The power of our Fabric Connect technology can be natively extended beyond the traditional Data Center or Campus to any remote or branch locations connected by a WAN service. By extending Fabric Connect natively to the branch, a single technology and operational model can be leveraged end to end, decreasing training requirements and simplifying operations. The purpose of this document is to articulate the top ten values of extending Fabric Connect into your remote or branch offices.
Fabric Extend enables the extension of native Fabric
Connect services to your remote branch locations over
public or private WAN services. Fabric Extend utilizes
VXLAN tunnels to extend Fabric Connect over a private
IP based WAN service or can leverage IPSec encrypted
tunnels to traverse public networks, like the Internet, for
primary or backup WAN services. In this deployment
scenario, the Fabric Connect technology is deployed as an
overlay technology. This ability to work as an underlay as
well as an overlay, leveraging Fabric Extend, is one of the
unique characteristics of this technology. As an overlay,
because the fabric services are agnostic to the service
provider connectivity service, that service can be swapped
very easily if it becomes too expensive or the SLA is not
what was promised.
In addition to interconnecting distributed sites back to the main campus and data center, Fabric Extend can also be leveraged for Data Center interconnect or for connecting fabric islands over an IP infrastructure.
There are many compelling reasons to seamlessly
extend Fabric Connect to your distributed branch
office locations. These include:
1. Rapid time to service for new services/network changes across the distributed network
With the Fabric Connect technology, the network services are abstracted from the underlying Fabric infrastructure. This provides far more agility in extending or changing network services. When Fabric Connect is extended across the wide area to interconnect remote and branch offices, Fabric Connect services can then be seamlessly extended across the network and into distributed locations with ease. Rather than having to provisioning hop by hop to extend a new service across the network, Fabric Connect enables network services to be provisioning at the source and destination edges only. These edge ports can either be co-located in the same building or located across the globe. The network then dynamically establishes the shortest path to interconnect these end points. That means you are rarely reconfiguring core and aggregation switches – which contributes to better stability. Furthermore, due to far fewer touch points, services can be extended very quickly and often without maintenance windows.
2. Single pane of glass management
Having single pane of glass management into the entire end to end network offers significant operational efficiencies. It can reduce training requirements, simplify deployment of new infrastructure and it can dramatically simplify troubleshooting, since you have an in-depth view of an end to end service from a single management application. In addition to common management and reporting end to end, it is also possible to take advantage of consistent policy enforcement and common analytics across the end-to-end Fabric Connect network. Extreme’s Fabric Connect portfolio is managed by the Extreme Management Center suite of applications, with ongoing integration into our ExtremeCloud IQ platform. ExtremeCloud IQ is one of the industry’s most powerful AI/ML driven cloud-based infrastructure management solutions. ExtremeCloud IQ simplifies day to day network operations by enabling all distributed locations to be managed as a simple extension to headquarters through intuitive centralized management. For customers with multiple instances of Extreme Management Center, ExtremeCloud IQ will be able to act as a Manager of Mangers – bringing everything together in a single view. Furthermore, with the integrated AI/ML capabilities to rapidly analyze vast amounts of data, ExtremeCloud IQ can enable very efficient troubleshooting, even allowing potential issues to be identified before they become service impacting.
3. Zero-touch on-boarding of branch infrastructure
Using ExtremeCloud IQ or Extreme Management Center, new fabric-based branch infrastructure can be deployed in minutes, without requiring on-site technical resources. When a new Fabric Connect-enabled switch is booted up and connected to the network, it will automatically register with the ExtremeCloud IQ or the Extreme Management Center through a secure on-boarding service. Once onboarded, devices download their pre-defined templates dynamically and become operational. Through both zero-touch on-boarding and the application of bulk provisioning templates, hundred’s even thousands of branch offices can be brought up quickly and easily, especially when compared to legacy WAN technologies.
4. Simple multi-tenancy and micro-segmentation across the distributed network
With its origins in the service provider space, Fabric Connect offers inherent multi-tenancy and micro-segmentation capabilities. It allows organizations to converge multiple physically separate networks into one converged infrastructure while offering a strong degree of isolation and separation between each of the logical networks. These logical networks or segments are completely isolated from one another and run as ships passing in the night, without any awareness of each other, and without allowing any access in or out, unless otherwise configured. And these networks can be set up very simply across distributed locations with only edge-based provisioning.
For environments where it is desirable to extend multitenancy and/or micro-segmentation to their branch offices for security or compliance purposes, Fabric Connect simplifies the extension of these networks over the WAN through its ability to support many logical networks/ segments within a single VXLAN tunnel. With a 3rd party WAN solution, each logical network or segment would require its own tunnel, creating additional costs as well as complexity. With Fabric Extend only a single WAN service needs to be purchased from the WAN provider (although multiple tunnels are supported), keeping costs low for the organization. Another benefit of leveraging Fabric Extend, is any Layer 3 services extended to the branch are transparent to the WAN operator, therefore, there is no requirement for the service provider network to participate in the customer IP route advertising which enhances both the security and simplicity of the solution.
5. Simplification by reducing distributed firewalls
Managing distributed firewalls is an operational pain point for large enterprises. As firewall technology gets pushed out across the network, the number of firewall policies that must be created and actively maintained grows exponentially. Using Fabric Connect to isolate traffic zones end to end, provides a far simpler, more scalable and less expensive way to segment traffic. Many customers find that as they extend Fabric Connect’s micro-segmentation capabilities to their branch locations, they can significantly reduce the number of firewalls they have distributed across those locations, thereby reducing policy management requirements significantly.
6. Dynamic auto-attach to simplify and secure branch office provisioning
The extension of Fabric Connect to the branch office, enables the use of Fabric Attach to provide dynamic auto-attach capabilities for users and devices that are connecting to the network at the remote location. Fabric Attach also simplifies the deployment of Extreme wireless APs and provides a unified architecture for the wired and wireless environment. However, the main benefit of using Fabric Connect in conjunction with Fabric Attach is service elasticity. Services are extended to the edge when users and devices and applications connect to the network and then retracted as they disconnect from the network. What is unique is when a user disconnects from a switch port and access to the service is no longer required, the residual configuration is automatically deleted on the edge switches. This improves an organization’s security posture by eliminating the risk of a back-door entry point to the network.
7. Resilient branch office connectivity Fabric
Connect provides a load-balanced, resilient network over any physical topology. When extending connectivity to the branch office both active/active or active/stand-by connectivity is supported. In addition, QoS, as well as, the ability to route traffic based on policies is supported to ensure priority of mission critical traffic. Fabric Connect also supports per tunnel shaping which enables quality of experience and reduced latency, when many branch office tunnels are aggregated into a high-speed interface at the headquarter site.
8. Public and private WAN infrastructure connectivity options
Fabric Connect can be extended over both public and private WANs. When the public Internet is used for connectivity, IPSec encryption is supported, offering secure communications between the headquarter locations and the remote offices. The ExtremeAccess Platform supports IPSec encryption natively, while select VSP models support the Fabric IPSec Gateway which is an on-board integrated application that runs alongside the VOSS operating system. Fragmentation and reassembly is also supported for carrying large frames across the public Internet. In addition, WAN compression is also supported enabling higher performance over low speed public WAN links. Furthermore, multiple deployment models are available when connecting a Fabric Connect-enabled device to a firewall at the branch. The fabric-enabled switch can either be configured with a public Internet IP address (and no NAT is performed by the firewall) or the switch is configured with private IP addressing and the firewall performs NAT. In addition, if LTE back- up connectivity is a requirement for the remote office, a third-party LTE router can be deployed in conjunction with the Fabric Connect branch solution.
9. Integrated Application Hosting to reduce disparate devices
Preventing branch office sprawl is a key initiative of many network IT teams. Managing multiple devices at remote offices where local IT staff is either scarce or not present at all, presents challenges. Certain switch models within the Fabric Connect portfolio support integrated application hosting. That means that rather than having a separate disparate appliance to support an application, the application can be hosted within the switch as a separate virtual machine with its own dedicated memory and CPU resources. Within the switches, 10-20 Gig internal ports are used to interconnect the switch operating system to the integrated hosted application. Today, many different applications have been validated on the VSP portfolio including data analytics applications, packet generators, monitoring tools, troubleshooting tools and security applications, including the Fabric IPSec Gateway
10. Simple multicast extension
Supporting highly scalable, highly resilient multicast without complex legacy protocols such as PIM is a key value of the Fabric Connect technology. For organizations that need to extend multicast applications to remote sides, Fabric Extend can do this with unparalleled ease. Leveraging this technology, IP Multicast applications can be extended to the branch office, just as if the branch office users were connected to the central office network. In a traditional WAN architecture, transporting IP Multicast over the WAN is riddled with so many challenges to make the WAN router run PIM, and the WAN operator to offer an IP Multicast capable service, that in practice most organizations decide not to do it.
Fabric Connect is a very powerful technology that can deliver simplicity, automation and security to the underlying network. Extending this technology end to end across the entire network and into remote and branch offices brings significant cost and operational advantage