CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Similar documents
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

VXLAN: Scaling Data Center Capacity. White Paper

WHITE PAPER. Network Virtualization: A Data Plane Perspective

Avaya VENA Fabric Connect

Virtualization, SDN and NFV

Virtual Private LAN Service on Cisco Catalyst 6500/6800 Supervisor Engine 2T

Extending Networking to Fit the Cloud

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Analysis of Network Segmentation Techniques in Cloud Data Centers

Multitenancy Options in Brocade VCS Fabrics

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Cisco Which VPN Solution is Right for You?

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Network Virtualization for Large-Scale Data Centers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

What is VLAN Routing?

VPLS Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Simplifying. Single view, single tool virtual machine mobility management in an application fluent data center network

VXLAN Bridging & Routing

VLAN and QinQ Technology White Paper

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems

Enhancing Cisco Networks with Gigamon // White Paper

CoIP (Cloud over IP): The Future of Hybrid Networking

APPLICATION NOTE. Benefits of MPLS in the Enterprise Network

TRILL for Data Center Networks

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SDN CONTROLLER. Emil Gągała. PLNOG, , Kraków

Scalable Approaches for Multitenant Cloud Data Centers

VLANs. Application Note

ETHERNET VPN (EVPN) NEXT-GENERATION VPN FOR ETHERNET SERVICES

November Defining the Value of MPLS VPNs

How To Orchestrate The Clouddusing Network With Andn

Chapter 1 Reading Organizer

MPLS in Private Networks Is It a Good Idea?

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

TRILL Large Layer 2 Network Solution

VMDC 3.0 Design Overview

Demonstrating the high performance and feature richness of the compact MX Series

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

VMware Network Virtualization Design Guide. January 2013

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

CONNECTING PHYSICAL AND VIRTUAL WORLDS WITH VMWARE NSX AND JUNIPER PLATFORMS

ETHERNET VPN (EVPN) OVERLAY NETWORKS FOR ETHERNET SERVICES

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

VMware vcloud Networking and Security Overview

Cisco Secure Network Container: Multi-Tenant Cloud Computing

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

the Data Center Connecting Islands of Resources Within and Across Locations with MX Series Routers White Paper

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

ConnectX -3 Pro: Solving the NVGRE Performance Challenge

Visibility into the Cloud and Virtualized Data Center // White Paper

Metro Ethernet Forum Layer 2 Control Protocol handling

Data Center Convergence. Ahmad Zamer, Brocade

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

Roman Hochuli - nexellent ag / Mathias Seiler - MiroNet AG

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Network Virtualization Solutions

Network Virtualization Network Admission Control Deployment Guide

CloudEngine 1800V Virtual Switch

NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

Overview of Routing between Virtual LANs

Cisco Virtual Topology System: Data Center Automation for Next-Generation Cloud Architectures

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

How To Switch In Sonicos Enhanced (Sonicwall) On A 2400Mmi 2400Mm2 (Solarwall Nametra) (Soulwall 2400Mm1) (Network) (

Understanding PBB-TE for Carrier Ethernet

Evolution of Software Defined Networking within Cisco s VMDC

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

Virtualized Network Services SDN solution for enterprises

Top-Down Network Design

VMware

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS

MPLS/IP VPN Services Market Update, United States

How To Configure Voice Vlan On An Ip Phone

Switching Solution Creating the foundation for the next-generation data center

Using & Offering Wholesale Ethernet Network and Operational Considerations

Multi-site Datacenter Network Infrastructures

MITEL. NetSolutions. Flat Rate MPLS VPN

Network Security. Ensuring Information Availability. Security

How To Understand The Benefits Of An Mpls Network

Network Virtualization

Juniper / Cisco Interoperability Tests. August 2014

Network Configuration Example

Data Communication Networks and Converged Networks

Internetworking II: VPNs, MPLS, and Traffic Engineering

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

Building Trusted VPNs with Multi-VRF

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Computer Networking Networks

Rohde & Schwarz R&S SITLine ETH VLAN Encryption Device Functionality & Performance Tests

Transcription:

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business unit isolation and transparent subnet extensions over existing enterprise campus networks. Today s legacy campus networks are difficult to expand because they suffer from VLAN sprawl and are based on complex combinations of Multiprotocol Label Switching (MPLS) and single or double VLAN tagging. Using carrier-class technology like MPLS in the enterprise LAN creates challenges. MPLS is neither dynamic nor flexible, its complexity and reliability are costly in CAPEX and OPEX, and it is difficult to find MPLS experts who understand the enterprise needs. Alcatel-Lucent Enterprise provides a VXLAN Layer 2/Layer 3 VPN solution that fits the enterprise needs and delivers agile value-added services, while simplifying the transformation of the campus networks to meet user needs. This solution requires no MPLS expertise, keeps the deployment simple and requires minimal or no administrative intervention or changes to the network backbone. This approach streamlines the delivery of campus network services by operating as a virtualized cloud to ensure rapid provisioning and provide excellent backbone stability for 100 percent uptime. These capabilities are available at minimal or no cost to the enterprise and take advantage of current staff expertise. The result is a resilient and transparent physical infrastructure that can deliver dynamic turnkey services to the enterprise users with the agility of a cloud infrastructure provider. 2

CHALLENGE Enterprises, such as hospitals, universities, airports, as well as city networks benefit from hosting a variety of network services for different groups over a single physical infrastructure that delivers multi-tenant services through network virtualization abstractions. Services available with this infrastructure include Layer 2 and Layer 3 multi-tenancy, security zones, bridge extensions, routing domains, and data center interconnections. The following are some of the most common use cases in the enterprise. Departmental segregation: In some enterprises, different business units manage their own IP addressing space, VLANs, routing, security, and so on. This may be the result of a merger, or caused by the organizational structure; for example, different schools in a university or multiple hospitals in a health system. The IT organization acts as a service provider for the individual business units by configuring Layer 2 and Layer 3 VPNs. These VPNs provide isolation, so that these individual networks don t conflict with each other, and abstraction, so that IT and the business units need not be concerned with changes outside of their administrative domain. Virtualized networks offer protection for the infrastructure. A design principle for any network is to secure the physical infrastructure, which can be easily done with VPNs by encapsulating all traffic for the departments or business units and transporting the encapsulated traffic transparently through the core. This limits the exposure of the core network to traffic on the subnets of the business units. Each business unit can communicate within its tenancy without firewalls, and can communicate when needed with other business unit networks through firewalls. Subnet extension: Sometimes, it becomes necessary for subnets to extend across the campus to support devices or applications that rely on Layer 2 connectivity. In a case like this a Layer 2 VLAN extension is required to ensure privacy and isolation. This may be the case, for example, in a hospital with biomedical devices such as patient monitors and infusion pumps. Commonly there are hundreds of VLANs, including private VLANs and research VLANs, that have to extend from the data center to multiple buildings or from external locations to multiple buildings. Take, for example, radiology: the MRI, CAT scan and x-ray machines are all on one network with the server. The only way out of that network is through a firewall. There are machines in every hospital, on most floors, and some are mobile. The server is in one data center and the firewalls could be in another one. As a result, that one subnet has to extend to every building and data center through the core over the same routed links used by other subnets. Simple VLAN tagging can deliver this outcome, however, at the expense of creating large Layer 2 domains that become part of the backbone, which can lead to stability, scalability and performance problems (for example, large spanning trees, broadcasts, MAC learning). By contrast, Layer 2 VPNs can be used to extend subnets where required, while isolating the network from these issues. 3

SOLUTION The Alcatel-Lucent Enterprise Operating System (AOS) supports automated service delivery for secured authenticated Layer 2 and Layer 3 VPNs using network virtualization technologies, such as VXLAN and device virtualization through a high-availability virtual chassis. VXLAN is an encapsulation technology defined by IETF for tunneling Layer 2 VPNs over a Layer 3 backbone. VXLAN has been enhanced by Alcatel-Lucent Enterprise to support inter-vpn routing, service visibility and policy control in the hardware. The solution focuses on using VXLAN to create network segments overlaid on top of Layer 2 or Layer 3 campus networks. Each VXLAN network segment is independent of the underlying campus network, which may be based on a routed corporate network with arbitrary VLAN boundaries. Figure 1: VXLAN simplifies the enterprise network Beyond data center solution - Medical devices connectivity - Dynamic VLAN extension Data center to data center connectivity - Private data center over WAN - Cloud data center interconnect - Ease of migration - Allow end-to-end Layer 2 over any cloud OS-6900-Q32 VNI -> VLAN VNI -> VLAN OS-6900-Q32 VNI -> VLAN VNI ->VLAN VXLAN was originally developed for data centers server-to-server connectivity. It encapsulates the original Ethernet frame by adding a VXLAN header and uses User Datagram Protocol / Internet Protocol (UDP/IP) for transport. The VXLAN Tunneling Endpoints (s) can be implemented on the switch hardware or vswitch software bridge. An Alcatel-Lucent OmniSwitch acting as a gateway can bridge (or route) between different VXLAN segments and standard VLANs to extend Layer 2/Layer 3 environments transparently over the routed network. Each VXLAN segment is identified by a 24-bit field, known as VXLAN Network Identifier (VNI), allowing up to 16 million VXLANs compared to 4000 VLANs in 802.1Q. Like in VLANs, the OmniSwitch performs data plane source learning and orchestrated learning. 4

VXLAN support in the Omniswitch is provided under the AOS service manager as either a head-end or tandem service that is designed for carrying unicast, unknown destination, broadcast, and multicast frames by mapping the destination MAC address to the remote. The user or device access into the s can be controlled by AOS Universal Network Profiles (UNP) and Learned Port Security (LPS) features. UNPs are network policy containers where the administrator defines authentication (MAC-auth or 802.1X) policies, device classification (MAC, tag/double-tag ID, IP host/subnet or combinations) policies, access list policies, quality of service policies, quality assurance policies and application fingerprinting policies. The AOS VXLAN service consists of the following components: Access Port: a port where the user traffic ingresses or egresses. Service: a bridging domain for user traffic represented as VXLAN ID when routed over the network. Service Access Point (): a virtual port where the user traffic ingresses the service as untagged, tagged, or double-tagged. Service Distribution Point (): service binding to the far-end node (Unicast ) or a group of far-end nodes (Multicast ) to which the encapsulated tunnel traffic is directed. Figure 2: VXLAN service configured with AOS and constructions SERVICE 50 SERVICE 50 SERVICE 60 SERVICE 60 Logical views SERVICE 60 5

The access port can be configured on a fixed port or a link aggregation group. The administrator can specify how to handle (drop, peer and tunnel) the Layer 2 control packets (for example, STP, LLDP, AMAP, GVRP, MVRP) accessing the access port and egress VLAN translation policies. The administrator can specify the multicast mode used for broadcast, unknown unicast and multicast (BUM) traffic: Tandem: In this mode, PIM multicast routing is used to discover the neighbor nodes in the same multicast group. Each dynamically creates unicast s to the remote s that share the same VXLANs and a mesh- for BUM traffic replication. Head-end: In this mode, the administrator specifies the unicast address to reach the far-end nodes though unicast s. The s can be orchestrated and dynamically created by UNP. BUM traffic is replicated to each the unicast, and one copy is sent to all remote s sharing the same VXLANs. With VXLAN, the failure domain is limited to a single location where the gateway is located. BENEFITS OF VXLAN VXLAN is easy to configure, and extends Layer 2 user VLANs across the existing enterprise routed Layer 3 network. Users anywhere in the enterprise can be added to their department VLAN. VXLAN operates as an overlay network and requires no changes to the underlying core network. This promotes a stable no-touch network backbone without frequent configuration changes caused by end-user needs. VXLAN works with UNP, LPS and other OmniSwitch features to provide autoprovisioning to minimize effort and save network staff time. VXLAN is a simple solution that works with the existing enterprise network. It does not require MPLS skills or special staff training to configure and install. Figure 3: Enterprise networks can use VXLAN to extend VLANs to remote locations and to connect virtualized and non-virtualized servers CORE DC DIST BIOMED VLANS POD BIOMED SERVERS L3 B1 DIST B2 DIST B3 DIST L2 802.1Q DATA VLANS VOICE VLANS BIOMED VLANS ACCESS 6

CONCLUSION The application of VXLAN in the campus brings additional services to extend LANs into data centers, private clouds or public clouds. It allows IT to offer solutions that simplify the transformation process in mergers and acquisitions by extending the transparent connectivity for new business units, temporary contractors and out-sourcing. Alcatel-Lucent Enterprise believes that the virtualization technologies are not limited to data center solutions, and that network virtualization overlay (NVO) is a viable solution for providing departmental segregation and extending VLANs in a campus network. NVO applied to the campus brings the agility, dynamism and flexibility of the cloud into the enterprise LAN offering rapid IT delivery to improve and simplify the outcome of the business needs. enterprise.alcatel-lucent.com Alcatel-Lucent and the Alcatel-Lucent Enterprise logo are trademarks of Alcatel-Lucent. To view other trademarks used by affiliated companies of ALE Holding, visit: enterprise.alcatel-lucent.com/trademarks. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Neither ALE Holding nor any of its affiliates assumes any responsibility for inaccuracies contained herein. (April 2015)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information