Virtual Subnet: A Scalable Cloud Data Center Interconnect Solution

Similar documents
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Virtual Private LAN Service on Cisco Catalyst 6500/6800 Supervisor Engine 2T

JUNIPER DATA CENTER EDGE CONNECTIVITY SOLUTIONS. Michael Pergament, Data Center Consultant EMEA (JNCIE 2 )

Introduction to BGP-MPLS Ethernet VPN

ETHERNET VPN (EVPN) OVERLAY NETWORKS FOR ETHERNET SERVICES

ETHERNET VPN (EVPN) NEXT-GENERATION VPN FOR ETHERNET SERVICES

VPLS Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

Introducing Basic MPLS Concepts

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

Routed VPLS using BGP draft-sajassi-l2vpn-rvpls-bgp-00.txt

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T

BUILDING MPLS-BASED MULTICAST VPN SOLUTION. DENOG3 Meeting, /Frankfurt Carsten Michel

Using LISP for Secure Hybrid Cloud Extension

WHITE PAPER. Network Virtualization: A Data Plane Perspective

Introduction to MPLS-based VPNs

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Fast Re-Route in IP/MPLS networks using Ericsson s IP Operating System

VXLAN: Scaling Data Center Capacity. White Paper

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

Demonstrating the high performance and feature richness of the compact MX Series

TRILL for Data Center Networks

Data Center Use Cases and Trends

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

How Routers Forward Packets

Transition to IPv6 in Service Providers

Cloud Networking: Framework and VPN Applicability. draft-bitar-datacenter-vpn-applicability-01.txt

TRILL Large Layer 2 Network Solution

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005

Implementing MPLS VPNs over IP Tunnels

MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions

Network Architecture Validated designs utilizing MikroTik in the Data Center

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

VXLAN Bridging & Routing

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems

Marc Lasserre Wim Henderickx Alcatel-Lucent. Ali Sajassi Luyuan Fang Cisco. Yuichi Ikejiri NTT Communications. Mircea Pisica BT.

MPLS VPN Security BRKSEC-2145

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

MPLS L2VPN (VLL) Technology White Paper

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Department of Communications and Networking. S /3133 Networking Technology, Laboratory course A/B

Stretched Active- Active Application Centric Infrastructure (ACI) Fabric

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

RFC 2547bis: BGP/MPLS VPN Fundamentals

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

Analysis of Network Segmentation Techniques in Cloud Data Centers

How To Make A Network Secure

Building Trusted VPNs with Multi-VRF

Understanding Virtual Router and Virtual Systems

Quidway MPLS VPN Solution for Financial Networks

Preserve IP Addresses During Data Center Migration

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

MPLS Basics. For details about MPLS architecture, refer to RFC 3031 Multiprotocol Label Switching Architecture.

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

Improve Data Center Interconnect, L2 Services with Juniper s EVPN

Junos MPLS and VPNs (JMV)

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

Versatile Routing and Services with BGP. Understanding and Implementing BGP in SR-OS

Virtual Private Networks. Juha Heinänen Song Networks

Chapter 3 LAN Configuration

Top-Down Network Design

Implementing VPN over MPLS

SBSCET, Firozpur (Punjab), India

Secure Cloud Computing with a Virtualized Network Infrastructure

L2 VPNs. Pseudowires. Virtual Private LAN Services. Metro/Carrier Ethernet.

- Multiprotocol Label Switching -

the Data Center Connecting Islands of Resources Within and Across Locations with MX Series Routers White Paper

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans

Testing Edge Services: VPLS over MPLS

TechBrief Introduction

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

How To Manage A Virtualization Server

Configuring the Transparent or Routed Firewall

Extending Networking to Fit the Cloud

STORMY WEATHER SECURING CLOUD COMPUTING. Russell Skingsley Director of Advanced Technology Data Centre and Cloud, APAC Juniper Networks

ExamPDF. Higher Quality,Better service!

Clustering. Configuration Guide IPSO 6.2

Overlay Networks and Tunneling Reading: 4.5, 9.4

GregSowell.com. Mikrotik Basics

Kingston University London

Service Definition. Internet Service. Introduction. Product Overview. Service Specification

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Virtual Private LAN Service

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

SDN CONTROLLER. Emil Gągała. PLNOG, , Kraków

Multicast transmission in VPN Networks (mvpn)

WHITEPAPER. Bringing MPLS to Data Center Fabrics with Labeled BGP

Transcription:

Virtual Subnet: A Scalable Cloud Data Center Interconnect Solution draft-xu-virtual-subnet-06 Xiaohu Xu (xuxh@huawei.com) IETF82, TAIWAN

Why VM Mobility across Data Centers Data center maintenance Applications on a server or data center infrastructure requiring maintenance can be migrated offsite without downtime. Disaster avoidance: Data centers in the path of natural calamities (such as hurricanes) can proactively migrate the mission-critical application environment to another data center. Data center migration or consolidation: Migrate applications from one data center to another without business downtime as part of a data center migration or consolidation effort. Data center expansion: Migrate virtual machines to a secondary data center as part of data center expansion to address power, cooling, and space constraints in the primary data center.

Cloud Data Center Interconnect Requirements Subnet extension. Allow VMs to move across data centers without requiring renumbering. Scalability. Multi-tenancy capability (Beyond 4K VLANs). MAC table scalability (Millions of VMs within a data center). Unknown unicast reduction/avoidance broadcast reduction/avoidance. Multi-homing. Active-active DC exits. Path optimization.

Virtual Subnet Overview Virtual Subnet (VS) is a host route based IP-only L2VPN service. BGP/MPLS IP VPN [RFC4364] signaling is used to distribute CE host routes across PE routers. Thus, the subnet is extended across data centers. In comparison to VPLS, VS has the following advantages as a DCI solution: Reduce MAC table size of CE switches. Avoid flooding unknown unicast and broadcast traffic across data centers. Natural multi-homing capability. Support active-active DC exits while guaranteeing path symmetry. Support path optimization.

Control Plane: Routing Table VRF: 1.1.1.1/32 Local 1.1.1.2/32 Local 1.1.1.3/32 BGP 1.1.1.4/32 BGP 1.1.0.0/16 Null Direct Local host route creation according to cache 2 VRF: 1.1.1.1/32 BGP 1.1.1.2/32 BGP 1.1.1.3/32 Local 1.1.1.4/32 Local 1.1.0.0/16 Null Direct 4 Routing table built up! 3 1 Host route exchange via L3VPN signaling 1 Host discovery via /ICMP etc. Host discovery via /ICMP etc. Host A: 1.1.1.1 Host C: 1.1.1.2 Host B: 1.1.1.3 Host D: 1.1.1.4 VPN Site #1 VPN Site #2

Data Plane: Unicast VRF: VRF: 2 Route look-up 1.1.1.1/32 Local 1.1.1.2/32 Local 1.1.1.3/32 BGP 1.1.1.4/32 BGP 1.1.0.0/16 Null Direct 4 Route look-up 1.1.1.1/32 BGP 1.1.1.2/32 BGP 1.1.1.3/32 Local 1.1.1.4/32 Local 1.1.0.0/16 Null Direct IP(A)->IP(B) 1 VLAN ID MAC(A)->MAC() 3 IP(A)->IP(B) VPN Label Tunnel to 5 IP(A)->IP(B) VLAN ID MAC()->MAC(B) : IP IP(B) MAC MAC() Host A: 1.1.1.1 VPN Site #1 Host C: 1.1.1.2 0 Local PE returns its own MAC as proxy Host B: 1.1.1.3 VPN Site #2 Host D: 1.1.1.4

MAC Table Reduction on CE Switches IP(A)->IP(B) VLAN ID MAC(A)->MAC() CE Switch MAC learning domain #1 CE Switch MAC learning domain #2 IP(A)->IP(B) VLAN ID MAC()->MAC(B) Host A Host C Host B Host D VPN Site #1 VPN Site #2 The otherwise whole MAC learning domain associated with a given IP subnet, which has been extended across the MPLS/IP backbone, are partitioned into multiple isolated sub-domains. Thus, CE switches only need to learn MAC addresses of local CE hosts and local PE routers.

Unknown Unicast Flooding No route, no pass Avoidance IP(A)->IP(?) VLAN ID MAC(A)->MAC() Host A Host C Host B Host D VPN Site #1 VPN Site #2 No flooding of unknown unicast traffic across the IP/MPLS backbone. Ingress PE routers forward customer packets according to the corresponding VPN routing table.

Broadcast Prevention A B MAC=MAC() Q B MAC=? broadcast domain #1 broadcast domain #2 Host A Host C Host B Host D VPN Site #1 VPN Site #2 No flooding of broadcasts across the IP/MPLS backbone: For an request for a local CE host, discards it. For an request for a remote CE host, returns its own MAC as a response. For an request for an unknown CE host (i.e., no matching host route found), discards it.

Site Multi-homing VRF: 1.1.1.1/32 Local 1.1.1.3/32 BGP 1.1.0.0/16 Null Direct VRF: 1.1.1.1/32 BGP 1.1.1.1/32 PE-3 BGP 1.1.1.3/32 Local 1.1.0.0/16 Null Direct VRRP Master/ ECMP PE-3 VRRP Slave Host A: 1.1.1.1 Host B: 1.1.1.3 VPN Site #1 VPN Site #2 Active-active multi-homing is available for inbound traffic. Both VRRP master and VRRP slaver advertise host routes for their local CE hosts.

CE Host Mobility(VM Mobility) Gratuitous IP(C)->MAC() 5 4 Update host route for host C 3 BGP update for host C Create a local host route for host C 2 1 Gratuitous Host A Host C Host B Host C Host C moves from 0 Site #1 to Site #2 VPN Site #1 VPN Site #2 Host route for the moved VM is updated after the gratuitous is received by the current PE of the moved VM. entries for that VM cached on both routers and other CE hosts are updated.

Active-active DC Exits (Path Symmetry Guaranteed ) Client X(near DC#1) Client Y(near DC#2) 4 IP(A)->IP(X) Internet 4 IP(A)->IP(Y) 1 IP(X)->IP(A) 1 IP(Y)->IP(A) VRF: NAT inside pool: 2.0.0.0/8 1.1.1.1/32 BGP 1.1.1.255/32 Local 2.0.0.0/8 GW-1 Static 3.0.0.0/8 BGP 1.1.1.255 VPN Site #1 GW-1 GW-2 2 2.2.2.2.->IP(A) 3 2 Host A: 1.1.1.1 GW=1.1.1.255 3.3.3.3->IP(A) IP(A)->2.2.2.2 NAT outside pool: 3.0.0.0/8 1.1.1.255 1.1.1.1/32 Local 1.1.1.255/32 Local 2.0.0.0/8 BGP 3.0.0.0/8 GW-2 Static 3 IP(A)->3.3.3.3 VPN Site #2 Each DC exit router advertises a route for the subnet (e.g., 1.1.0.0/16) into the Internet. Inbound traffic is source NATed when arriving at any DC exit router and routes for the NAT inside pools are advertised across the PE routers of that IP-only L2VPN. VRF :

Path Optimization for VPN Access VPN Subnet: 2.2.0.0/16 Traffic flow before the VM movement 0 3 Traffic flow after the VM movement BGP update for host C 2 Host A Host C Host B Host C 1 Host C moves from Site #1 to Site #2 VPN Site #1 VPN Site #2 Host routes for VMs are distributed to remote VPN sites (e.g., enterprise site) thus forwarding path between enterprise site and cloud data centers can be optimized automatically.

Path Optimization for Internet Access GLSB/DNS FQDN(A)->4.4.4.4 5.5.5.5 Client X Connection established before the VM movement 1 DNS update Client Y Connection established after the VM movement NAT outside pool: 4.0.0.0/8 NAT inside pool: 2.0.0.0/8 VRF: 1.1.1.1/32 BGP 1.1.1.255/32 Local 2.0.0.0/8 GW-1 Static 3.0.0.0/8 BGP 1.1.1.255 IP(X)<->4.4.4.4 Internet GW-1 DNS-ALG GW-2 2.2.2.2<->IP (A) IP(Y)<->5.5.5.5 3.3.3.3<->IP(A) 1.1.1.255 NAT outside pool: 5.0.0.0/8 NAT inside pool: 3.0.0.0/8 1.1.1.1/32 Local 1.1.1.255/32 Local 2.0.0.0/8 BGP 3.0.0.0/8 GW-2 Static VRF : VPN Site #1 Host A: 1.1.1.1 0 VM Motion VPN Site #2 It s not practical to propagate host routes for VMs into the Internet. Hence DNS-based GLSB is resorted and it will be updated dynamically when the VM moves from one data center to another.

FIB Scalability on PE: On-Demand FIB Installation (using VA-Auto) 2 VRF: FIB Request triggers PE to install the corresponding host route from RIB to FIB. 1.1.1.1/32 BGP 1.1.1.2/32 BGP 1.1.1.3/32 BGP 1.1.1.4/32 BGP 1.1.0.0/16 Null Direct RR/ 0 RR/APR advertises a VP route for the subnet and tags cansuppress to the host routes when advertising them to its clients. VRF FIB: 3 1.1.1.1/32 Local 1.1.1.2/32 Local 1.1.1.3/32 BGP 1.1.0.0/16 RR BGP 1.1.1.3/32 Local 1.1.1.4/32 Local 1.1.0.0/16 RR BGP 1 B MAC=? Host A: 1.1.1.1 Host C: 1.1.1.2 Host B: 1.1.1.3 Host D: 1.1.1.4 VPN Site #1 VPN Site #2

RIB Scalability on PE: On-Demand Route Announcement(using prefix-orf) 2 Request triggers PE to request the corresponding host routes from its RR by using prefix-based ORF. 1.1.1.1/32 BGP 1.1.1.2/32 BGP 1.1.1.3/32 BGP 1.1.1.4/32 BGP 1.1.0.0/16 Null Direct 0 RR 3 RR distributes host routes to its clients (PEs) on demand when receiving prefix-based ORF. 4 VRF: RIB 1.1.1.1/32 Local 1.1.1.2/32 Local 1.1.1.3/32 BGP 1.1.0.0/16 RR BGP PE advertises its local host routes to its RR. RR advertises a route for the subnet to its clients. VRF RIB: 1.1.1.3/32 Local 1.1.1.4/32 Local 1.1.0.0/16 RR BGP 1 B MAC=? Host A: 1.1.1.1 Host C: 1.1.1.2 Host B: 1.1.1.3 Host D: 1.1.1.4 VPN Site #1 VPN Site #2

Comments and Questions?

Multicast/Broadcast (P-Multicast Tree Mode) C-Multicast VPN Site #3 MVRF MVPN Peer P-GROUP BLUE {,} 225.1.1.1 MVRF MVPN Peer P-GROUP BLUE {,PE-3} 225.1.1.1 VPN Site #1 PE-3 P-Multicast Tree C-Multicast mgre IP(PE-3)->225.1.1.1 MVRF MVPN Peer P-GROUP BLUE {,PE-3} 225.1.1.1 VPN Site #2

Multicast/Broadcast (Ingress Replication Mode) C-Multicast VPN Site #3 MVRF MVPN Peer P-GROUP BLUE {,} ----- MVRF MVPN Peer P-GROUP BLUE {,PE-3} ----- C-Multicast VPN ID Tunnel to PE-3 C-Multicast VPN ID Tunnel to MVRF MVPN Peer P-GROUP BLUE {,PE-3} ----- VPN Site #1 Ingress Replication VPN Site #2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information