Fabric Attach

Zero-Touch User and Device Attachment to Extreme’s Fabric Connect Services

Extending Fabric Connect

Extreme’s Fabric Connect delivers an end-to-end virtualized network which reduces complexity and increases agility for network operators. By creating a “zero-touch” core that requires access-only layer provisioning, it minimizes the chance of core network misconfiguration, while enabling simple and secure deployment of any type of network service. All of this can be done without the need for configuration changes on intermediate/core nodes, even in environments where clients roam. However, extending these same capabilities to non-fabric based devices and their connected end-points presents its own challenge.

Enter Fabric Attach

Fabric Attach is a software-based feature that leverages the flexibility and extensibility of Fabric Connect to deliver automation and time-to-service enhancements to non-Fabric devices. Currently being standardized as IEEE 802.1Qcj, Fabric Attach extends the ease of provisioning of Fabric Connect to non-fabric platforms, including ExtremeSwitching, ExtremeWireless and third party devices. It effectively automates the connection to the Fabric Connect environment, enabling end-points to be quickly mapped to the appropriate virtualized Fabric Connect service.

How It Works

Integrating Non-Fabric Switches, APs and UsersWith Fabric Attach, provisioning a non-fabric Ethernet switch or wireless access point (AP) to the Fabric Connect network is as easy as taking the Fabric Attach-enabled switch or AP “out of the box” and physically connecting it to a Fabric Connect-enabled switch. The Fabric Attach device then automatically configures itself with the appropriate management VLAN, preparing itself for the dynamic extension of virtualized fabric services on behalf of its connected end-point devices or users. This can speed the deployment of wired and wireless edge devices to the Fabric Connect environment. Efficiency is gained through automatic negotiation of Fabric Attach client VLAN assignments to switch ports without the need for administrator configuration. In addition, network security is enhanced whereby VLANs automatically created at the time of service instantiation are removed when the service is no longer required, thus reducing any back door-entry points and and the network's attack surface. These functional attributes can be especially valuable at locations where networking skills are at a premium, such as remote offices.

Dynamic Auto-Attach of Users, IoT and VMs to Fabric Connect Virtualized Services

Once the Fabric Attach capable switch or access point is connected to the Fabric Connect network, clients can connect to the network edge and request dynamic service extension and attachment. As users or devices connect, VLANs are dynamically created, port memberships dynamically changed and virtual service attachment is established. The process of user or device connection to a service is ubiquitous whether the user or device is wired or wireless.

Full automation is achieved via a centralized RADIUS server with policy enforcement – such as Extreme Control. ExtremeControl/RADIUS provides the capability for a Fabric Attach enabled switch to provision a local VLAN and map the VLAN to a Fabric Connect service thus enabling the user or device to communicate with the application(s) visible within that service. Leveraging ExtremeControl/RADIUS also provides the benefit of being able to authenticate the user/device and apply a role-based policy that follows the user or device as they connect and disconnect from the network.

Fabric Attach can be deployed on data center Top of Rack (ToR) switches to interwork with hypervisors that support OpenVSwitch to dynamically connect VM applications to a Fabric Connect network service. On the campus side of the network, Fabric Attach capable switches and access points can extend services and attach users and IoT devices to Fabric Connect-based services as they connect.

Secure, Elastic Network Services

Fabric Attach devices and users can take advantage of the inherent security features of the Fabric Connect infrastructure. Each Fabric Connect virtualized service is unique and operates independently end-to-end. Traffic from Fabric Attach devices, users or applications is uniquely tagged to a virtualized service and isolated from other virtualized Fabric services. Furthermore, these virtualized services are used only when needed, and removed when not in service. This ensures a high degree of security for application/user traffic originating from Fabric Attach devices and traversing the Fabric Connect core.