View Single Post
  #5  
Old 09-05-2011, 02:12 AM
ludovicostev ludovicostev is offline
Aspiring Member
.
 
Join Date: Aug 2011
Posts: 2
ludovicostev has 10 reputation points
Default

Hi

>> "But my fellow NEs would like to 'simplify' the network by routing at the distribution layer, and reducing a lot of hardware"

Well, in fact with SPB that is exactly what you get.

On an SPB network traffic forwarding within the core is L2 (along IS-IS shortest paths; you can think of SPB as MAC routing, so technically it's L2, because it only runs on L2 Ethernet, but conceptually it is using a Link State protocol which traditionally we have always associated with L3 routing)

The only place where you will get L3 IP routing on an SPB network, is on the distribution nodes, where your VLANs and IP interfaces (Gateways for end users) exist.

The following diagram shows how IP routing would work over an SPB network (let's see if I can paste my diagram in the WYSIWYG !):

<obvioulsy not!, so 1st pic below>


Note that there are only 2 routing IP hops across the above network; i.e. the TTL of IP packets will decrement by 2 (not 3).
The SPB trick is that IP routes have as next-hop the BMAC of the egress distribution node; so IP routed packets get sent directly from the ingress SPB node to the egress SPB node who has (been advertizing over ISIS) the destination IP route, over the SPB shortest path (there is no need for IP routing inside the core). We refer to these as IP shortcuts, because that descruibes them fairly well.

The above shows native (VRF-0 / non-virtualized) IP routing over SPB.

You can also extend virtualized IP routing instances (VRFs), like this:

<2nd pic below>

Note that since we are virtualizing now, we have to assign a virtualization instance id (the I-SID) which is the great advantage of SPB (over TRILL).

The I-SID is used to keep IP routes belonging to different VRFs separate in the control plane (ISIS) and to keep the packets separate in the Data plane (SPB uses the 802/1ah MACinMAC encapsulation which encodes the I-SID in the packets)


Likewise, if you wanted to extend a L2 VLAN across the network:

<3rd pic below>


So the SPB network becomes like one logical fabric, over which any networking service type can be easily deployed.

All of the above is available today on the ERS8800/8600 in software 7.1 provided you have R/RS modules and either an 8895CPU or an 8692CPU with SuperMezzanine.
SPB is also on the roadmap for the VSP7000 later next year.
We also fully support SMLT/RSMLT at the edge of the SPB network, so a pair of 8800/8600s can act as a logical SPB edge node from the user VLANs perspective.

Note that SMLT clustering becomes useless inside the SPB core, since the SPB core no longer has any user VLANs/IP interfaces.



Coming to your question about where to put an IDS/IPS...

...the beauty of SPB is that you are now effectively decoupling the network services (VSN be it L2 or L3, or non virtualized IP shortcuts) from the infrastructure.

So user VLANs can be easily extended and dropped anywhere across the network; likewise the default gateway for a given user VLAN can be anywhere on the SPB network (it does not have to be on the nearest distribution nodes); you simply extend the VLAN with a L2 VSN wherever you want the IP routing instance to be for it.

So things like Firewalls, IDS, IPS which previously needed to be physically inserted into the physical topology to intercept the traffic, can now be conveniently located wherever it makes more sense or it is more practical. You can then simply force your traffic over/through these devices by deploying VSNs which take the traffic to them.

And finally the design of the physical infrastructure becomes much simpler with SPB since it is now simply an exercise about feeds and speeds and deploying sufficient nodes to have redundancy and alternate paths in case of failures. The decision to deploy a tier2 or tier3 network is no longer influenced by the desire to fit to a certain IP addressing structure/scheme. So, depends on the network, but an SPB core can be cheaper/more cost effective.

Hope this helps!
Attached Images
File Type: jpg ipsrtc2.JPG (30.7 KB, 54 views)
File Type: jpg l3vsn.JPG (28.8 KB, 39 views)
File Type: jpg l2vsn.JPG (20.8 KB, 37 views)
Attached Files
File Type: pdf snippet.pdf (105.5 KB, 53 views)

Last edited by ludovicostev; 09-05-2011 at 02:40 AM. Reason: Getting my pictures attached!
Reply With Quote