SPB Workshopv Day 2

SPB HANDS-ON WORKSHOP
PAT R I C I O M A R T E L O
S O L U T I O N A R C H I T E C T U R E D I R E C TO R
AGENDA DAY 1
Welcome
Collaboration tool
SPB introduction
Data plane
Control plane
Virtual LAB Platform
Hands-on Lab: Setting up the backbone
2 DAY 2
The Service Framework
Hands-on Lab: L2 services
Multicast concepts
VPN Lite and L3 VPN concepts
Hands-on Lab: L3 services
Management concepts
Hands-on Lab: Management
Misc topics
October 21
Spacewalkers Live Starting November 15th !
Check it out !
3 https://conversation.al-
enterprise.com/LP=9084?utm_campaign=2021_Q4_NET_
EML_EN_LW_SessionQ%26A&utm_medium=email&utm_s
ource=Eloqua&elqTrackId=434EFD12A57EB5982CA72E02
53D1FFDC&elq=0fcfad464eff4cb98ff67d95ea5d8a70&elq
aid=22433&elqat=1&elqCampaignId=
October 21
THE SERVICE FRAMEWORK
4
CLICK TO EDIT TITLE

October 21
WHAT IS A “SERVICE”?
An SPB service represents a VPN, or tenant, and is uniquely identified by its service
identifier, the ISID.
BEB: Backbone Edge Bridge, an SPB node that terminates services.
BCB: Backbone Core Bridge, an SPB node which is used for service transit but that does not
5 directly terminate any service
An SPB service needs only be created, or instantiated, on BEB nodes, not on BCB nodes, and
only on those BEB nodes servicing locations associated to the service.
SPB service membership information is shared across the SPB backbone by way of IS-IS TLVs
such that all SPB nodes have a consistent view of the services which are active on each
BEB. Each node then builds a service database.
October 21
Service Database
ISID BVID NODE
66 BVID A B1
B2
ISID 66 66 BVID A B2
66 BVID A B4
66 BVID A B5
B1 B3 B5 77 BVID B B1
6 77 BVID B B5
ISID 66 ISID 66
ISID 77 ISID 77
•B1, B2, B4 and B5 are BEBs because they terminate at least one Service
ISID 66
B4 •B3 is a BCB node because it does not terminate any Service, even though Services may use
it as a transit node
October 21
WHAT ARE SAPS AND SDPS?
Service Access Point: The SAP is a UNI-side logical port which binds a physical
port and specific customer traffic types (untagged, single-tagged, double-
tagged or all) to an SPB service. Multiple SAPs can be associated to the same
physical port thus multiplexing and mapping different customer traffic
7
encapsulations to different SPB services. SAPs can be statically or dynamically
created.
Service Delivery Point: The SDP is an NNI-side logical port which binds an SPB
service to a far-end BEB on which the service is instantiated. SDPs are
dynamically created in the control plane and only for those far-end BEBs with
SAPs for the specific service.
BEB nodes have at least one local SAP
BCB nodes have no local SAPs
October 21
Service Framework
B2
ISID 66
B1 B5
8
SDP X:66 SAP 1:1
SDP Y:77
SAP 2:2
ISID 66 ISID 66
ISID 66
ISID 77 ISID 77
October 21
B4
END-CUSTOMER MAC ADDRESS LEARNING
Within the SPB backbone, B-MAC addresses are learnt in the control plane through IS-IS (no
flood and learn).
End-customer devices however do not run IS-IS. Near-end end-customer MAC addresses are
bound to a SAP port whereas far-end end-customer MAC addresses are bound to SDP ports.
9 This only happens on BEB nodes and not on BCB nodes.
End-customer MAC address learning within a BEB is similar to Ethernet’s except there is no
“flooding”. BUM traffic is replicated either on ingress (head-end replication) or at the fork-
out point (tandem replication). More details in a later module.
October 21
END-CUSTOMER MAC ADDRESS LEARNING
ISID CMAC INTERFACE
66 MAC A:A SAP 1:1
66 MAC B:B SDP X:66

MAC B:B 66 MAC C:C SDP Y:66
66 MAC D:D SDP Z:66
B2 77 MAC E:E SAP 2:2

10
77 MAC G:G SDP Y:77
MAC C:C MAC A:A

ISID 66
B1 B5
SDP X:66 SAP 1:1
SDP Y:77
SAP 2:2
ISID 66 ISID 66
MAC G:G ISID 66 MAC E:E
ISID 77 ISID 77
October 21
B4
MAC D:D
Building an SPB Network
Configuring Services
1.Create services on required BEBs and map to
B2
BVLANs
2.Configure the Service Access Ports
3.Map traffic to services with SAPs
ISID 66
B1 B3 B5
4.No changes required in BCB nodes
11
SAP 1:1
ISID 66 ISID 66 •A Service Access Point (SAP) is a Virtual Port that binds specific traffic to
a Service
•A SAP can be statically defined based on port/tag combination or,
•A SAP can be dynamically created with Network Profiles based on MAC/IP
B4 rules, authentication (e.g. 802.1x) or IoT fingerprinting
ISID 66 •The Service itself can also be dynamically created.
Fully automated with iFab

October 21
Building an SPB Network
Configuring Services – What happens next?
1.IS-IS will distribute ISID information to all nodes
B2
using special TLVs.
2.SDPs are dynamically created for all far-end
nodes enabled for a given service
ISID 66
B1 B3 B5 3.End-customer MACs are bound to either SAP or
12 SDP ports
SAP 1:1
ISID 66 ISID 66
B4
ISID 66
October 21
LAB 2: CONFIGURING A L2 SERVICE
13
CLICK TO EDIT TITLE

October 21
VM2
SERVICE VIEW BEB5 BEB8

1/1/48
1/1/48
1/1/48
BEB2
1/1/53A
1/1/53A
VM5 VM8
1/1/50A
1/1/52A
1/1/52A
VM1 VM3
BEB1 BEB4
14 1/1/48 1/1/50A ISID 1001 1/1/50A 1/1/48
BVLAN 4001
1/1/51A
1/1/51A
1/1/50A
1/1/53A
1/1/54A
VM6 VM7
BEB3
1/1/48
1/1/48 1/1/48
BEB6 BEB7
October 21
VM4
CONFIGURING A L2 SERVICE
OVERVIEW
Services need only be defined on BEBs where the service needs to be delivered
No need to configure services on BCBs or other BEBs that do not terminate the service
The Service ID is locally significant to the BEB and can be different across BEBs
A service is mapped to a specific BVLAN – will use that BVLAN’s SPF
15
ISID and BVLAN that the service is mapped to must match across BEBs
Tasks
Define Service Access Ports (UNI)
Crete SPB service 1 with ISID 1001 and map it to BVLAN 4001
Define SAPs matching on un-tagged traffic
October 21
VM DETAILS
VM OOBM IP TEST 1 TEST 2 DEFAULT

User Password
[ens160] [ens192] [ens224] GATEWAY
VM1 192.168.114.201/24 192.168.10.1/24 192.168.21.1/24 192.168.21.254 user password
VM2 192.168.114.202/24 192.168.10.2/24 192.168.22.1/24 192.168.22.254 user password

16
VM3 192.168.114.203/24 192.168.10.3/24 192.168.23.1/24 192.168.23.254 user password
VM4 192.168.114.204/24 192.168.10.4/24 192.168.24.1/24 192.168.24.254 user password
VM5 192.168.114.205/24 192.168.10.5/24 192.168.25.1/24 192.168.25.254 user password
VM6 192.168.114.206/24 192.168.10.6/24 192.168.26.1/24 192.168.26.254 user password
VM7 192.168.114.207/24 192.168.10.7/24 192.168.27.1/24 192.168.27.254 user password
VM8 192.168.114.208/24 192.168.10.8/24 192.168.28.1/24 192.168.28.254 user password

October 21
CONFIGURING AN L2 SERVICE
BEB-X BCB
service access port 1/1/48

service 1 spb isid 1001 bvlan 4001
service 1 sap port 1/1/48:0
17
Yes, that’s all there is to it

October 21
SERVICE VERIFICATION
CHECK CREATED SERVICES - BEB
BEB1
BEB1> show service spb
Legend: * denotes a dynamic object
SPB Service Info
SystemId : dc08.5610.7f19, SrcId : 0x07f19, SystemName : BEB1
SAP Bind MCast
ServiceId Adm Oper Stats Count Count Isid BVlan Mode (T/R)
18 -----------+----+----+-----+-------+-------+---------+-----+--------------
1 Up Up N 1 7 1001 4001 Headend (0/0)
Total Services: 1
BEB1> show spb isis services
Legend: * indicates locally configured ISID
SPB ISIS Services Info:
System
ISID BVLAN (Name : BMAC) MCAST(T/R)
------------+-------+----------------------------------------+-----------
* 1001 4001 BEB8 : dc:08:56:10:72:49
* 1001 4001 BEB2 : dc:08:56:10:74:29
* 1001 4001 BEB4 : dc:08:56:10:77:e9
* 1001 4001 BEB7 : dc:08:56:10:78:d9
* 1001 4001 BEB1 : dc:08:56:10:7f:19
* 1001 4001 BEB5 : dc:08:56:10:80:f9
* 1001 4001 BEB6 : dc:08:56:10:85:59
October 21
* 1001 4001 BEB3 : dc:08:56:10:86:49

ISIDs: 8
CHECK CREATED SERVICES - BCB
BCB
BCB> show service spb
SPB Service Info
SystemId : dc08.5610.78d9, SrcId : 0x078d9, SystemName : BCB
SAP Bind MCast

19 ServiceId Adm Oper Stats Count Count Isid BVlan Mode (T/R)
-----------+----+----+-----+-------+-------+---------+-----+--------------
Total Services: 0
BCB> show spb isis services
Legend: * indicates locally configured ISID
SPB ISIS Services Info:
System
ISID BVLAN (Name : BMAC) MCAST(T/R)
------------+-------+----------------------------------------+-----------
1001 4001 BEB8 : dc:08:56:10:72:49
1001 4001 BEB2 : dc:08:56:10:74:29
1001 4001 BEB4 : dc:08:56:10:77:e9
1001 4001 BEB7 : dc:08:56:10:78:d9
1001 4001 BEB1 : dc:08:56:10:7f:19
1001 4001 BEB5 : dc:08:56:10:80:f9
1001 4001 BEB6 : dc:08:56:10:85:59
October 21
1001 4001 BEB3 : dc:08:56:10:86:49

ISIDs: 8
SERVICE DETAIL
BEB1
BEB1> show service spb 1
SPB Service Detailed Info
Service Id : 1, Description : ,
ISID : 1001, BVlan : 4001,
Multicast-Mode : Headend, Tx/Rx Bits : 0/0,
Admin Status : Up, Oper Status : Up,
20 Stats Status : No, Vlan Translation : No,
Service Type : SPB, Allocation Type : Static,
MTU : 9194, VPN IP-MTU : 1500,
SAP Count : 1, SDP Bind Count : 7,
RemoveIngressTag : No, Option : None,
Mgmt Change : 07/20/2021 19:06:21, Status Change : 07/20/2021 19:06:21
October 21
Check SAPs and SDPs
BEB1
BEB1> show service access
Legend: (~)Internal User Port Loopback (-)ERP Ring
Port Link SAP SAP Vlan
Id Status Type Count Xlation L2Profile Description
---------+------+-------+-------+-------+--------------------------------+---------------------------------
1/1/48 Up Manual 1 N def-access-profile
Total Access Ports: 1
21 BEB1> show service spb 1 ports
Legend: (*)Dyn Unicast (+)Remote Mcast (#)Local Mcast (~)Internal User Port Loopback (-)ERP Ring
SPB Service 1 Info
Admin : Up, Oper : Up, Stats : N, Mtu : 9194, VlanXlation : N,
ISID : 1001, BVlan : 4001, MCast-Mode : Headend, Tx/Rx : 0/0, RemoveIngTag: N
Sap Trusted:Priority/ Sap Description /

Identifier Adm Oper Stats Sdp SystemId:BVlan Intf Sdp SystemName
----------------------+----+----+-----+--------------------+--------+--------------------------------
sap:1/1/48:0 Up Up N Y:x 1/1/48 -
sdp:32799:1* Up Up N dc08.5610.7429:4001 1/1/54A BEB2
sdp:32807:1* Up Up N dc08.5610.8649:4001 1/1/53A BEB3
sdp:32813:1* Up Up N dc08.5610.77e9:4001 1/1/50A BEB4
sdp:32817:1* Up Up N dc08.5610.80f9:4001 1/1/52A BEB5
sdp:32821:1* Up Up N dc08.5610.8559:4001 1/1/51A BEB6
sdp:32825:1* Up Up N dc08.5610.78d9:4001 1/1/53A BEB7
sdp:32829:1* Up Up N dc08.5610.7249:4001 1/1/50A BEB8
October 21
Total Ports: 8
CHECK MESH SDPS
BEB1
BEB1> show service mesh-sdp spb
SPB Mesh-SDP Info
SvcId SdpId Isid FarEnd SysId:BVlan Oper Intf FarEnd SystemName
--------+----------------+---------+--------------------+----+--------+------------------
1 32799:1* 1001 dc08.5610.7429:4001 Up 1/1/54A BEB2
22 1 32807:1* 1001 dc08.5610.8649:4001 Up 1/1/53A BEB3
1 32813:1* 1001 dc08.5610.77e9:4001 Up 1/1/50A BEB4
1 32817:1* 1001 dc08.5610.80f9:4001 Up 1/1/52A BEB5
1 32821:1* 1001 dc08.5610.8559:4001 Up 1/1/51A BEB6
1 32825:1* 1001 dc08.5610.78d9:4001 Up 1/1/53A BEB7
1 32829:1* 1001 dc08.5610.7249:4001 Up 1/1/50A BEB8
Total Mesh-SDPs: 7
October 21
MAC LEARNING - BEB
BEB1
BEB1> show mac-learning domain spb
Legend: Mac Address: * = address not valid,
Mac Address: & = duplicate static address,
Domain Vlan/SrvcId[ISId/vnId] Mac Address Type Operation Interface

------------+----------------------+-------------------+------------------+-------------+-------------------------
23 SPB 1:1001 00:50:56:85:c5:3f dynamic servicing sap:1/1/48
SPB 1:1001 00:50:56:85:db:c5 dynamic servicing sdp:32799:1
SPB 1:1001 00:50:56:85:65:f7 dynamic servicing sdp:32807:1
SPB 1:1001 00:50:56:85:6d:a6 dynamic servicing sdp:32813:1
SPB 1:1001 00:50:56:85:65:5a dynamic servicing sdp:32817:1
SPB 1:1001 00:50:56:85:42:8f dynamic servicing sdp:32825:1
SPB 1:1001 00:50:56:85:ee:26 dynamic servicing sdp:32829:1
Total number of Valid MAC addresses above = 8

October 21
MAC LEARNING - BCB
BCB
BCB> show mac-learning domain spb
Legend: Mac Address: * = address not valid,
Mac Address: & = duplicate static address,
Domain Vlan/SrvcId[ISId/vnId] Mac Address Type Operation Interface

------------+----------------------+-------------------+------------------+-------------+-------------------------
24
Total number of Valid MAC addresses above = 0
October 21
SERVICE CONFIGURATION FROM OMNIVISTA
DEMO
25
October 21
L2 MULTICAST CONCEPTS
26
CLICK TO EDIT TITLE

October 21
SPB – Head-End Multicast Replication Mode
Multicast frames are replicated at the ingress BEB following Unicast Tree
Type B-MAC Port BVID
BCB2 BEB3 U 00:02 Port 2 BVID 1
ISID 77 U 00:03 Port 7 BVID 1

27
U 00:04 Port 7 BVID 1
BEB1 BCB7 BEB4 U 00:05 Port 7 BVID 1

ISID 77 U 00:06 Port 6 BVID 1
ISID 77
Can be combined with IGMP snooping to

avoid unnecessary replicas
ISID 77
BCB6 BCB5
Resource efficient, bandwidth inefficient

October 21
SPB – Tandem Multicast Replication Mode (S,G)
Multicast frames are replicated at the “fork” point, based on Multicast Tree
Type B-MAC Port BVID Out Intf

BCB2 BEB3
ISID 77
28 U 00:05 Port 5 BVID 1

BEB1 BCB7 BEB4
M 00:0W Port 1 BVID 1 Port 3/4/5
ISID 77
ISID 77
M 00:0X Port 3 BVID 1 Port 1/5
M 00:0Y Port 4 BVID 1 Port 1
M 00:0Z Port 5 BVID 1 Port 1/3

ISID 77
BCB6 BCB5 For multicast-heavy applications
Bandwidth efficient, but consumes more resources
October 21
SPB – TANDEM MULTICAST REPLICATION MODE (*,G)
One tree per BVLAN similar to Spanning Tree

Root B node is chosen according to bridge priority
The multicast tree will not be a SPT and unicast/multicast congruency is lost
It’s a compromise between the other two modes
29
Can be a good option when all or most traffic flows through the root bridge
For example: in transportation, a lot of the multicast traffic will flow to or from the OCC
Medium bandwidth efficiency, medium resource utilization

October 21
L3 SERVICES CONCEPTS
30
CLICK TO EDIT TITLE

October 21
L3 FOR CUSTOMER A / VRF A
10.0.1.0/24 BEB 1 BEB 2 10.0.2.0/24

.254 .1 .254
.2
Site 1 Site 2
31
ISID 10
10.0.0.0/24
OSPF area 0
10.0.3.0/24 10.0.4.0/24
.254 .4
.3 .254
Site 3 Site 4
BEB 3
October 21
BEB 4
L3 FOR CUSTOMER B / VRF B
20.0.1.0/24 BEB 1 BEB 2 20.0.2.0/24

.254 .1 .254
.2
Site 1 Site 2
32
ISID 20
20.0.0.0/24
OSPF area 0
20.0.3.0/24 20.0.4.0/24
.254 .4
.3 .254
Site 3 Site 4
BEB 3
October 21
BEB 4
L3 FOR CUSTOMER C / VRF C
30.0.1.0/24 BEB 1 BEB 2 30.0.2.0/24

.254 .1 .254
.2
Site 1 Site 2
33
ISID 30
30.0.0.0/24
OSPF area 0
30.0.3.0/24 30.0.4.0/24
.254 .4
.3 .254
Site 3 Site 4
BEB 3
October 21
BEB 4
Q&A
Q: Is that a VPN LITE or a L3 VPN?

A: This is what we call a VPN LITE
Q: What are the pros of a VPN LITE?
34
A: It’s simple. You can run whatever routing protocol you want (OSPF, IS-IS, BGP)
or even use static routes. From a routing point of view, it’s like interconnecting
routers with a VLAN, except it’s an SPB SERVICE, not a VLAN.
Q: What are the cons of a VPN LITE design?
A: Multiple routing protocol instances with associated configuration and control
plane load. In this simple example, we need to configure OSPF x 12. The more
sites and customers you have, the more complicated it gets, the more mistakes
you can make.
October 21
L3 VPN / IETF DRAFT
SAME TOPOLOGY, DIFFERENT CONTROL PLANE
10.0.1.0/24 BEB 1 BEB 2 10.0.2.0/24

.254 .1 .254
.2
Site 1 Site 2
35
ISID 10
10.0.0.0/24
IS-IS
10.0.3.0/24 10.0.4.0/24
.254 .4
.3 .254
Site 3 Site 4
BEB 3
October 21
BEB 4
HOW DO WE PROPAGATE ROUTES IN A L3 VPN?
10.0.1.0/24 BEB 1 BEB 2 10.0.2.0/24

.254 .1 .254
.2
Site 1 Site 2
36
ISID 10
10.0.0.0/24
IS-IS
10.0.3.0/24 10.0.4.0/24
.254 .4
.3 .254
Site 3 Site 4
BEB 3
October 21
BEB 4
WHAT HAPPENS INSIDE VRF A’S ROUTING TABLE?
Export local customer VRF routes to IS-IS, associate

to customer’s ISID and bind to WAN address
BEB 1
10.0.1.0/24
37
.254 .1
Site 1
ISID 10
Import far-end IS-IS routes associated
to the customer’s ISID into the 10.0.0.0/24
October 21
customer’s VRF and set the far-end

WAN IP address as next hop. IS-IS
Q&A
Q: What are the pros of L3 VPN compared to VPN Lite?

A: There’s no need to configure any routing instance other than the one we already use for SPB. It greatly
simplifies configuration and reduces load on control plane. Convergence time is also improved because
there’s no protocol overlay and no compounding of convergence times. Convergence time is that of IS-IS.
38 Q: So why would anyone keep using VPN Lite then?
A: L3 VPN is great within the SPB domain, but when you need to integrate with other non-SPB networks,
you need OSPF/IS-IS/BGP so you would still use VPN Lite at least on a few “border” nodes. It is also more
intuitive at first.
Q: Can you do both L3 VPN and VPN Lite on the same node?
A: Yes
Q: But I thought you only redistribute connected routes
A: You can redistribute connected, static, dynamic or any route that’s in the VRF’s routing table and you
can filter with route-maps also.
October 21
Q&A
Q: How do you choose between L2 service and L3 service

A: It depends on the use case. For instance, a service interconnecting Data Centre locations normally needs
to be a L2 service for HA and/or VM mobility. Some IoT applications such as Biomedical devices require L2
services also. Unless the use case requires a L2 service, choose a L3 service.
39 Q: Why?
A: Because L3 services are more scalable. IP address space is hierarchical and can be summarized whereas
MAC address space is flat and cannot be summarized. L3 services do not rely on “broadcast”.
October 21
IN-LINE, HAIRPIN AND FRONT-PANEL
40 LOOPBACK
October 21
ROUTING: LOGICAL VIEW
SINGLE-PASS TWO-PASS WITH EXTERNAL FRONT-PANEL LOOPBACK
HAIRPIN
VLAN 11
VLAN 1
41
ISID 2
VLAN + SAP ALL IN ONE PORT
VLAN PORT SAP PORT
ISID 1 ISID 1
VLAN 1 VLAN 1
October 21
ip interface vlan_1 address 10.1.2.1/24 vlan 1 ip interface vlan_1 address 10.1.2.1/24 vlan 1
ip interface service_1 address 10.1.1.1/24 service 1 ip interface vlan_11 address 10.1.1.1/24 vlan 11 LATER…
ip interface service_2 address 10.1.3.1/24 service 2 vlan 11 member port 1/1/1 tagged
service spb 1 sap port 1/1/2:11
ROUTING: PHYSICAL VIEW
SINGLE-PASS TWO-PASS WITH EXTERNAL FRONT-PANEL LOOPBACK
LOOPBACK
VLAN 11
VLAN 11
42
ISID 2
VLAN PORT SAP PORT
VLAN + SAP ALL IN ONE
1/1/1 1/1/2
PORT OR LAG
ISID 1 ISID 1
VLAN 1 VLAN 1
October 21
ip interface vlan_1 address 10.1.2.1/24 vlan 1 ip interface vlan_1 address 10.1.2.1/24 vlan 1
ip interface service_1 address 10.1.1.1/24 service 1 ip interface vlan_11 address 10.1.1.1/24 vlan 11 LATER…
ip interface service_2 address 10.1.3.1/24 service 2 vlan 11 member port 1/1/1 tagged
service spb 1 sap port 1/1/2:11
Q&A
Q: What are the advantages of front-panel loopback vs physical hairpin?

A: There’s no need to connect a cable, there’s no need for transceivers, fewer points of
failure, you can configure it remotely in a migration.
43 Q: What if I want redundancy?

A: You can add ports to a lag and use the lag as loopback. Physical ports can spread across
different slots in a VC
Q: Can I designate any port as loopback?
A: Yes. Bear in mind, the last 5 ports default to auto-VFL ports so you will need to remove
that configuration if you want to use any of those ports as loopback port.
October 21
LAB 3: CONFIGURING A L3VPN SERVICE
44
CLICK TO EDIT TITLE

October 21
VM2
SERVICE VIEW BEB5 BEB8

1/1/48
1/1/48
1/1/48
BEB2
1/1/53A
1/1/53A
VM5 VM8
1/1/50A
1/1/52A
1/1/52A
VM1 VM3
BEB1 BEB4
45 1/1/48 1/1/50A
ISID 1002 1/1/50A 1/1/48
BVLAN 4002
192.168.20.0/24
1/1/51A
1/1/51A
1/1/50A
1/1/53A
1/1/54A
VM6 VM7
BEB3
1/1/48
1/1/48 1/1/48
BEB6 BEB7
October 21
VM4
CONFIGURING A L3VPN SERVICE
OVERVIEW
SITE TEST IP LAN IP WAN IP SITE VLAN TAG DUMMY VLAN TAG
VM1 192.168.21.1/24 192.168.21.254/24 192.168.20.1/24 1009 3100
VM2 192.168.22.1/24 192.168.22.254/24 192.168.20.2/24 1010 3100

46
VM3 192.168.23.1/24 192.168.23.254/24 192.168.20.3/24 1011 3100
VM4 192.168.24.1/24 192.168.24.254/24 192.168.20.4/24 1012 3100
VM5 192.168.25.1/24 192.168.25.254/24 192.168.20.5/24 1013 3100
VM6 192.168.26.1/24 192.168.26.254/24 192.168.20.6/24 1014 3100
VM7 192.168.27.1/24 192.168.27.254/24 192.168.20.7/24 1015 3100
VM8 192.168.28.1/24 192.168.28.254/24 192.168.20.8/24 1016 3100

October 21
CONFIGURING A L3 SERVICE
OVERVIEW
OmniSwitch 6900-V72 BEBs support front-panel loopback port for L3 VPN

Tasks
Remove SAP configuration from port 1/1/48
Create “LAN” VLAN and tag it on port 1/1/48
47 Configure port 1/1/49A as the loopback port
Configure port 1/1/49A as Service Access Port
Create SPB service 2 with ISID 1002 and map it to BVLAN 4002
Define SAP for WAN side of loopback port matching on “Dummy” VLAN tag
Create VRF “L3 Service”
Create “LAN” and “WAN” side IP interfaces on the VRF, WAN interface as RTR port using
dummy VLAN and front panel loopback port
Bind VRF/ISID to WAN interface
Configure route import/export
October 21
BEB1
no service 1 sap port 1/1/48:0
no service access port 1/1/48
vlan 1009 name "Site_1"
vlan 1009 members port 1/1/48 tagged
interfaces port 1/1/49A loopback
48
service access port 1/1/49A
service 2 sap port 1/1/49A:3100
vrf create L3_Service
ip interface "LAN" address 192.168.21.254 mask 255.255.255.0 vlan 1009
ip interface "WAN" address 192.168.20.1 mask 255.255.255.0 vlan 3100 rtr-port port
1/1/49A tagged
ip export all-routes
ip import isid 1002 all-routes
exit
spb ipvpn bind vrf L3_Service isid 1002 gateway 192.168.20.1 all-routes
October 21
BEB2
49
1/1/49A tagged
exit
October 21
BEB3
50
1/1/49A tagged
exit
October 21
BEB4
51
1/1/49A tagged
exit
October 21
BEB5
52
1/1/49A tagged
exit
October 21
BEB6
53
1/1/49A tagged
exit
October 21
BEB7
54
1/1/49A tagged
exit
October 21
BEB8
55
1/1/49A tagged
exit
October 21
VERIFYING AN L3 SERVICE
CHECK ROUTES
BEB1
L3_Service::BEB1> show ip routes
+ = Equal cost multipath routes

Total 10 routes
56
Dest Address Gateway Addr Age Protocol
------------------+-------------------+----------+-----------
127.0.0.1/32 127.0.0.1 00:02:27 LOCAL
192.168.20.0/24 192.168.20.1 00:02:24 LOCAL
192.168.21.0/24 192.168.21.254 00:02:24 LOCAL
192.168.22.0/24 192.168.20.2 00:01:53 IMPORT
192.168.23.0/24 192.168.20.3 00:01:34 IMPORT
192.168.24.0/24 192.168.20.4 00:01:13 IMPORT
192.168.25.0/24 192.168.20.5 00:01:05 IMPORT
192.168.26.0/24 192.168.20.6 00:00:52 IMPORT
192.168.27.0/24 192.168.20.7 00:00:43 IMPORT
October 21
192.168.28.0/24 192.168.20.8 00:00:31 IMPORT

VERIFYING AN L3 SERVICE
CHECK BEB INTERFACE REACHABILITY
BEB1
L3_Service::BEB1> show arp
Total 8 arp entries

Flags (P=Proxy, A=Authentication, V=VRRP, B=BFD, H=HAVLAN, I=INTF, M=Managed)
IP Addr Hardware Addr Type Flags Port Interface Name

57 -----------------+-------------------+----------+-------+-----------------+-----------+-------------------------------
--
192.168.20.2 dc:08:56:10:74:29 DYNAMIC 1/1/49A WAN
192.168.20.3 dc:08:56:10:86:49 DYNAMIC 1/1/49A WAN
192.168.20.4 dc:08:56:10:77:e9 DYNAMIC 1/1/49A WAN
192.168.20.5 dc:08:56:10:80:f9 DYNAMIC 1/1/49A WAN
192.168.20.6 dc:08:56:10:85:59 DYNAMIC 1/1/49A WAN
192.168.20.7 dc:08:56:10:78:d9 DYNAMIC 1/1/49A WAN
192.168.20.8 dc:08:56:10:72:49 DYNAMIC 1/1/49A WAN
192.168.21.1 00:50:56:85:0c:e8 DYNAMIC 1/1/48 LAN
October 21
NETWORK MANAGEMENT CONCEPTS
58
CLICK TO EDIT TITLE

October 21
SPB NODE MANAGEMENT
Out of band management through EMP port

In-band management with inline routing:
Use this option when all nodes support single-pass inline routing.
Simply create a “Management” SPB service and VRF.
59 Create management IP interfaces on the “Management” Service and VRF.
October 21
SPB NODE MANAGEMENT
In-band management when not all nodes support single pass inline routing:
Create “Management” VRF.
Create “Management” IP interface in Control BVLAN and in “Management” VRF
IP routes and MAC-to-IP mapping advertised through IS-IS – no ARP
60 No flooding: can put all management IP interfaces in same subnet even with many nodes
Route import/export at gateway nodes
October 21
IN-BAND MANAGEMENT EXAMPLE
BEB 1 BEB 3
.1 .3
61
Management BVLAN 4000
172.16.1.0/24
Management VRF
.4
.2
October 21
BEB 2 BEB 4
LAB 4: NETWORK MANAGEMENT
62
CLICK TO EDIT TITLE

October 21
IN-BAND MANAGEMENT EXAMPLE
172.16.2.100/24
BEB 1 BEB 3
.1 .3
63 Management
OSPF Area 0
BVLAN 4000
172.16.1.0/24
Management VRF
.4
.2
October 21
BEB 2 BEB 4
CONFIGURING IN-BAND NETWORK MANAGEMENT
OVERVIEW
BEB-1 and BEB-2 are gateway nodes

VLAN-Domain MGMT Subnet is 172.16.2.0/24
SPB-Domain MGMT Subnet is 172.16.1.0/24
Loopback0 MGMT IP is 172.16.3.X/32
64
Redistribute to/from spb-mgmt protocol at gateway nodes
Apply route maps at gateway nodes to avoid circular route redistribution loops in case of
redundant gateways.
October 21
OVERVIEW
BEB1 BEB2 BEB3 BEB4 BCB5 BCB6 BCB7 BCB8
Management VRF Management
SPB Domain MGMT IP 172.16.1.1/24 172.16.1.2/24 172.16.1.3/24 172.16.1.4/24 172.16.1.5/24 172.16.1.6/24 172.16.1.7/24 172.16.1.8/24
Management Loopback0 172.16.3.1 172.16.3.2 172.16.3.3 172.16.3.4 172.16.3.5 172.16.3.6 172.16.3.7 172.16.3.8
65 MGMT BVLAN 4000
VLAN Domain MGMT IP 172.16.2.2/31 172.16.2.4/31 - - - - - -
MGMT VLAN 1000 1000 - - - - - -
VLAN-Domain MGMT Port 1/1/17 1/1/17
VLAN-Domain MGMT Station 172.16.2.100/24

October 21
SAMPLE CONFIGS – GATEWAY NODES
BEB1
vrf create Management
ip interface "Management-SPB" address 172.16.1.1 mask 255.255.255.0 vlan 4000
ip interface "Management-VLAN" address 172.16.2.1 mask 255.255.255.254 vlan 1000 rtr-port port 1/1/17 untagged
ip interface Loopback0 address 172.16.3.1
ip router router-id 172.16.3.1
ip load ospf
66 ip ospf area 0.0.0.0
ip ospf interface "Management-VLAN"
ip ospf interface "Management-VLAN" area 0.0.0.0
ip ospf interface "Management-VLAN" type point-to-point
ip ospf interface "Management-VLAN" admin-state enable
ip ospf admin-state enable
ip route-map "vlan-mgmt-routes" sequence-number 50 action permit
ip route-map "vlan-mgmt-routes" sequence-number 50 match ip-address 172.16.2.100/32 redist-control all-subnets
permit
ip route-map "spb-mgmt-routes" sequence-number 50 action permit
ip route-map "spb-mgmt-routes" sequence-number 50 match ip-address 172.16.3.0/24 redist-control all-subnets permit
ip redist ospf into spb-mgmt route-map "vlan-mgmt-routes" admin-state enable
ip redist spb-mgmt into ospf route-map "spb-mgmt-routes" admin-state enable
ip service all admin-state enable
October 21
SAMPLE CONFIGS – GATEWAY NODES
BEB2
ip interface "Management-VLAN" address 172.16.2.3 mask 255.255.255.254 vlan 1000 rtr-port port 1/1/17 untagged
ip router router-id 172.16.3.2
ip load ospf
67 ip ospf area 0.0.0.0
ip ospf interface "Management-VLAN"
ip ospf interface "Management-VLAN" area 0.0.0.0
ip ospf interface "Management-VLAN" type point-to-point
ip ospf interface "Management-VLAN" admin-state enable
ip ospf admin-state enable
ip route-map "vlan-mgmt-routes" sequence-number 50 action permit
ip route-map "vlan-mgmt-routes" sequence-number 50 match ip-address 172.16.2.100/32 redist-control all-subnets
permit
ip route-map "spb-mgmt-routes" sequence-number 50 action permit
ip route-map "spb-mgmt-routes" sequence-number 50 match ip-address 172.16.3.0/24 redist-control all-subnets permit
ip redist ospf into spb-mgmt route-map "vlan-mgmt-routes" admin-state enable
ip redist spb-mgmt into ospf route-map "spb-mgmt-routes" admin-state enable
October 21
SAMPLE CONFIGS – OTHER NODES
BEB3
68 BEB4
BEB5
October 21

SAMPLE CONFIGS – OTHER NODES
BEB6
69 BEB7
BEB8
October 21

VERIFICATION
BEBX
vrf Management
ping 172.16.100.2 source-interface Loopback0
Management::BEB3> show ip routes

+ = Equal cost multipath routes
Total 11 routes
70
Dest Address Gateway Addr Age Protocol
------------------+-------------------+----------+-----------
127.0.0.1/32 127.0.0.1 1d22h LOCAL
172.16.1.0/24 172.16.1.3 1d22h LOCAL
172.16.2.100/32 172.16.1.1 00:16:29 SPB-MGMT
172.16.3.1/32 172.16.1.1 1d22h SPB-MGMT
172.16.3.2/32 172.16.1.2 1d22h SPB-MGMT
172.16.3.3/32 172.16.3.3 1d22h LOCAL
172.16.3.4/32 172.16.1.4 1d22h SPB-MGMT
172.16.3.5/32 172.16.1.5 1d22h SPB-MGMT
172.16.3.6/32 172.16.1.6 1d22h SPB-MGMT
172.16.3.7/32 172.16.1.7 1d22h SPB-MGMT
October 21
172.16.3.8/32 172.16.1.8 1d22h SPB-MGMT

MISCELLANEOUS TOPICS
71
CLICK TO EDIT TITLE

October 21
TUNING IS-IS METRIC
50000
DC1
DC2
10000 10000
✓ Link Default Metric (regardless bw) = 10
✓ Metric can be modified to reflect link
speed and to influence logical topology: 10000 10000
lower metric = higher priority. 10000 10000
72 ✓ The permitted value is 1–16777215

✓ The metric of a LAG link should be set Speed Suggested Metric
according to the physical link speed
without adjustment for extra bandwidth* 100G 1000
50G 2000
✓ The metric must match both sides of a
40G 2500
link or else the highest metric is used
25G 4000
✓ Example: The metric for the link between 10G 10000
DC1 and DC2 may be increased to prevent
1G 100000
station-2-station traffic from using this
October 21
link in normal circumstances.

SPANNING TREE
NNI Ports
• STP is automatically disabled for all BVLANs
• If standard VLANs are configured to run alongside BVLANs on NNI ports, then STP can
be used on those VLANs
73
UNI Ports
• By default, UNI (SAP) ports will tunnel STP BPDUs. This is good when a site LAN
connects to multiple BEBs.
• But we should still be careful to keep all sites as separate STP domains when we share
ISIDs across sites. This could be done with MSTP Regions and Max Hops.
• If each site connects to a single BEB and there are no backdoors, then the SAP can be
configured to discard STP BPDUs.
• Use LBD to avoid loops created with backdoors between sites or multiple connections
to a BEB (see next section)
October 21
LOOPBACK DETECTION
SPB SPB SPB

Backbone Backbone Backbone
BEB-A BEB-B BEB-A BEB-B BEB-A BEB-B
74
Port in switch with highest BridgeID Port in switch with highest BridgeID Port with highest PortID is shut down
is shut down is shut down
✓Faults and miss configurations at the Access Layer can create loops, resulting in
broadcast storms.
✓LBD sends special frames out of LBD-enabled ports on all SAPs and if the frame is
received it concludes there is a loop. When a loop is detected, the port is disabled and a
trap is sent.
October 21
✓LBD should be enabled on SPB Access Ports !

L2 SERVICES
An ISID is a “broadcast” domain.

SAPs can map a single VLAN tag or multiple VLAN tags
HOWEVER, if you are mapping multiple VLAN tags then you are effectively
75 bridging those VLANS.
This is usually NOT RECOMMENDED and only makes sense in very specific use
cases
Recommendation: Map VLANs to Services on a one-to-one basis
VLAN tags can be different on different SAPs associated to the same service.
Some SAPs can be tagged while others are unatagged or double tagged. Use
VLAN TRANSLATION whenever a given service uses multiple SAP encapsulations.
October 21
POINT TO POINT SERVICES
BCB (or transit) nodes do not need to learn end-client MAC addresses
But BEB nodes do
Except, in point-to-point services, because there’s a single possible SDP
By explicitly defining a service as point-to-point, no end-client MAC addresses will be learnt
76
on BEBs either.
This is recommended to improve scalability.
October 21
77
QUESTIONS?
October 21
Spacewalkers Live Starting November 15th !
Check it out !
78
https://www.spacewalkers.com/news/1st-
network-tech-days-taking-off-november-15th/
October 21
THANK YOU!

SPB Workshopv Day 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SPB Workshopv Day 2

Uploaded by

Copyright:

Available Formats

SPB HANDS-ON WORKSHOP

CLICK TO EDIT TITLE

ISID BVID NODE

ISID CMAC INTERFACE

66 MAC A:A SAP 1:1

66 MAC B:B SDP X:66

66 MAC D:D SDP Z:66

B2 77 MAC E:E SAP 2:2

MAC C:C MAC A:A

Fully automated with iFab

CLICK TO EDIT TITLE

SERVICE VIEW BEB5 BEB8

VM OOBM IP TEST 1 TEST 2 DEFAULT

VM2 192.168.114.202/24 192.168.10.2/24 192.168.22.1/24 192.168.22.254 user password

VM4 192.168.114.204/24 192.168.10.4/24 192.168.24.1/24 192.168.24.254 user password

VM5 192.168.114.205/24 192.168.10.5/24 192.168.25.1/24 192.168.25.254 user password

VM6 192.168.114.206/24 192.168.10.6/24 192.168.26.1/24 192.168.26.254 user password

VM7 192.168.114.207/24 192.168.10.7/24 192.168.27.1/24 192.168.27.254 user password

VM8 192.168.114.208/24 192.168.10.8/24 192.168.28.1/24 192.168.28.254 user password

service access port 1/1/48

Yes, that’s all there is to it

* 1001 4001 BEB3 : dc:08:56:10:86:49

SAP Bind MCast

1001 4001 BEB3 : dc:08:56:10:86:49

Sap Trusted:Priority/ Sap Description /

Mac Address: & = duplicate static address,

Domain Vlan/SrvcId[ISId/vnId] Mac Address Type Operation Interface

Total number of Valid MAC addresses above = 8

Mac Address: & = duplicate static address,

Domain Vlan/SrvcId[ISId/vnId] Mac Address Type Operation Interface

CLICK TO EDIT TITLE

Type B-MAC Port BVID

BCB2 BEB3 U 00:02 Port 2 BVID 1

ISID 77 U 00:03 Port 7 BVID 1

BEB1 BCB7 BEB4 U 00:05 Port 7 BVID 1

Can be combined with IGMP snooping to

Resource efficient, bandwidth inefficient

U 00:01 Port 1 BVID 1

U 00:02 Port 2 BVID 1

U 00:06 Port 6 BVID 1

M 00:0Y Port 4 BVID 1 Port 1

M 00:0Z Port 5 BVID 1 Port 1/3

One tree per BVLAN similar to Spanning Tree

Medium bandwidth efficiency, medium resource utilization

CLICK TO EDIT TITLE

10.0.1.0/24 BEB 1 BEB 2 10.0.2.0/24

20.0.1.0/24 BEB 1 BEB 2 20.0.2.0/24

30.0.1.0/24 BEB 1 BEB 2 30.0.2.0/24

Q: Is that a VPN LITE or a L3 VPN?

10.0.1.0/24 BEB 1 BEB 2 10.0.2.0/24

10.0.1.0/24 BEB 1 BEB 2 10.0.2.0/24

Export local customer VRF routes to IS-IS, associate

customer’s VRF and set the far-end

Q: What are the pros of L3 VPN compared to VPN Lite?

Q: How do you choose between L2 service and L3 service

Q: What are the advantages of front-panel loopback vs physical hairpin?

43 Q: What if I want redundancy?

CLICK TO EDIT TITLE

SERVICE VIEW BEB5 BEB8

VM1 192.168.21.1/24 192.168.21.254/24 192.168.20.1/24 1009 3100

VM2 192.168.22.1/24 192.168.22.254/24 192.168.20.2/24 1010 3100

VM4 192.168.24.1/24 192.168.24.254/24 192.168.20.4/24 1012 3100

VM5 192.168.25.1/24 192.168.25.254/24 192.168.20.5/24 1013 3100