How to build more complex networks?

In chapters three and four we have learned how to create virtual layer 2 and layer 3 networks in an SPB environment. With that knowledge in mind, we can combine various services to create some more complex solutions. The best way to show this is, as always, with an example.

Let’s assume that we have some servers that have to be in the same subnet, e.g. to support migration of virtual servers (the physical servers might just as well be in the same data center or in different data centers). However, we do not want the users to be in this subnet. Also, let’s assume that their number requires them to be spread across several subnets.

One way to go about it is to create a virtual layer 2 network for the servers and a separate, virtual layer 3 network for the users. To enable users to access the applications on the servers, we need to interconnect said layer 2 and the layer 3 networks. This is simply done by configuring one or more IP interfaces (two, for redundancy) on the layer 2 VSN to connect it to the layer 3 network. In the diagram below, we have configured two IP interfaces on the layer 2 network and attached them to virtual routers R3 and R4, respectively.

If you prefer (or, for some reason, need to), you could instead interconnect both networks on a different set of switches, as shown in the diagram below.

Of course, we can interconnect two or more layer 3 networks to allow some traffic between them as well. A powerful way to illustrate this is to assume a scenario where the physical network is servicing two (or more) different companies and no traffic can be allowed to pass between them. Let’s take a look at the diagram below. For the sake of better clarity, the BCB nodes have been hidden this time.

All we have to do is simply configure two virtual layer 3 networks, the blue and the green (say that the blue one has I-SID 100 and the green one has I-SID 200) – one servicing company A, and the other servicing company B. Being a landlord that has a high bandwidth connection to the Internet via high-capacity wiring, we are offering Internet access and some other services to both organizations. Therefore, we create a third layer 3 network (the red one, with I-SID 300), and then allow the traffic between the red network and the blue network, as well as between the red one and the green one – but without allowing any traffic between the blue one (company A) and the green one (company B).

Obviously, and as stated before, there is no traffic between any of these virtual networks (be it virtual layer 2 or layer 3 networks), as per default. However, the beauty of SPB shines through once again: the simplicity. Allowing and controlling traffic between virtual networks can easily be done without creating complicated access control lists. Essentially, all that we need is just a few simple commands.

First, on the blue router (R4) we write:

These commands instruct the blue router (R4) to accept routing information from the network 300 (red), so it knows where to send the traffic that is destined for the services in or via the red network.

Similarly, in order to instruct the green router (R5) to accept routing information from the network 300 (red), we type in the following:

And finally, in order to allow the two red routers to know about the networks in both blue and green domains, accept routing information from-, and forward traffic to them, we write the following:

(Note: You can also create a list of I-SIDs and do an accept of the list. Makes it more convenient if you have more than a couple of I-SIDs that you want to accept).

Of course, there is a number of other scenarios that can be considered, but I think you can already see the big picture here and understand how you can combine the services in almost every way to build whatever you may wish or need.

In the next part of the ‘Shortest Path Bridging for Beginners’