So far, we have mostly talked about things that are based on the open IEEE 802.1Q standard which only defines virtual layer 2 networks. However, almost every network also needs routing, and routing operates at layer 3, where packets are sent to a specific next-hop IP address, based on destination IP address. Let’s see how this is handled in an SPB network!
Routing or, more precisely, the capability to divide the network into separate IP subnets and route the traffic between them (and to external networks), is essential for pretty much every case. Normally, it can be done by having some external routers and/or firewalls. But that seems like a bit of a hassle, doesn’t it? Wouldn’t it be extremely convenient to be able to just build virtual layer 3 networks (preferably many of them) on an SPB network, just like we can create virtual layer 2 networks?
Extreme Networks is offering a powerful extension to Shortest Path Bridging. I’d like to stress the word “extension”, as it doesn’t make those SPB solutions proprietary. I remember that back in the old days, there was a lot of discussions on where to route. Depending on the strength (and weakness) of their solutions, some vendors would say “you should route everywhere”. Others, on the other hand, would suggest you to “switch where you can, and route where you must”. With the virtual layer 3 capabilities offered by the aforementioned SPB extensions, this discussion no longer has a point: you can route wherever it suits your needs!
Introducing Virtual Routing and Forwarding
The way we build a virtual layer 3 network in SPB is very much similar to the way we build a layer 2 network. In the previous article I have demonstrated that a layer 2 network is built by associating two or more VLANs (VLANs that “sit” outside the SPB network and are terminated at the edge nodes, the BEBs) to an I-SID (a virtual network identifier). To build virtual layer 3 networks, instead of associating VLANs to an I-SID, we associate Virtual Routing and Forwarding instances (VRFs) to an I-SID. Consider the diagram below.
All the VRFs that are associated with the I-SID 1001 form a virtual layer 3 network and the hosts connected to its various subnets can communicate with each other. This means that the virtual routers R1, R2, R3, and R4 are all part of our virtual layer 3 network, and we instruct them to exchange information of the directly attached subnets. And, as you have probably already guessed, the exchange of this network information is handled by IS-IS. No need for OSFP, or RIP, or any other routing protocol!
This virtual layer 3 network (or, as we can call it, an IPVPN) is created with just a few commands. And again: you only configure the switches where you want to attach the service. As in our example above, you only configure the switches where you need to put the blue virtual routers. There could be hundreds of nodes between R1 (BEB1) and R2 (BEB4), but you do not have to touch them. Quite powerful, isn’t it? And the end result: hosts and devices on subnets 1, 2, 3, 4, 5, and 6 can communicate as they would normally do in any routed network.
What specific benefits does Extreme Fabric Connect bring to your organization? Watch our Fantastic Fabric show!
What happens when we need to route traffic between subnets?
Let’s assume that PC11 on subnet 1 needs to send something to server S1 on subnet 6. As we already know from normal IP routing, PC11 will encapsulate the IP packet in an Ethernet frame and send it to its default gateway (R1). R1 will then strip off the Ethernet frame and look at the destination IP address; having learned that subnet 6 is connected to R4, it will in turn encapsulate the IP packet in an Ethernet frame that is addressed to R4 and hand it off to “its own” BEB node (BEB1). BEB1 knows that R4 is on BEB4, so it will handle the MAC-in-MAC encapsulation with the MAC address of BEB4 as the destination address, set I-SID to 1001, and send it out on the port that is on the shortest path to BEB4.
Just like with virtual layer 2 networks, which we discussed previously, all the switches that are on the shortest path will only look at the destination MAC address and forward the frame. It means that eventually (or, should I say, in a few tens of microseconds) the packet will arrive at BEB4. By looking at the I-SID, BEB4 will know that the received frame is for virtual router R4 (of course, there could be more virtual networks configured on BEB4). It will then strip off the SPB MAC frame and hand over the original Ethernet frame to R4, which will then route the packet to S1, using the same mechanism as in normal routing.
But what if we want to communicate with other, non-SPB networks?
Well, it’s quite simple. We connect whatever we need to integrate with to a subnet that is “hanging off” of one (or more) of our virtual routers. And with a few simple commands we can instruct the virtual (SPB) router to redistribute the routing information it gets from this external device. To illustrate this, let’s take a look at the diagram below.
We have connected a WAN router (or firewall) of some kind to our virtual router R4. We could configure static routing between R4 and the WAN router, or we could use OSFP, or RIP, or BGP. No matter what we are using, we tell R4 to redistribute whatever information it learns from the WAN router into our virtual layer 3 network. IS-IS will then distribute this information to R1, R2, and R3 so they will know that these networks are reached via the R4 router. And vice versa, R4 will also inform the WAN router about the networks that can be reached through it (though, route policies may apply).
In the next part of the ‘Shortest Path Bridging for Beginners’
