With 10 years of development under its belt, Fabric Connect offers a rich set of features across its different deployment use cases whether it be Data Center, Campus, Access, or Branch. As many of you have had your Fabric Connect/SPB-M networks in place for a while, revisiting the rich breadth of Fabric Connect key capabilities can ensure you are getting maximum value out of your investment. These capabilities are summarized in our new eBook:
As a preview, this blog is going to look at the top 5 Fabric Connect features that you may not have deployed yet, but that you might find valuable. As a bonus, some of the features might be deployable without cost and even without a software upgrade!
Let’s take a look:
1. Distributed Virtual Routing: If you are looking to better optimize routing, eliminate traffic tromboning and reduce latency within Data Centers that are leveraging virtual machine mobility, you should look at Distributed Virtual Routing. Distributed Virtual Routing, can replace VRRP in the Data Center, providing a simpler, more scalable, and higher performance solution.
Distributed Virtual Routing solves the challenge of having hosts too far away from their default gateway due to stretched VLANs that might span a Data Center or even multiple Data Centers. It provides single hop routing for hosts, by distributing the default gateway function to all top of rack switches that have a presence within a stretched VLAN. What’s key with DVR is that even though the routing is distributed, the provisioning is centralized and conducted only on designated aggregation / core switches. Therefore, you can take advantage of the performance of distributed routing while keeping the network streamlined and simple by centralizing the provisioning.
This feature, which has been successfully deployed in large and small Data Centers, will also play a role in the new campus Fabric Edge solution (more on this later), allowing customers again to replace VRRP or RSMLT for edge Default Gateway routing, as well as, eliminate the need to provision of IP multicast at the network edge (centralizing it to the aggregation/core nodes).
2. Fabric RSPAN: If you are deploying any performance monitoring solutions, IoT discovery / security solutions, VoIP call recording solutions or IDS/IPS solutions, Fabric RSPAN can save you money by eliminating the need to purchase and implement in-line sensors or traffic splitters. Instead, the network can be used to both duplicate the network traffic and sending it to the analyzers and collectors that are deployed as part of these solutions.
In comparison to traditional RSPAN, Fabric RSPAN offers significantly less provisioning (no more manual administration of VLANs across the backbone) and offers more efficient replication of the mirrored traffic. This is because it is sent as Layer 2 multicast traffic and can therefore be replicated to multiple monitoring ports at any location in the Fabric Connect network. We’ve had customers who been able to save a significant amount of their budget by being able to use the network for mirroring rather than deploying external sensors or traffic splitters with their performance monitoring / call recording / security solutions.
3. Fabric IPsec Gateway: If you are looking to leverage less expensive broadband connectivity either as primary or back-up WAN connectivity for your branches, Fabric IPsec Gateway is a feature you might be able to take advantage of. Fabric IPsec Gateway is an on-board integrated application that can run alongside the VOSS operating system on select devices such as VSP 7400 and the VSP 4900. These two products work with the ExtremeAccess Platform 1400 series, which support the IPSec capability natively. For all products that support IPSec encryption over Fabric Extend, fragmentation and reassembly is supported for carrying large frames across the public Internet. In addition, TCP Maximum Segment Size (MSS), WAN compression and per tunnel traffic shaping is also supported enabling higher performance over low speed public WAN links.
4. Zero-Touch Fabric Infrastructure: Zero-touch fabric infrastructure was a major enhancement in the latest VOSS 8.3 release. There are three components to this. Zero-touch on-boarding of VOSS-enabled devices, zero-touch provisioning of Fabric Connect Network to Network Interfaces (NNIs) and zero-touch Fabric Attach.
All these features are enabled through a new functionality on VOSS-enabled switches called auto-sense ports. Auto-sense ports can be thought of as intelligent ports that are able to detect what is being plugged into them and then can apply the right configuration dynamically. If there is a seed switch in the network, the Fabric infrastructure can self-form and self-provision without any manual intervention. And this can happen whether you have 5 new switches, 50 new switches or even 500 new switches. Auto-sense ports also detect when a Fabric Attach enabled device (switch, AP or any other Fabric attach capable device) is connected and enables Fabric Attach Server functionality dynamically.
In addition, once the fabric is established, the VSP switches can dynamically on-board through a secure on-boarding service to either the Extreme Management Center / ExtremeCloud IQ Site Engine and/or the ExtremeCloud IQ – where they will receive an automatically receive an IP address, DHCP and a default gateway, all without any manual configuration.
Watch the video: Cloud-enabled automation
5. Secure, Automated Fabric Edge for NAC-enabled Zero-Trust deployments: The introduction of the Fabric Edge solution in the VOSS 8.3 release running on Extreme’s 5520/5420 Universal switches, allows you to extend Fabric Connect right to the edge of the network, using VOSS-enabled switches. This extension brings about a zero-touch and a zero-trust network edge by combining the automation enabled through auto-sense ports, with both the security and automation enabled by RADIUS or Network Access Control.
In addition to being able to detect and dynamically provision Fabric Connect and Fabric Attach enabled switches and APs, the auto-sense capabilities in VOSS 8.3 also allow the detection of IP phones, IoT devices and client PCs. If RADIUS is configured in the network, these devices are detected, authenticated, and dynamically assigned the right port attributes, VLAN attributes, VLAN-/ISID mappings, as well as, the right ACL/ policy based on their credentials. Furthermore, with the addition of LLDP MED capabilities, if a voice VLAN service is configured globally on the switch, as phones connect to auto-sense enabled ports, that voice service will be dynamically provisioned on the edge switch port.
With the ability to deploy a Fabric Edge solution with very little configuration, plus the ability to support ongoing dynamic moves, adds and changes, it is estimated that we can reduce today’s manual configuration at the edge by about 90%.
The other major benefit is security at the network edge. By authenticating devices, controlling what resources they have access to through both policy and segmentation and eliminating the possibility of a vulnerability due to a configuration error, it helps provide that zero-trust environment that is so critical in today’s complex cyber-security environment.
Watch the video: Design Considerations for Fabric to the Edge – YouTube
Learn more about these features and more by downloading the Fabric Connect Key Capabilities eBook