTE: Learning across all VLANs (Shared VLAN learning)
L2VSN § MLT Transparent UNI ports are supported (on VOSS VSPs even
§ Untagged control traffic (STP, VLACP, LACP, LLDP, etc) is with LACP)
transparently forwarded § Transparent UNIs should not be assigned to the same I-SID as
‒ VLACP/LACP PDUs are forwarded (VOSS: unless configured on Switched UNI or CVLAN UNIs as this would create inconsistencies
UNI port / MLT) in the handling of egress q-tags
‒ Flow Control Pause frames remain link local and are not
transported CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
L2VSN – UNI types - ETREE UNI
§ A Private VLAN (PVLAN) allows member ports to Hypervisor
be take one of 3 possible roles:
‒ Isolated: No communication with other
Isolated ports in VLAN and across ETREE BEB node BEB node
Fabric
service; always untagged Promiscous Connect Trunk
‒ Promiscuous: Connectivity with all devices in Untagged Port 1 tagged Port 1
the PVLAN and across ETREE service; always Vswitch
untagged Private Private
Isolated
VLAN L2VSN 2200001 VLAN
‒ Trunk: Use to interconnect PVLAN to other Untagged Port 2
101/102 101/102
PVLAN capable devices (e.g. VMware ESX)
§ Fabric Connect uniquely allows PVLANs to be Isolated Isolated
Untagged Port 3 Untagged Port 2
extended as a L2VSN service by simply assigning
an I-SID to the PVLAN/CVLAN
§ Switched UNIs and regular CVLAN UNIs can be
assigned to the same ETREE I-SID in which
case they will have Promiscuous connectivity into
the service
‒ However, if doing so, the CVLAN/Switched UNI
must use the exact same VLAN-id as the
PVLAN Primary VLAN-id, since these VLAN-ids
are used within the ETREE L2VSN service

Connectivity Fault Management - CFM
§ IEEE 802.1ag CFM 802.1ag Maintenance levels/hierarchy
‒ Maintenance hierarchies Customer demarcs
Adapt Adapt
‒ Layer 2 Ping
Service OAM (SID)
‒ Layer 2 Traceroute UNI UNI
Link Link
‒ Layer 2 Tracetree Link OAM
Trunk OAM
Link OAM Link OAM
‒ Layer 2 Tracemroute
§ CFM Level Hierarchies
Edge NNI Transit NNI Edge
‒ Service (e.g., all BEBs supporting Switch Link Switch Link Switch
common service instance)
‒ CMAC CFM (use level 6 or 7)
Conceptually:
‒ Network (e.g. all devices common to a monitor the trunk or the service
domain) … or both
‒ SPBM CFM (use level 4 or 5)
Service
§ ITU Y.1731 Performance Monitoring Trunk
‒ Frame Delay 802.1ag
‒ Frame Delay Variation
802.1ag
‒ Frame Loss

Flexible, Integrated WAN with Fabric Extend
Fabric Extend Tunnel Carrying Multiple Services
Concept
PCI DSS Service
• Fabric Extend enables the extension of Extreme’s
Fabric Connect fabric/ services over third party VIDEO Service
networks PATIENT RECORDS Service
• Multiple fabric services encapsulated into VXLAN or IMAGING Service

encrypted VXLAN tunnels
Benefits
• Allows extending SPB/Fabric Connect over a 3rd party
networks to enable a unified fabric.
• Transparently extends Fabric Connect L2/3 services Internet/ WAN
with only end point provisioning. 3rd party core
• One tunnel can extend many services / segments
Building #1 Building #2
• Use cases: Data Center Interconnect, connection of
fabric islands, interconnection of remote locations
“When we acquire new practices and locations, we can
configure the new sites in less than a week, compared to an
industry average of one month” - ProMedica

Fabric Connect Deployment model
WLAN AP FA Clients
Wireless Access DMZ / Internet
Comprises… Fabric
Attach
FC: Fabric Connect
FA Proxies FA Proxies
Wiring Closet
• 802.1aq Shortest Path Campus BEB BEB BEB BEB
Bridging (SPB) Distribution
SPB Backbone
FA: Fabric Attach
BEB
(Fabric Connect)
BCB BCB
Branch Core
• 802.1Qcj Automatic
BEB
Internet
SPB extended
Attachment to Provider BEB
over WAN
(Fabric Extend) BCB BCB
Backbone Bridging BEB

BEB
FE: Fabric Extend BEB BEB BEB BEB

BEB
Data Centre Distribution /
• Over the WAN or IP DVR Controller (Spine)
transport using VXLAN

Server Access / DVR Leaf
(TOR / Leaf)
L2 BEBs / DVR Leaf L2 BEBs / DVR Leaf
Fabric Attach
Hypervisors
Fabric Connect Simplicity
Comparaison configuration underlay en CLI
Fabric Connect EVPN/VXLAN
BEB1:1(config)#spbm Leaf1(config)# mtu 9216
BEB1:1(config)#router isis Leaf1(config)# ip mtu 9168
BEB1:1(config-isis)#spbm 1 Leaf1(config)# interface Ethernet 0/3
BEB1:1(config-isis)#spbm 1 b-vid 4051,4052 primary 4051 Leaf1(conf-if-eth-0/3)# ip address 10.20.10.0/31
BEB1:1(config-isis)#spbm 1 nick-name 0.00.41 Leaf1(conf-if-eth-0/3)# description To-Spine1
BEB1:1(config-isis)#manual-area 49.0000 Leaf1(conf-if-eth-0/3)# no shut
BEB1:1(config-isis)#system-id 02bb.0000.4100 Leaf1(conf-if-eth-0/3)# exit
BEB1:1(config-isis)#exit Leaf1(config)# interface Loopback 2
BEB1:1(config)#interface gigabitEthernet 1/11-1/14 Leaf1(config-Loopback-2)# ip address 10.10.10.1/32
BEB1:1(config-if)#isis Leaf1(config-Loopback-2)# no shut
BEB1:1(config-if)#isis spbm 1 Leaf1(config-Loopback-2)# exit
BEB1:1(config-if)#isis enable Leaf1(config)# router bgp
BEB1:1(config-if)#exit Leaf1(config-bgp-router)# local-as 64100
BEB1:1(config)#vlan create 4051 type spbm-bvlan Leaf1(config-bgp-router)# fast-external-fallover
BEB1:1(config)#vlan create 4052 type spbm-bvlan Leaf1(config-bgp-router)# neighbor 10.20.10.1 remote-as 65000
BEB1:1(config)#router isis enable Leaf1(config-bgp-router)# neighbor 10.20.10.1 bfd
Leaf1(config-bgp-router)# neighbor 10.30.10.1 remote-as 65000
Leaf1(config-bgp-router)# neighbor 10.30.10.1 bfd
Leaf1(config-bgp-router)# address-family ipv4 unicast
Leaf1(config-bgp-ipv4u)# maximum-paths 8
Leaf1(config-bgp-ipv4u)# exit
Leaf1(config-bgp-router)# address-family l2vpn evpn
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 encapsulation vxlan
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 allowas-in 1
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 enable-peer-as-check
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 activate
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 encapsulation vxlan
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 allowas-in 1
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 enable-peer-as-check
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 activate
29 Leaf1(config-bgp-evpn)# exit CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Leaf1(config-bgp-router)# address-family ipv4 unicast
Leaf1(config-bgp-ipv4u)# network 10.10.10.1/32
Comparaison d’ajout d’un service en CLI
Fabric Connect EVPN/VXLAN
Association d’un VLAN à un Service Association d’un VLAN à un Service
BEB1:1(config)#vlan create 42 name MyVlan type port-mstprstp 0 Leaf1(config)# vlan 100
BEB1:1(config)#vlan members add 42 1/9 Leaf1(config-vlan-100)# suppress-arp
BEB1:1(config)#vlan i-sid 42 12000555 Leaf1(config-vlan-100)# suppress-nd
Leaf1(config-vlan-100)# exit
Leaf1(config)# interface Ethernet 0/1
Leaf1(conf-if-eth-0/1)# switchport
Leaf1(conf-if-eth-0/1)# switchport mode trunk
Leaf1(conf-if-eth-0/1)# switchport trunk allowed vlan add 100
Leaf1(conf-if-eth-0/1)# no shut
Leaf1(conf-if-eth-0/1)# exit
Leaf1(config)# evpn evpn1
Leaf1(config-evpn-evpn1)# route-target both auto ignore-as
Leaf1(config-evpn-evpn1)# rd auto
Leaf1(config-evpn-evpn1)# vlan add 100
Leaf1(config-evpn-evpn1)# exit
Leaf1(config)# overlay-gateway PoD1
Leaf1(config-overlay-gw-PoD1)# type layer2-extension
Leaf1(config-overlay-gw-PoD1)# ip interface Loopback 2
Leaf1(config-overlay-gw-PoD1)# map vni auto
Leaf1(config-overlay-gw-PoD1)# activate
Leaf1(config-overlay-gw-PoD1)# exit

XIQ SE
XMC : Introduction
ExtremeControl ExtremeAnalytics ExtremeManagement ExtremeCompliance
• Contrôle d'accès réseau granulaire • Visibilité et contrôle des applications • Alarme et gestion des événements • Solution de conformité des
basé sur les rôles et priorités de couche 7 configurations réseaux
• Configuration, inventaire et gestion
• Évaluation flexible • 1000s signatures applicatives du changement entièrement automatisée
personnalisation des app.
• Application de la conformité • Zero Touch Provisionning • Analyse et évalue les
• Tableaux de bord, diagnostics et configurations réseau pour la
• Portails d'invités et de remédiation dépannage • Capacity Planning
conformité
• Suivi des utilisateurs et des systèmes • Découverte et topologie
• État, performances et signalement • Rapports de modèles de
d'extrémité des menaces • Fabric Manager conformité prêts à l'emploi et
• Réponse d'incident automatisée définis par l'utilisateur, prêts à
l'emploi et prêts à l'emploi
ExtremeConnect
• Permet l'automatisation et l'intégration avec VMware, MS, OpenStack, BYOD, MDM, sécurité, NGFW, etc.
• Fournit un accès direct à l'API Open Management Center - Build-Your-Own-Integration
XMC : Comprendre votre infrastructure
§ Tableaux de bord pour comprendre les
utilisateurs, les équipements réseaux et
bien plus
§ Rapports temps réel et historique
§ Vue détaillées des équipements filaires

et sans fil
§ Analyse du trafic IPFIX et Netflow
§ Comprendre les alarmes et évènements
33
XMC : Exploitez votre infrastructure
§ Voir
§ Statuts des équipements
§ Localisation des machines
§ Identité des utilisateurs
§ Gérer
§ Mise à jour des équipements
§ Alarmes et évènements
§ Gestion des Configurations
§ Rapports
§ FlexViews
§ Statistiques
§ Historique d’Alarmes
§ Diagnostiques
34
XMC : ZTP+
§ Automatisation des déploiements :
§ Mise à jour de l’équipement
§ Configuration de tous les paramètres
§ Ajout dans XMC
Extreme
DNS DHCP MGMT
P1
P2
P1
FAN
1
2
1
ACT Level
Management
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Cloud
TM
STACK NO. CONSOLE Summit X670V
My IP Request 1
Extreme
My IP Response Control
extremecontrol.<domainname> ExtremeControl ExtremeCloud

2
devices.extremenetworks.com inside the outside the
Lookup IP address firewall firewall
3 CONNECT HTTP PUT
CONNECT Response
IMAGEUPGRADE Response
CONFIGURATION Response
35
XMC : Fabric Manager
§ Voir
§ Statuts des équipements
§ Topologie de la Fabric
§ Liste des Services
§ Provisionner
§ Création de Services
§ Affectation de Services
§ Diagnostiques
§ Voir les chemins de la Fabric
§ PingFabric
§ TracerouteFabric
36
XMC : Workflow
Automatisez la routine :
• Provisionnez automatiquement
l'ensemble de votre réseau avec
Zero Touch sécurisé (Gagnez du
temps sur les opérations
• Élimine les erreurs humaines et
s'adapte automatiquement aux
changements
37
XMC : ExtremeConnect
§ Une API ouverte

– Intégration avec l’éco-
système IT
§ Sécurisation de bout-en-
bout
– DC
– MDM
– NGFW
– Etc.
Roadmap/New features
VOSS 8.3 : Increased Automation to Improve Efficiency
AUTOMATED ON-BOARDING (XMC/XIQ)

AUTOMATED SELF FORMING FABRIC

Universal Hardware – 7000 Series
Enterprise Universal Hardware
7000 Series
VOSS EXOS
Details
• XIQ agent
• LEM Advanced Software License
• VOSS and EXOS support
• Secure Boot capable
Enterprise SKUs
• 7720: 32x100G
• 7520: 48xSFP28 + 8x100G
• 7520: 48x10GBT + 6x100G

Démo
Global Topology
Site 1 Site 2
BCB1-1 BCB2-1
Router @
BEB1-1 BEB2-1
Fabric
Extend (via
x695)
BEB1-2
BEB2-2
BCB1-2 BCB2-2
PC SHOWROOM
PC MEETING ROOM
BCB1-1 : VSP7400-48Y BCB2-1 : VSP7400-48Y

BCB1-2 : VSP7254XSQ BCB2-2 : VSP-8404
BEB1-1 : VSP4900-48P BEB1-1 : VSP-4450GSX-PWR+
BEB1-2 : VSP4900-48P BEB1-2 : VSP-4450GSX-PWR+
43
EndPoint Tracking
BCB1-1 BCB2-1
Fabric ESXi 1 : 192.168.254.130

Extend (via ESXi 2 : 192.168.254.131
x695)
Vcenter : 192.168.20.200
1/9 1/9 Debian : 192.169.1.200
Shuttle Shuttle
ESXi-1 ESXi-2
VM Debian
Vmotion

Summary
Top 10 Things You Need to Know About Fabric Connect
1. More Than Just a Spanning Tree Replacement

2. More Than Just the Data Center
3. Accelerates Time-to-Service Through Edge-Only Provisioning
4. Natively Supports Data Center Interconnect
5. Delivers PIM-Free IP Multicast That is Scalable, Resilient, and Easy to Manage
6. Inherent Secure/Stealth Capabilities
7. “Lightening Fast” Convergence Times (Sub-Second)
8. Scalability to 16 Million Unique Services
9. It Offers Proven Interoperability with Third Party SPB Implementations
10. An Important Foundation for a Truly Automated Network
11. Single Pan Of Glass with XIQ SE

47

Fabric Connect (SPBM) & DCN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fabric Connect (SPBM) & DCN

Uploaded by

Copyright:

Available Formats

Fabric Connect (SPBm) & DCN

Workshop & Demonstration for Colissimo

Redouane BACHIR – Sr. Systems Engineer CCIE #63630

Layer 3 Layer 3 IPv6

• Forwards traffic based on Ethernet

• L2/3 service abstraction layer

• Control plane is based on IS-IS

2 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

VLAN 30 L2-VSN VLAN 30 L3-VSN L3-VSN

IP subnet 1 IP subnet 2 IP subnet 1 L2-VSN IP subnet 1

Fabric Attach Fabric Connect

FA/UNI NNI NNI

FA-Proxy FA-Server / BEB BCB BEB

§ Users and application reside in virtualized networks (VSNs)

Traditional Protocol Stack Fabric Connect

Top – Down Vertical dependency

Layer 2 Virtualized 802.1D/Q e.g. 802.1q/D

‒ Discovers core topology

‒ Unicast path calculated from every node to every other BCB

5 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

interface GigabitEthernet 3/16,4/1

6 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Switched Ethernet network

Fabric Connect / IS-IS Routing

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

VXLAN / GRE Tunnel

Routed Network (OSPF)

Fabric Connect / IS-IS Routing

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

‒ Attach VLAN to I-SID

‒ Path congruence VLAN 20

‒ FDB is updated with service entries

9 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Tenant A VRF VRF VRF VRF Tenant A

Tenant X VRF VRF VRF VRF

L3 Virtual Service Network I-SID 200

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

‒ Assign VLANs to VRF

‒ Routing Table is updated with service entries BCB

VLAN / IP Net 3 VLAN / IP Net 4

11 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

OSPF OSPF RIP RIP

OSPFv3 OSPFv3 RIPng RIPng VLAN 12

OSPF and RIP for IPv4

IP Shortcut (Next Hop = Dest. Hop)

Fabric Connect / IS-IS Routing for IPv4

‒ IS-IS advertise service to the network BEB

‒ Shortest path used BEB

VLAN / IP Net 3 VLAN / IP Net 4

13 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

§ Provision service at the edge VLAN / IP Net 1

‒ Create L2VSN VLAN / IP Net 2 Extreme Management Center

14 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

§ Provision service at the edge VLAN / IP Net 1

‒ Create L2VSN VLAN / IP Net 2 Extreme Management Center

‒ RSMLT/VRRP at the edge BEB

15 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

‒ No north-south tromboning L2 segment 2

Data Center 1 Data Center 2

virtual machines (vm) connecting to DVR. servers

Hypervisor management RADIUS

§ Virtual machines (vm) learned from hypervisor Extreme

§ Accept policies automatically created