In the first article in our series we took a general look at the Shortest Path Bridging technology and its core mechanisms such as switches using the IS-IS protocol to “talk” to each other. Now, let me briefly explain how an SPB network is actually built and how to put it into service.
Let´s start by looking at how the SPB network is built. To a great extent, this has already been described in the previous article: the brain (or control plane) of the network is IS-IS, and it takes care of building a loop-free network topology, very much like an OSPF-based network would do. However, there are two important properties of IS-IS:
- Unlike OSPF it does not use TCP/IP but runs directly over layer 2; in case of SPB, it uses pure Ethernet and MAC addressing. Which is also why you can build an SPB network without a single IP address, and by doing so, making it more difficult to attack or spoof. Oh, and do not worry: we are not moving away from TCP/IP. It is of course still used for computer-to-computer communication.
- The packet encoding is built on TLV, type-length-variable, making it easy to define new TLVs to support Shortest Path Bridging (and any other new technology that may need a routing protocol). In fact, this is where RFC 6329 comes into play, defining “IS-IS Extensions Supporting IEEE 802.1aq Shortest Path Bridging”. I also have to add that Extreme has defined 3 TLVs allowing us to support virtual layer 3 networks and IP multicast streams.
One other important thing to add here: over the years, Extreme Networks has refined and improved its implementation of Shortest Path Bridging in a number of ways. One such important improvement is automation. When SPB-capable switches are connected together they will automatically discover each other and say “hey, we are SPB capable switches, let´s form an SPB fabric network”. This happens without any intervention from a network engineer whatsoever, nor any orchestrator or management application of some kind. The switches themselves have the “brain” to manage this completely on their own.
It´s always easier to discuss and explain something when you can point to some figures or diagrams. So, let’s assume we have built this odd network below.
However, before we proceed, it is also easier if we have some common terminology:
The IEEE 802.1Q standard describes two distinct roles for SPB switches (or ‘bridges’, as the IEEE standard likes to call them): the Backbone Core Bridges (BCB) which perform the routing functions and the Backbone Edge Bridges (BEB) which are responsible for both the routing and service functions.
- Backbone Edge Bridges are the nodes at the edge of the network where you connect your computers or other devices (which could also be an ordinary, let’s say an old-fashioned, Ethernet switch).
- Backbone Core Bridges are the nodes inside the network. They have no end systems attached and only connect to other SPB nodes.
Whether a switch is a BCB or BEB, is purely based on the role you have given it. It is not like; “if you want a BCB switch you have to buy one of these models, and if you want a BEB you have to buy one of these models”. If you configure a UNI port on an SPB switch and connect a device of some kind to it then it becomes a BEB.
And then, there are two types of interfaces in the SPB network (interestingly enough, there always seem to be two types of everything; two protocols, two important properties of IS-IS, two types of SPB nodes, and so on):
- The interface that connects PCs, servers, and other devices to the BEB nodes. This type of interface is called User Network Interface (UNI).
- The interface that connects two SPB nodes together – this interface is called Network-Network Interface (NNI).
Roughly speaking, this is basically how we build an SPB network. Since this is just an introduction to the Shortest Path Bridging technology as a whole, I will not dive into more details on this, but you’d probably be surprised to see how easy it is. And if you don´t put too much stock into automation, there are just a few commands you have to type to configure the switches and build the network.
What specific benefits does Extreme Fabric Connect bring to your organization? Watch our Fantastic Fabric show!
How to build a virtual layer 2 network?
So, now that we have built the network, now’s the time for the truly easy and fun part: putting the network to service, meaning creating virtual networks to support our users and applications. Now, pay attention. To establish the green network depicted in the first figure, you have to type in the following command on those four switches with which the green users (computers) are connected:
VLAN I-SID 10 10010
(Note: this is just an example – it could be other values as explained below)
This calls for a little explanation:
- I-SID is a service identifier which can also be seen as an index or a number that uniquely identifies a virtual network. Much like a VLAN-id identifies a VLAN. However, a VLAN-id is 12 bits and gives us 4096 VLANs, whereas I-SID is 24-bit value and thus supports up to 16777216 virtual networks (how about that?). And of course: these virtual networks can be stretched from anywhere to anywhere in the network.
- VLAN is a VLAN as we know it since the day it was introduced decades ago. At the edge of an SPB network we have the VLANs. Computers and other devices connect to a VLAN as they almost always have. Well, this is partially true. As stated earlier: over the years, Extreme Networks has refined and improved its implementation of Shortest Path Bridging in a number of ways. One other improvement is the lack of need for VLANs at the edge.
- We assign (or map) the VLAN to the I-SID, and any computer or device that is attached to a VLAN that maps into the same I-SID is part of the same virtual network (in my example command above we have attached VLAN 10 to I-SID 10010). Well again, this is partially true. Since we have eliminated the need for VLANs at the edge, you can also assign (or map) a port directly to an I-SID.
Now comes the real beauty:
- It does not have to be the same VLAN on all the edge switches. Again, referring to my network example (see figure below): it could be VLAN 10 on one end, VLAN 101 on second end, VLAN 714 on third end and so forth; but the point is: every VLAN that is mapped to the same I-SID number is part of the same virtual layer 2 network.
- You don’t touch the BCB nodes at all. You only type that simple command at the BEB nodes where you need that layer 2 network.
And so, with four simple commands (one per each edge switch) we have created a layer 2 network that connects all the green users, and in this example, for some reason, they were sitting on different VLANs. Important thing to add here: you can of course automate this in several ways – you don´t even have to type in those CLI commands. You can let the management application or even a RADIUS server send commands to the switches to connect a VLAN or a port to a given virtual network.
In the next part of the ‘Shortest Path Bridging for Beginners’
Moving around SPB – how does traffic get from A to B?
Moving around SPB – how does traffic get from A to B?
Now that we’ve seen how the SPB network topology is built and how we can create multiple virtual layer 2 network on top of it, it’s time to explain how traffic gets from one end-station to another end-station or device of some kind (e.g. a firewall)!
Read More