Fabric Connect (SPBm) & DCN

Workshop & Demonstration for Colissimo

Redouane BACHIR – Sr. Systems Engineer CCIE #63630

April 2020
What is Fabric Connect?
Powerful network virtualization technology (aka Fabric Network):
• Services abstracted from Infrastructure
• User traffic invisible to the network core
• Services operate as ships in the night

Layer 3 Layer 3 IPv6

virtualized* Layer 2
unicast
Technology attributes:
virtualized E-LAN E-Tree
unicast Service Service Service
Layer 3* Layer 3 Service
Network virtualized Service multicast (shortcut)
IPv6* VXLAN* E-Line
Services multicast
Service
Service
(shortcut)
Service Service Service

• Forwards traffic based on Ethernet

Switched Paths

• L2/3 service abstraction layer

Infrastructure

• Control plane is based on IS-IS

routing

• Controllerless technology

Abstracting Service from Infrastructure: Network as a Plug & Play Utility • Functions as an underlay as well as
an overlay technology

2 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Virtualization of logical networks

IP subnet 3 IP subnet 2
VLAN 30

VLAN 30 L2-VSN VLAN 30 L3-VSN L3-VSN

IP subnet 1 IP subnet 2 IP subnet 1 L2-VSN IP subnet 1

Logical

Physical

Fabric Attach Fabric Connect

FA/UNI NNI NNI

BVLAN #1
BVLAN #2

FA-Proxy FA-Server / BEB BCB BEB

§ Users and application reside in virtualized networks (VSNs)

§ Physical infrastructure is decoupled from virtual networks
§ Different user groups or applications can be easily segregated
§ Simpler deployment model for IPv4/IPv6 networks
3 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Complex Protocol Stack vs Fabric Connect Simplicity

Traditional Protocol Stack Fabric Connect

MPLS layers
e.g. Draft Rosen
Connectivity Services independent from Infrastructure
Layer 3 Virtualized
Multicast Service Protocol
Infrastructure
Horizontally Independent

Top – Down Vertical dependency

e.g. RFC 4364
Layer 3 Virtualized Unicast Protocol
Service Layer 3 Layer 3 Layer 3 Layer 3
Infrastructure virtualized virtualized Multicast unicast Layer 2
Virtualized
multicast unicast Service Service
Service
e.g. VPLS Service Service IPSC IPSC
Cisco‘s Layer 2 Virtualized Unicast
Protocol
OTV Service Infrastructure

e.g. PIM
Layer 3 Multicast Service
Protocol
Infrastructure

e.g. RIP/OSPF
Layer 3 Unicast Protocol
Service Infrastructure

Layer 2 Virtualized 802.1D/Q e.g. 802.1q/D

TRILL /
Service Protocol
IP/SPB, L2/SPB Fabric
FabricPath (STP/VLAN) Single IS-IS Control Plane Attach
Infrastructure

Physical Physical
Ethernet Ethernet
Infrastructure Infrastructure
CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Shortest Path Bridging - Fabric
§ Enable IS-IS Globally
§ Enable IS-IS per interface
§ IS-IS forms adjacencies Extreme Management Center

‒ Discovers core topology

‒ Calculate Shortest Path to every node
‒ Programs forwarding entries in BVLANs BEB BEB BEB
BEB
§ Important Properties
‒ Shortest path based on link metrics with no blocked paths
‒ Reverse Path Forwarding Check (RPFC) eliminates loops BCB BCB
‒ Symmetric data path between any two nodes provides BEB
closed OAM system BEB

‒ Unicast path calculated from every node to every other BCB

BEB BEB
node
‒ Ability to calculate service specific multicast delivery trees
‒ No IP configuration required inside the Fabric
‒ Network becomes a Fabric

5 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Shortest Path Bridging - Fabric Configuration

spbm
router isis
manual-area 49.0000
spbm 1
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 nick-name 0.00.81
system-id 02bb.0000.8100
exit
vlan create 4051 name "B-VLAN-1" type spbm-bvlan
vlan create 4052 name "B-VLAN-2" type spbm-bvlan

interface GigabitEthernet 3/16,4/1

isis
isis spbm 1
isis enable
no spanning-tree mstp force-port-state enable
exit
router isis enable

6 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Traditional versus Fabric Connect
Traditional

VLAN 10 VLAN 10
VLAN 10 VLAN 10

Switched Ethernet network

I-SID 20010
FABRIC

VLAN 10 VLAN 10

Fabric Connect / IS-IS Routing

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Traditional versus Fabric Connect
Layer 2 Service (Overlay GRE or VXLAN tunnel)

VXLAN / GRE Tunnel

Traditional

IP subnet 1 IP subnet 2
VLAN 10 VLAN 10

Routed Network (OSPF)

I-SID 20010
FABRIC

VLAN 10 VLAN 10

Fabric Connect / IS-IS Routing

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Shortest Path Bridging – L2VSN Service
§ Provision service at the edge
‒ Create VLAN
‒ Create I-SID Extreme Management Center

‒ Attach VLAN to I-SID

‒ IS-IS advertise service to the network
BEB BEB BEB
‒ Shortest path used BEB

‒ Path congruence VLAN 20

‒ FDB is updated with service entries

BCB I-SID 2000020 BCB
BEB
BEB

BCB
BEB BEB

VLAN 20

9 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Traditional versus Fabric Connect
Layer 3 Virtual Private Networks

VRF-lite deployment
Traditional

Tenant A VRF VRF VRF VRF Tenant A

OSPF OSPF OSPF OSPF 10.1.2.0/24
10.1.1.0/24

Tenant X VRF VRF VRF VRF

Tenant X
10.1.1.0/24 OSPF OSPF OSPF OSPF 10.2.1.0/24

L3 Virtual Service Network I-SID 200

Tenant A Tenant A
FABRIC

10.1.1.0/24 10.1.2.0/24

Tenant X Tenant X
10.1.1.0/24 L3 Virtual Service Network I-SID 300 10.2.1.0/24

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Shortest Path Bridging – L3VSN Service
§ Provision service at the edge
‒ Create VRF
‒ Create VLANs Extreme Management Center

‒ Assign VLANs to VRF

‒ Create IP Networks in VLANs
BEB BEB BEB
‒ Create I-SID BEB
VLAN / IP Net 1
‒ Attach VRF to I-SID
VLAN / IP Net 2
BCB I-SID 3000001 BCB
‒ IS-IS advertise service to the network BEB
‒ Shortest path used BEB

‒ Routing Table is updated with service entries BCB

BEB BEB
‒ IPv4 and IPv6 networks
‒ Local networks have to be redistributed

VLAN / IP Net 3 VLAN / IP Net 4

11 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Traditional versus Fabric Connect
IPv4 / IPv6 Unicast Routing

OSPF OSPF RIP RIP

Traditional

OSPFv3 OSPFv3 RIPng RIPng VLAN 12

VLAN 11
10.1.2.0/24 10.2.1.0/24

OSPF and RIP for IPv4

OSFPv3 and RIPng for IPv6

IP Shortcut (Next Hop = Dest. Hop)

FABRIC

VLAN 11 VLAN 12
10.1.2.0/24 10.2.1.0/24

Fabric Connect / IS-IS Routing for IPv4

and IPv6
CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Shortest Path Bridging – IP Shortcut Service
§ Default routing instance
‒ Global Routing Table created by default
‒ Easy configuration for Fabric management Extreme Management Center

‒ No I-SID (shortcut)
‒ Prefer L3VSN to attach users
BEB BEB BEB
‒ But users can be attached BEB
VLAN / IP Net 1
§ Provision service at the edge
VLAN / IP Net 2
‒ Create VLANs BCB BCB
‒ Create IP Networks in VLANs BEB

‒ IS-IS advertise service to the network BEB

‒ Shortest path used BEB

BCB
BEB
‒ Routing Table is updated with service entries
‒ IPv4 and IPv6 networks
‒ Local networks have to be redistributed

VLAN / IP Net 3 VLAN / IP Net 4

13 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Shortest Path Bridging – L2VSN & L3VSN Service
§ Offers Routing between Servers to Users Users

§ Provision service at the edge VLAN / IP Net 1

‒ Create L2VSN VLAN / IP Net 2 Extreme Management Center

‒ Create L3VSN
‒ Attach L2VSN to L3VSN BEB
BEB BEB
BEB
§ Routing anywhere in the Fabric
‒ L3VSN or IP Shortcut
‒ IPv4 and IPv6 networks BCB
I-SID 3000001
BCB
BEB
BEB
VLAN 21
IP Net3
BCB
BEB I-SID 2000021 BEB

VLAN 21 VLAN 21

DC-1 DC-2

14 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Shortest Path Bridging – L2VSN & L3VSN Service
§ Offers Routing between Servers to Users Users

§ Provision service at the edge VLAN / IP Net 1

‒ Create L2VSN VLAN / IP Net 2 Extreme Management Center

‒ Create L3VSN
‒ Attach L2VSN to L3VSN BEB
BEB 3000001
I-SID BEB
BEB
§ Routing anywhere in the Fabric
‒ L3VSN or IP Shortcut VRRP
‒ IPv4 and IPv6 networks BCB BCB
VLAN 21 VLAN 21
§ Use VRRP for Redundancy BEB IP Net3 IP Net3
‒ VRRP in the Fabric BEB

‒ RSMLT/VRRP at the edge BEB

BCB
BEB
I-SID 2000021
§ Distributed Virtual Routing in DC

VLAN 21 VLAN 21

DC-1 DC-2

15 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Distributed Virtual Routing - DVR
Campus
§ Routing Optimization in Data Center HOST ROUTE
IN ROUTING TABLE
§ Improves VRRP concept
‒ Virtual IP for Default Gateway
Fabric Attach
‒ No hello messages
Core
‒ No master/backup
§ Performs routing at leaf Fabric
Connect
§ Configuration on Controller
‒ Leaf get VLAN/IP/Mcast/VRF VRRP REDISTRIBUTE
SPINE MASTER HOST ROUTE
SWITCHING
ROUTING SPINE DVR Controller
• Attach port to vlan
• Endpoint tracking
LEAF LEAF DVR Leaf
§ Host route to local controller
‒ No east-west tromboning
§ Controller can redistribute host route L2 segment 1

‒ No north-south tromboning L2 segment 2

Data Center 1 Data Center 2

16 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Endpoint Tracking - EPT
§ Dynamic assignment of virtual machines (vm) to
VLAN/IP subnets. SPINE SPINE
‒ no need to manually configure server VLANs on L2VSN
data center access switches LEAF
VLAN
I-SID
L2VSN VLAN
I-SID LEAF
VLAN
‒ vmware or HyperV I-SID
802.1Q
Designed for data center (DC) scenario with
802.1Q
§ Hypervisor

virtual machines (vm) connecting to DVR. servers

Hypervisor management RADIUS

§ Also work with regular SPB deployments. calls

§ Virtual machines (vm) learned from hypervisor Extreme

Hypervisor API
HyperV vmware
§ ExtremeConnect SCCM vCenter
Management
Center

§ Accept policies automatically created

L2 segment 1
§ Dynamic assignment is done using Radius server.
L2 segment 2
§ ExtremeControl

Data Center 1 Data Center 2

17 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Traditional versus Fabric Connect
IPv4 Multicast Routing

PIM-SM PIM-SM
Traditional

PIM-SM PIM-SM
OSPF OSPF OSPF OSPF IGMP Snoop
IGMP Snoop
Sender 1 Receiver 1

PIM Rendezvous
Point

IP Shortcut (Next Hop = Dest. Hop)

FABRIC

IGMP Snoop IGMP Snoop

Sender 1 Receiver 1

Fabric Connect / IS-IS Routing

*Can also be virtualized within a L2/L3 service

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Shortest Path Bridging – Multicast Service
Receiver
§ A Multicast Stream received at the edge is automatically
mapped into a dedicated I-SID

IGMP
Join 239.0.0.10
‒ Class D IP address Extreme Management Center

§ Provision service at the edge

‒ IS-IS advertise service to the network
Multicast Sender BEB BEB BEB
BEB
‒ Stream is not forwarded Group 239.0.0.10

‒ Receiver has to request flow IPMC I-SID 16000001

‒ IGMP at the edge

BCB BCB
‒ Only one copy BEB
‒ Service constrained within L2VSN, L3VSN or IP-Shortcut BEB

‒ No need for PIM ot DVMRP complexity BCB

BEB BEB
Join

IGMP
239.0.0.10

Receiver

IGMP
Join 239.0.0.10

Receiver

19 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Summary of Fabric Connect Services
FA-Proxy BEB + FA-Server BCB BEB

§ All services can be IP

INFRASTRUCTURE
multicast enabled FA/UNI NNI NNI UNI

‒ Snooping VLAN 2 VLAN 4

IP Shortcut
‒ Routing 1.0.1.0/24 IP Shortcut 1.0.4.0/24
3000:0:1::0/64 3000:0:4::0/64

VLAN 10 I-SID 2000010 VLAN 10

§ L2VSN service types can L2VSN
also be combined with a VLAN 15 I-SID 2015017 VLAN 17

rich selection of UNI access

VLAN 101 VLAN 102
types : 1.10.1.0/24 I-SID 3000001 1.10.2.0/24
3000:10:1::0/64 3000:10:2::0/64
‒ CVLAN UNI

VIRTUALIZED SERVICES
L3VSN
‒ Switched UNI VLAN 201 VLAN 202
1.20.1.0/24 I-SID 3000002 1.20.2.0/24
‒ Transparent UNI 3000:20:1::0/64 3000:20:2::0/64

‒ ETREE UNI
VLAN 21
I-SID
VLAN 21 1.30.21.0/24
L2VSN 2000021
3000:30:21::0/64 VLAN 302
+ I-SID 3000003 1.30.2.0/24
L3VSN VLAN 22 3000:30:2::0/64
I-SID
20 VLAN 22 1.30.22.0/24 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
2000022
3000:30:22::0/64
L2VSN – UNI types - C-VLAN UNI

FC BEB or Fabric Connect

FA Proxy node
q-tag VLAN id 10
Tagged UNI
q-tag VLAN id 11 Port 1 VLAN10 L2VSN I-SID 2000010
PVID=12
untagged traffic
UNI
VLAN11 L2VSN I-SID 2000011
Untagged
untagged traffic Port 2 UNI
PVID=12 VLAN12 L2VSN I-SID 2000012

FC BEB : vlan i-sid <vlan-id> <i-sid>

FA Proxy ERS : i-sid <i-sid> vlan <vlan-id>
FA Proxy XOS : vlan <vlan-id> add isid <i-sid>

§ UNI is a VLAN (Customer VLAN = C-VLAN)

§ VLAN has global significance (Platform VLAN) on the BEB / FA-Proxy
§ Platform VLAN can have IP interface assigned (on BEB) and/or activated for SPB IP Multicast support
§ VLAN performs L2 switching on local VLAN port members & transports over L2VSN for remote end-points
§ Untagged traffic is assigned to VLAN corresponding to PVID configured on port
§ On tagged port, use UntagPVIDOnly mode to force PVID traffic to also go out untagged
§ Supported across all SPB capable VSP & ERS platforms and all FA-Proxy capable platforms
§ Not supported on DVR-Leaf
CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
L2VSN – UNI types - Switched UNI

BEB node Fabric Connect

q-tag VLAN id 10 Tagged

L2VSN I-SID 2000010
q-tag VLAN id 11 UNI Port 1 ERS Stackables: vlan create <vlan-id> type spbm-switchedUni
i-sid <i-sid> vlan <vlan-id> port <port>
L2VSN I-SID 2001011
VOSS VSP: interface gigabitEthernet <port>|mlt <mlt-id>
q-tag VLAN id 10 flex-uni enable
UntagPVIDonly
exit
untagged traffic UNI Port 2 L2VSN I-SID 2000002 i-sid <i-sid> elan
c-vid <vid> port <port>
c-vid <vid> mlt <mlt-id>
untagged-traffic port <port> [bpdu enable]
untagged-traffic mlt <mlt-id> [bpdu enable]
exit

§ UNI is a VLAN-id on a Port or MLT § Untagged traffic

‒ VLAN id only has local significance ‒ On Stackables can be picked up by setting the port to
on the Ethernet port / MLT UntagPVIDonly and setting the PVID on the port (not BPDUs)
§ Same VLAN-id can be re-used on different ports and belong to a ‒ On VOSS VSPs there is an express command and the optional
different I-SID ability to pick up BPDUs with it as well
§ Different VLAN-id on different (or same Stackables only) ports § Switched UNIs and CVLAN UNIs can be assigned to the same I-SID
can be assigned to same I-SID § Supported in VSP7024 10.2, ERS4800 5.7, ERS5900 7.0, ERS4900
‒ can do VLAN Mapping on local switch 7.1 and VOSS VSPs 5.0

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

L2VSN – UNI types - Transparent UNI

BEB node Fabric Connect

q-tagged traffic Transparent

untagged traffic UNI Port 1 L2VSN I-SID 2100001 ERS Stackables:
VOSS VSP: i-sid <i-sid> elan-transparent
port <port> | mlt <mlt-id>
exit
q-tagged traffic Transparent
UNI Port 2 L2VSN I-SID 2100002
untagged traffic

§ UNI is an Ethernet port / MLT § Reverse MAC learning is still used, so can be used with 3 or more
§ Ethernet UNI port / MLT is not VLAN tag aware end-points in an any-any service
§ Packets with or without a VLAN q-tag are transported into the ‒ NOTE: Learning across all VLANs (Shared VLAN learning)
L2VSN § MLT Transparent UNI ports are supported (on VOSS VSPs even
§ Untagged control traffic (STP, VLACP, LACP, LLDP, etc) is with LACP)
transparently forwarded § Transparent UNIs should not be assigned to the same I-SID as
‒ VLACP/LACP PDUs are forwarded (VOSS: unless configured on Switched UNI or CVLAN UNIs as this would create inconsistencies
UNI port / MLT) in the handling of egress q-tags
‒ Flow Control Pause frames remain link local and are not
transported CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
L2VSN – UNI types - ETREE UNI
§ A Private VLAN (PVLAN) allows member ports to Hypervisor
be take one of 3 possible roles:
‒ Isolated: No communication with other
Isolated ports in VLAN and across ETREE BEB node BEB node
Fabric
service; always untagged Promiscous Connect Trunk
‒ Promiscuous: Connectivity with all devices in Untagged Port 1 tagged Port 1
the PVLAN and across ETREE service; always Vswitch
untagged Private Private
Isolated
VLAN L2VSN 2200001 VLAN
‒ Trunk: Use to interconnect PVLAN to other Untagged Port 2
101/102 101/102
PVLAN capable devices (e.g. VMware ESX)
§ Fabric Connect uniquely allows PVLANs to be Isolated Isolated
Untagged Port 3 Untagged Port 2
extended as a L2VSN service by simply assigning
an I-SID to the PVLAN/CVLAN
§ Switched UNIs and regular CVLAN UNIs can be
assigned to the same ETREE I-SID in which
case they will have Promiscuous connectivity into
the service
‒ However, if doing so, the CVLAN/Switched UNI
must use the exact same VLAN-id as the
PVLAN Primary VLAN-id, since these VLAN-ids
are used within the ETREE L2VSN service

24 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Connectivity Fault Management - CFM
§ IEEE 802.1ag CFM 802.1ag Maintenance levels/hierarchy
‒ Maintenance hierarchies Customer demarcs
Adapt Adapt
‒ Layer 2 Ping
Service OAM (SID)
‒ Layer 2 Traceroute UNI UNI
Link Link
‒ Layer 2 Tracetree Link OAM
Trunk OAM
Link OAM Link OAM
‒ Layer 2 Tracemroute
§ CFM Level Hierarchies
Edge NNI Transit NNI Edge
‒ Service (e.g., all BEBs supporting Switch Link Switch Link Switch
common service instance)
‒ CMAC CFM (use level 6 or 7)
Conceptually:
‒ Network (e.g. all devices common to a monitor the trunk or the service
domain) … or both
‒ SPBM CFM (use level 4 or 5)
Service
§ ITU Y.1731 Performance Monitoring Trunk
‒ Frame Delay 802.1ag
‒ Frame Delay Variation
802.1ag
‒ Frame Loss

25 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Flexible, Integrated WAN with Fabric Extend
Fabric Extend Tunnel Carrying Multiple Services
Concept
PCI DSS Service
• Fabric Extend enables the extension of Extreme’s
Fabric Connect fabric/ services over third party VIDEO Service

networks PATIENT RECORDS Service

• Multiple fabric services encapsulated into VXLAN or IMAGING Service

encrypted VXLAN tunnels
Benefits
• Allows extending SPB/Fabric Connect over a 3rd party
networks to enable a unified fabric.
• Transparently extends Fabric Connect L2/3 services Internet/ WAN
with only end point provisioning. 3rd party core
• One tunnel can extend many services / segments
Building #1 Building #2
• Use cases: Data Center Interconnect, connection of
fabric islands, interconnection of remote locations
“When we acquire new practices and locations, we can
configure the new sites in less than a week, compared to an
industry average of one month” - ProMedica

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Fabric Connect Deployment model
WLAN AP FA Clients
Wireless Access DMZ / Internet
Comprises… Fabric
Attach
FC: Fabric Connect
FA Proxies FA Proxies
Wiring Closet

• 802.1aq Shortest Path Campus BEB BEB BEB BEB

Bridging (SPB) Distribution

SPB Backbone
FA: Fabric Attach
BEB
(Fabric Connect)
BCB BCB
Branch Core

• 802.1Qcj Automatic
BEB

Internet
SPB extended
Attachment to Provider BEB
over WAN
(Fabric Extend) BCB BCB

Backbone Bridging BEB

BEB

FE: Fabric Extend BEB BEB BEB BEB

BEB
Data Centre Distribution /
• Over the WAN or IP DVR Controller (Spine)

transport using VXLAN

Server Access / DVR Leaf
(TOR / Leaf)
L2 BEBs / DVR Leaf L2 BEBs / DVR Leaf
Fabric Attach

Hypervisors
Fabric Connect Simplicity
 Comparaison configuration underlay en CLI
Fabric Connect EVPN/VXLAN
BEB1:1(config)#spbm Leaf1(config)# mtu 9216
BEB1:1(config)#router isis Leaf1(config)# ip mtu 9168
BEB1:1(config-isis)#spbm 1 Leaf1(config)# interface Ethernet 0/3
BEB1:1(config-isis)#spbm 1 b-vid 4051,4052 primary 4051 Leaf1(conf-if-eth-0/3)# ip address 10.20.10.0/31
BEB1:1(config-isis)#spbm 1 nick-name 0.00.41 Leaf1(conf-if-eth-0/3)# description To-Spine1
BEB1:1(config-isis)#manual-area 49.0000 Leaf1(conf-if-eth-0/3)# no shut
BEB1:1(config-isis)#system-id 02bb.0000.4100 Leaf1(conf-if-eth-0/3)# exit
BEB1:1(config-isis)#exit Leaf1(config)# interface Loopback 2
BEB1:1(config)#interface gigabitEthernet 1/11-1/14 Leaf1(config-Loopback-2)# ip address 10.10.10.1/32
BEB1:1(config-if)#isis Leaf1(config-Loopback-2)# no shut
BEB1:1(config-if)#isis spbm 1 Leaf1(config-Loopback-2)# exit
BEB1:1(config-if)#isis enable Leaf1(config)# router bgp
BEB1:1(config-if)#exit Leaf1(config-bgp-router)# local-as 64100
BEB1:1(config)#vlan create 4051 type spbm-bvlan Leaf1(config-bgp-router)# fast-external-fallover
BEB1:1(config)#vlan create 4052 type spbm-bvlan Leaf1(config-bgp-router)# neighbor 10.20.10.1 remote-as 65000
BEB1:1(config)#router isis enable Leaf1(config-bgp-router)# neighbor 10.20.10.1 bfd
Leaf1(config-bgp-router)# neighbor 10.30.10.1 remote-as 65000
Leaf1(config-bgp-router)# neighbor 10.30.10.1 bfd
Leaf1(config-bgp-router)# address-family ipv4 unicast
Leaf1(config-bgp-ipv4u)# maximum-paths 8
Leaf1(config-bgp-ipv4u)# exit
Leaf1(config-bgp-router)# address-family l2vpn evpn
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 encapsulation vxlan
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 allowas-in 1
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 enable-peer-as-check
Leaf1(config-bgp-evpn)# neighbor 10.20.10.1 activate
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 encapsulation vxlan
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 allowas-in 1
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 enable-peer-as-check
Leaf1(config-bgp-evpn)# neighbor 10.30.10.1 activate
29 Leaf1(config-bgp-evpn)# exit CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
Leaf1(config-bgp-router)# address-family ipv4 unicast
Leaf1(config-bgp-ipv4u)# network 10.10.10.1/32
 Comparaison d’ajout d’un service en CLI
Fabric Connect EVPN/VXLAN
Association d’un VLAN à un Service Association d’un VLAN à un Service
BEB1:1(config)#vlan create 42 name MyVlan type port-mstprstp 0 Leaf1(config)# vlan 100
BEB1:1(config)#vlan members add 42 1/9 Leaf1(config-vlan-100)# suppress-arp
BEB1:1(config)#vlan i-sid 42 12000555 Leaf1(config-vlan-100)# suppress-nd
Leaf1(config-vlan-100)# exit
Leaf1(config)# interface Ethernet 0/1
Leaf1(conf-if-eth-0/1)# switchport
Leaf1(conf-if-eth-0/1)# switchport mode trunk
Leaf1(conf-if-eth-0/1)# switchport trunk allowed vlan add 100
Leaf1(conf-if-eth-0/1)# no shut
Leaf1(conf-if-eth-0/1)# exit
Leaf1(config)# evpn evpn1
Leaf1(config-evpn-evpn1)# route-target both auto ignore-as
Leaf1(config-evpn-evpn1)# rd auto
Leaf1(config-evpn-evpn1)# vlan add 100
Leaf1(config-evpn-evpn1)# exit
Leaf1(config)# overlay-gateway PoD1
Leaf1(config-overlay-gw-PoD1)# type layer2-extension
Leaf1(config-overlay-gw-PoD1)# ip interface Loopback 2
Leaf1(config-overlay-gw-PoD1)# map vni auto
Leaf1(config-overlay-gw-PoD1)# activate
Leaf1(config-overlay-gw-PoD1)# exit

30 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

XIQ SE
 XMC : Introduction

ExtremeControl ExtremeAnalytics ExtremeManagement ExtremeCompliance

• Contrôle d'accès réseau granulaire • Visibilité et contrôle des applications • Alarme et gestion des événements • Solution de conformité des
basé sur les rôles et priorités de couche 7 configurations réseaux
• Configuration, inventaire et gestion
• Évaluation flexible • 1000s signatures applicatives du changement entièrement automatisée
personnalisation des app.
• Application de la conformité • Zero Touch Provisionning • Analyse et évalue les
• Tableaux de bord, diagnostics et configurations réseau pour la
• Portails d'invités et de remédiation dépannage • Capacity Planning
conformité
• Suivi des utilisateurs et des systèmes • Découverte et topologie
• État, performances et signalement • Rapports de modèles de
d'extrémité des menaces • Fabric Manager conformité prêts à l'emploi et
• Réponse d'incident automatisée définis par l'utilisateur, prêts à
l'emploi et prêts à l'emploi

ExtremeConnect
• Permet l'automatisation et l'intégration avec VMware, MS, OpenStack, BYOD, MDM, sécurité, NGFW, etc.
• Fournit un accès direct à l'API Open Management Center - Build-Your-Own-Integration
 XMC : Comprendre votre infrastructure
§ Tableaux de bord pour comprendre les
utilisateurs, les équipements réseaux et
bien plus

§ Rapports temps réel et historique

§ Vue détaillées des équipements filaires

et sans fil

§ Analyse du trafic IPFIX et Netflow

§ Comprendre les alarmes et évènements

33
 XMC : Exploitez votre infrastructure
§ Voir
§ Statuts des équipements
§ Localisation des machines
§ Identité des utilisateurs

§ Gérer
§ Mise à jour des équipements
§ Alarmes et évènements
§ Gestion des Configurations

§ Rapports
§ FlexViews
§ Statistiques
§ Historique d’Alarmes
§ Diagnostiques

34
 XMC : ZTP+
§ Automatisation des déploiements :
§ Mise à jour de l’équipement
§ Configuration de tous les paramètres
§ Ajout dans XMC

Extreme
DNS DHCP MGMT
P1
P2
P1
FAN
1
2
1
ACT Level

Management
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

Cloud
TM
STACK NO. CONSOLE Summit X670V

My IP Request 1
Extreme
My IP Response Control

extremecontrol.<domainname> ExtremeControl ExtremeCloud

2
devices.extremenetworks.com inside the outside the
Lookup IP address firewall firewall

3 CONNECT HTTP PUT

CONNECT Response

IMAGEUPGRADE Response

CONFIGURATION Response

35
 XMC : Fabric Manager
§ Voir
§ Statuts des équipements
§ Topologie de la Fabric
§ Liste des Services

§ Provisionner
§ Création de Services
§ Affectation de Services

§ Diagnostiques
§ Voir les chemins de la Fabric
§ PingFabric
§ TracerouteFabric

36
 XMC : Workflow

Automatisez la routine :

• Provisionnez automatiquement
l'ensemble de votre réseau avec
Zero Touch sécurisé (Gagnez du
temps sur les opérations
• Élimine les erreurs humaines et
s'adapte automatiquement aux
changements

37
XMC : ExtremeConnect

§ Une API ouverte

– Intégration avec l’éco-
système IT

§ Sécurisation de bout-en-
bout
– DC
– MDM
– NGFW
– Etc.
Roadmap/New features
VOSS 8.3 : Increased Automation to Improve Efficiency

AUTOMATED ON-BOARDING (XMC/XIQ)

AUTOMATED SELF FORMING FABRIC

40 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Universal Hardware – 7000 Series
Enterprise Universal Hardware
7000 Series

VOSS EXOS

Details
• XIQ agent
• LEM Advanced Software License
• VOSS and EXOS support
• Secure Boot capable

Enterprise SKUs
• 7720: 32x100G
• 7520: 48xSFP28 + 8x100G
• 7520: 48x10GBT + 6x100G

CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Démo
Global Topology
Site 1 Site 2

BCB1-1 BCB2-1
Router @
BEB1-1 BEB2-1
Fabric
Extend (via
x695)

BEB1-2
BEB2-2
BCB1-2 BCB2-2

PC SHOWROOM
PC MEETING ROOM

BCB1-1 : VSP7400-48Y BCB2-1 : VSP7400-48Y

BCB1-2 : VSP7254XSQ BCB2-2 : VSP-8404
BEB1-1 : VSP4900-48P BEB1-1 : VSP-4450GSX-PWR+
BEB1-2 : VSP4900-48P BEB1-2 : VSP-4450GSX-PWR+
43 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.
43
EndPoint Tracking

BCB1-1 BCB2-1

Fabric ESXi 1 : 192.168.254.130

Extend (via ESXi 2 : 192.168.254.131
x695)
Vcenter : 192.168.20.200

1/9 1/9 Debian : 192.169.1.200

Shuttle Shuttle
ESXi-1 ESXi-2

VM Debian
Vmotion

44 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

Summary
Top 10 Things You Need to Know About Fabric Connect

1. More Than Just a Spanning Tree Replacement

2. More Than Just the Data Center
3. Accelerates Time-to-Service Through Edge-Only Provisioning
4. Natively Supports Data Center Interconnect
5. Delivers PIM-Free IP Multicast That is Scalable, Resilient, and Easy to Manage
6. Inherent Secure/Stealth Capabilities
7. “Lightening Fast” Convergence Times (Sub-Second)
8. Scalability to 16 Million Unique Services
9. It Offers Proven Interoperability with Third Party SPB Implementations
10. An Important Foundation for a Truly Automated Network
11. Single Pan Of Glass with XIQ SE

46 CONFIDENTIAL. ©EXTREME NETWORKS, INC. ALL RIGHTS RESERVED.

47