17.) layer 3 (advanced tcp ip routing)

Point of View Whitebaord

XoS is like a Router

a very fast Router

The very first device that had fundamentally the same functionality as a router does today was the Interface Message Processor (IMP); IMPs were the devices that made up the ARPANET, the first packet network. The idea for a router (called "gateways" at the time) initially came about through an international group of computer networking researchers called the International Network Working Group (INWG). Set up in 1972 as an informal group to consider the technical issues involved in connecting different networks, later that year it became a subcommittee of the International Federation for Information Processing. A router has two stages of operation called planes:

Control plane: A router maintains a routing table that lists which route should be used to forward a data packet, and through which physical interface connection. It does this using internal pre-configured directives, called static routes, or by learning routes using a dynamic routing protocol. Static and dynamic routes are stored in the Routing Information Base (RIB). The control-plane logic then strips the RIB from non essential directives and builds a Forwarding Information Base (FIB) to be used by the forwarding-plane.Forwarding plane: The router forwards data packets between incoming and outgoing interface connections. It routes them to the correct network type using information that the packet header contains. It uses data recorded in the routing table control plane.

In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers, since it knows the address of neighboring network nodes, and it also manages quality of service (QoS), and recognizes and forwards local host domain messages to the Transport layer (layer 4). The data link layer (layer 2) is responsible for media access control, flow control and error checking. The network layer provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host via one or more networks, while maintaining the quality of service functions. Within the service layering semantics of the OSI network architecture, the network layer responds to service requests from the transport layer and issues service requests to the data link layer.

111/13/2016Jeff Greens Point-of-View [email protected]

Business ValueStrategic Asset

Ethernet OS

Single software train FabricMulticastingNetwork Operating SystemXoSPeopleDesign once, leverage everywhere.

Why?Why?

How?

We are recommending a solution by Extreme Networks who delivers the most educationally focused networking solution in the industry and can offer the school/district the best possible advantages for its infrastructure. We are pleased to offer the proposed solution that will support the schools/districts goals, protect the schools/districts learning environment, all while reducing operational costs. ExtremeXOS was designed from the ground up to meet the needs of large cloud and private data centers, service providers, intelligent, converged enterprise edge networks, and everything in between. It provides the high performance and rich features required by these diverse environments. ExtremeXOS provides interfaces and tools to use the network as a programmable development platform. This allows our customers to maximize network utilization, gain critical insights, and innovate rapidly by integrating the network in unique ways.

ExtremeXOS - Network Operating SystemSecure Network Access through role based policy or Identity ManagementAutomated Native Scripting; SOAP/XML APIsStandards-based SDN Support for OpenFlow, OpenStackResilient Modular architecture, memory protected, self-healing, resilient protocols (EAPS, MLAG, FRR, Graceful Restart, TRILL)

In the past, the Eternal network question is, how do you use this technology in building your network. There was a simple principle to follow - Switch where you can, Route where you have to." With a layer 3 switch you dont compromise performance when routing is required. If you have a small network, and all of your devices will be on the same IP subnet, then use a switch. The routing can be accomplished by using a Layer 3 switch, which has routing in the fast path.

2Jeff Greens Point-of-View [email protected]

Xos Licenses & Feature Packs

OSPFv2OSPFv3BGP-4, BGP-4+, MBGP

MSDP, Anycast RPIS-IS IPv4/IPv6

OSPF-EdgePIM-SM / PIM-SSMPIM-DMESRPVRRP/VRRPv36to4, v6 tunnelsEAPS Full

CoreEdgeAdvanced Edge

SNMP v1/v2/v3SSH-2/SCPHTTP / SSL / XML RADIUS / TACACS+MIBs, RMONLLDP (LLDP MED)SFlowSNTPv4CFM (802.1ag), Y.1731

Network Login (multiple supplicants)MAC + IP SecurityIGMP v1,v2,v3IGMP snooping + filters (IGMP querier)Multicast Vlan Registration (MVR)PIM snoopingEAPS-EdgeVLANs, vMANs (QinQ), Private VLANs, VLAN TranslationDHCP option 82STP, 802.1D, 802.1w, 802.1s, PVST+Software Redundant Port802.3ad trunking, LACP, M-LAGACLs, QoS, rate limitingCPU DoS protectionPort Mirroring (1 to many support)XOS scriptingL2 Ping/Traceroute (802.1ag)L2 EdgeRIP v1/v2, RIPngStatic routes IPv4/IPv6Policy-based routingMLAG6to4, 6in4 tunnelsStackingUniversal PortPFC, ETS, DCBxVLAN aggregationBootP Relay, UDP RelayUser-created Virtual RoutersCLEAR-FlowX430X460X440X770X670Direct AttachMPLSOpenFlowAVB3rd Party OpticsSync Ethernet10GbE Upgrade License for X440 2 or 4 Ports

Summit X460-G2 supports sophisticated and intelligent Layer 2 switching, as well as Layer 3 IPv4/IPv6 routing including policy-based switching/routing, Provider Bridges, bidirectional ingress and egress Access Control Lists, and bandwidth control by 8 Kbps granularity both for ingress and egress. The Summit X460-G2 can also be used as a top-of-rack switch for many data center environments with features such as high-density Gigabit Ethernet for concentrated data center environments; XNVTM (ExtremeXOS Network Virtualization) for centralized network-based Virtual Machine (VM) inventory, VM location history and VM provisioning; Direct AttachTM to offload VM switching from servers, thereby improving performance; high-capacity Layer 2/Layer 3 scalability for highly virtualized data centers; and intra-rack and cross-rack stacking with industry-leading flexibility.

To provide scalable network architectures used mainly for Carrier Ethernet network deployment, Summit X460-G2 supports MPLS LSP-based Layer 3 forwarding and Hierarchical VPLS (H-VPLS) for transparent LAN services. With H-VPLS, transparent Layer 3 networks can be extended throughout the Layer 3 network cloud by using a VPLS tunnel between the regional transparent LAN services typically built by Provider Bridges (IEEE 802.1ad) technology1588 Precision Time Protocol (PTP) - Summit X460-G2 offers Boundary Clock (BC), Transparent Clock (TC), and Ordinary Clock (OC) for synchronizing phase and frequency and allowing the network and the connected devices to be synchronized down to microseconds of accuracy over Ethernet connection.Audio Video Bridging (AVB) - The X460-G2 series supports IEEE 802.1 Audio Video Bridging to enable reliable, real-time audio/video transmission over Ethernet. AVB technology delivers the quality of service required for todays high-definition and time-sensitive multimedia streams.

ExtremeXOS is designed from the ground up to provide the high performance and capabilities needed for everything from large cloud and data center applications, service providers, to intelligent, converged enterprise edge networks. Some of the key aspects of ExtremeXOS are resilient architecture and protocols, network virtualization, automation friendly, and standards-based SDN capabilities like OpenFlow and OpenStack Cloud Orchestration. Above all it provides a comprehensive set of security features that protect your applications, traffic, and infrastructure in a proactive manner. If the customer wants to support the 1588 Precision Timing Protocol, then the Timing Feature Pack (16755) is needed. If the customer is only wanting Synchronous Ethernet support, then the Timing Feature Pack is NOT needed.


Router Functions

Static RoutingDynamic RoutingRIP v1RIP v2OSPF2BGP4

Hello packets discovers neighbors and build adjacencies between themDijkstra algorithm runs a Link State Database (LSDB) is constructed

Routers maintain routing tables that they use to route packets from one network to another. When a network uses TCP/IP, each port on a router requires an IP address Allows the router to correctly forward the packet to the appropriate network segment. Routers using link-state protocols must be configured with more memory and processing power. Than those using distance-vector routing protocols. Link-state routing protocols such as OSPF are much more complicated to configure on the routers. Dynamic updates are provided through routing protocols. A router capable of dynamic routing can choose from among the various routes on a network. he router communicates with other dynamic routersTo determine the most efficient route from one point to another on the network

OSPF (Open Shortest Path First) is a link-state type protocol. OSPF uses the Dijkstra algorithm to calculate the shortest path to a specific destination. Characteristics of a link-state routing protocol:Respond quickly to network changes;Send triggered updates when a network change occurs;Send periodic updates, known as link-state refresh, at longer intervals.

Routing Information Protocol (RIP) - The easiest Interior Gateway Protocol to configure is RIPv1. A distance-vector routing protocol that broadcasts entire routing tables to neighbors every 30 secondsRIP uses hop count as its sole metricRIP has a maximum hop count of 15

As a result, RIP does not work in large internetworksRIP is capable of load balancingRIP is susceptible to all the problems normally associated with distance-vector routing protocols

The default metrics for IGRP are bandwidth and delay onlyMetrics that can be configured for IGRPHops: number of routers between source and destination networksLoad: the load on a link in the pathBandwidth: the speed of the link (default)Reliability: measures reliability with a scale of 0 to 255Delay: the delay on the medium (default)MTU: the size of the datagram

Distance-vector routing protocols Hold-down timerAnother common technique used to stop routing loopsAllow a router to place a route in a state where it will not accept any changes to that route

Link-state routing protocolsUse link-state advertisements (LSAs) to inform neighbor routers on the internetworkLSAs contain only the local links for the advertised router


SPF Calculation

Link State Database

Dijkstras (SPF)AlgorithmAdjacent Database(Neighbors of X:A,B,C,D)Shortest PathsForwarding Database(Routing Table)XBACDEFGHBACDEGH

LSA Link State AdvertiseLSU Link State UpdateLSR Link State RequestLSAck Link State Acknowledgement

When topology changes:LSU messages are floodedDatabases are updatedSPF (Dijkstra algorithm) runs againNew Forwarding tables are generated.

Authentication:By default, OSPF has no authenticationTwo authentication methods based on pre shared keys are possible:Simple (password is transmitted in plain text)MD5 (Message Digest authentication MD5 hash)

Resource Starvation Attacks Phantom LSAs are Router/Network LSAs sent on behalf of non-existing OSPF peers. (no need to know the Authentication key)These entries are ignored by the Shortest Path First (SPF) algorithm (do not produce topology changes)Phantom LSAs are entered in the Link State Database and each entry is kept until MaxAge expiresStarvation attacks will work regardless encryption

Resource Starvation Attacks - Memory ImpactBogus LSA's with an arbitrary source take up space in the topology table until the LSA ages out CPU impact LSA's with bogus MD5 passwords invoke the MD5 function Bandwidth impactBogus LSA's and the associated legitimate response traffic could be disruptively high in large, densely populated areas.Bogus link state request packets can saturate a link with requests for nonexistent networks.

Attacks against OSPF - Basically, attacks against OSPF consist on forging Hello, LSA and LSU messages on behalf of authorized hosts, causing:Denial of service and / or Topology changesTopology changes, leads to other threats like Eavesdropping or Man-in-the-middle attack511/13/2016Jeff Greens Point-of-View [email protected]

Flow Redirect (Policy Based Routing)

Forwarding Table

12312Flow Redirect Rules

Routing/Forwarding decisions based on custom policies (ACLs)Ability to specify nexthop priorityAbility to specify multiple next hops with health-check options

Segregate traffic flows based on business demands and operational costsIncrease network availability with PBR RedundancyLeverage policy framework knowledge and reduce service delivery timeBenefits with ExtremeXOSNetwork ANetwork BNexthop Priorities

Standards based solution for first hop router redundancy for both IPv4 and IPv6Enhanced to support multiple logical subnets within a single VRIDDefault V2 and V3 inter-operability mode: Works right out of the box for mixed deploymentsLeverage functionality across all ExtremeXOS based switch portfolioVirtual Router Redundancy Protocol (VRRP) v3

Summit

Summit

Summit

Route maps are much like the If . . . Then . . . statements of many programming languages. If a certain condition is true, then do something. Route maps enable you to define routing policy that will be considered before the router examines its forwarding table; therefore, you can define routing policy that takes precedence over the different route processes. This is why route maps are some of the most powerful commands you can use on a router. Policy-based routing may also be based on the size of the packet, the protocol of the payload, or other information available in a packet header or payload. This permits routing of packets originating from different sources to different networks even when the destinations are the same and can be useful when interconnecting several private networks.

Perhaps one of the most colorful descriptions for route maps is that route maps are like duct tape for the networknot necessarily because they can be used to fix or mend something broken, but because they can be applied to numerous situations to address many issues. At times, they may not be the most pretty solutions, but they will be very effective. After you learn to configure and use route maps, you will soon see why some engineers refer to them as route tape. In policy-based routing (PBR), for instance, you may use a route map when traffic has to follow a particular path through the internetwork. This path may differ from the path the routing protocol wants to forward traffic on. PBR, along with route maps, enables the network engineer to essentially override the route table and influence which way traffic flows. You also can apply route maps in a number of ways. The following list contains some of the more common and powerful applications of route maps:Route filtering during redistribution between routing protocolsRoute control and attribute modification on BGP neighborsRoute metric modification or tagging during redistribution between routing protocolsPolicy-based routing (PBR)

Route maps are one of most powerful features you can use on a router. You can use them during redistribution, in PBR, in BGP, and in many other scenarios. This lab gives you practice in configuring complex route maps that will be used during redistribution. You then practice setting and using route tags.611/13/2016Jeff Greens Point-of-View [email protected]

Unicast, Broadcast, MulticastUnicastOne sender one receiver BroadcastSends data to all possible receivers

MulticastSends data to interested receivers

VLAN Red

VLAN Blue

Multicast VLANMulticast ServerMulticast ClientJoin and Leave

Multicast RoutingPIM-SM / SSM IGMPv1 / v2 / v3 SnoopingIGMPIGMP

Multicast ClientsJoin and LeaveRouting

Summit

Summit

Summit

Applications of IP Multicast: Pay TVFile Transfer Financial Information Vendor CodeSerial Number24 bits 24 bits 000000018 bit equal 1 10111011

11111111All bits equal 1 0xFFFFFFFFFFFF

Page 7Features recently deliveredIGMPv3 (ExtremeXOS 11.2)PIM Snooping (ExtremeWare i 7.3 )Static Multicast Routes (ExtremeWare e + i 7.3)PIM-SSM (ExtremeXOS 11.4)MVR (ExtremeXOS 11.4)Features in developmentStatic Multicast Routes (ExtremeXOS 9/2006)MSDP (ExtremeXOS 1/2007) MBGP and Anycast-RP (ExtremeXOS 5/2007)Enhanced MIBs: IP-Multicast, IGMP, PIM (ExtremeWare e +i + XOS 5/2007)PIM Snooping (ExtremeXOS in 2007)

Jeff Greens Point-of-View [email protected]

(up to 64 Virtual Routers)

DMZ

VOIPGuestWiFiVoIPDMZ

WiFi

GuestGuestWiFiVoIP

GuestWiFiVoIP

WiFiVoIP

IP or MAC

IP or MAC

IP or MAC

IP or MAC

What happens if the switch crashes? Whatever the reason -- a process that went died, or maybe an external attack on the switch itself -- the result is that any user attached to that particular switch is now isolated from the network and has to wait until the switch recovers from the crash, is rebooted, or replaced. Now lets take a look at what happens in a Layer 3 Virtual Switch environment like the one supported today on Extreme Networks Summit X460. In this case, as with any other Layer-3 switch, the Layer-1 and Layer-2 portions of the architecture are fairly similar. When we go up to the Layer-3 section, however, you can see that we now have segregated Layer-3 instances.

S-Series VRFs (2GB modules only)256 static VRFs total up from 128128 dynamic VRFs up from 64

Each Layer-3 instance has its own routing table and resources. Given this architecture, what would happen in the case of, for example, an attack is launched on the blue Layer-3 Virtual Switch. When the attack strikes, or a process goes awry, the blue Layer-3 Virtual Switch will naturally crash. That crash, though, will not affect users connected to other Layer 3 Virtual Switch instances, even though they reside on the same Summit X460. You can see the pink, yellow, and green Layer-3 Virtual Switches are still up and running and forwarding traffic. So the only affected users are the users connected to the blue Virtual Switch. This VR feature delivers basic service isolation through separate L2 and L3 tables. In the conversations on a switch, the L2 switching of traffic is based on the mac address and the L3 switching is based on the IP address of the devices. L3 Switches are both learning bridges and routers which build tables for each port, they learn the mac or IP addresses of devices on each port. Using these tables, it can move traffic

If this is still a little bit hazy, you can think about Layer-3 Virtual Switches as separate physical routers housed in a single physical enclosure. Instead of having a separate router somewhere out there to support a particular application or particular interface, what we have done is taken that router, virtualized it, and put it in a physical enclosure. The only difference is that we can do that with multiple routing instances. Of course, in order to do this, we must also guarantee that these virtual routers are isolated from each other, and that they have their own routing table.


Inter-VR Routing

Legal

Finance

VRF1VRF2Solution Proposition: Allows for routing of IPv4 unicast packets between Virtual Router via static routesThe next hop gateway of a static route may reside in a VLAN belonging to a different VR from the VR of the static route. Value PropositionProvides for efficient routing between VRs which exist on the same switch. Simplifies traffic flow between different user groups that exist on different Virtual Router instances.

Inserts Static routes between two VRFs to allow for direct IPV4 connectivity

Summit

This document serves as a short functional description of the implementation of Inter-VR Routing for IPv4 Unicast Static Routes within EXOS. Allows for routing of IPv4 unicast packets between Virtual Routers via static routes. This is referred to as Inter-VR Routing. The next hop gateway of a static route may reside in a Virtual LAN belonging to a different Virtual Router from the Virtual Router of the static route.Inter-VR routing is supported for hardware forwarding and software forwarding of IPv4 unicast packets, including Equal-Cost Multi-Path (ECMP).

Solution Proposition: Allows customers to tunnel Layer 2 traffic across a Service Provider core network without being processed by intermediate network devices. This can be any port on a VLAN, VMAN, VPLS or VPWS. Provides the capability to configure CoS for tunneled PDUsLayer 2 PDU filtering can be used to specify Layer 2 PDUS that can be dropped at the ingress interface of an edge switch.

Value Proposition L2PT allows service providers to carry traffic from multiple customers across a core network and maintain the VLAN and L2 protocol configuration of each customer without impacting the traffic of other customers. Allows for the create a single L2 domaiin (Example STP domain) between different sites across a service provider network. Provides an enhanced feature set for service providers that transmit customer VLAN traffic from metro Ethernet VPNs across an MPLS core network. Virtual Routers (VRs) allow for separate L3 routing domains. Each VR has its own routing table. However, in some scenarios there is a need for communication between these isolated L3 routing domains in a controlled way. For example, a university might decide to separate L3 traffic on a per-department basis. But there is a need for each department to access certain services provided by the payroll department. This can be achieved if routes related to those payroll services were installed in other departments route tables with the next hop interface corresponding to the payroll departments VR. Similar use-cases exist for datacenter markets as well. VR here implies any Routable VR, and as such includes Default VR, User VRs, VPN-VRFs, and Non-VPN VRFs. This feature supports IPv4 Inter-VR Routing via static routes.

. 9Jeff Greens Point-of-View [email protected]

Why LSNAT built into your Switch? Allocation of resources to LSNAT instead of Real IP

Real IPVirtual IPReal IPReal IP

Real Client

resourcesresourcesresourcesVritual resourcesAvoid IP ExhaustionNAT reuses the port mapping for subsequent packets sent from the same internal IP address to any external IP address and port

LSNAT offers an efficient method of improving the performance, reliability and security of a network, however it does have its limitations and shouldnt be considered a long-term solution to the depletion of IP addresses, a view that the creators of LSNAT expressed themselves. Due to the exponential growth in the size of the Internet, the Internet community is being faced by an increasing number of problems, which include; network bottlenecks, overloaded servers generating and sending corrupted data, and the depletion of IP addresses. In a world where consumers expect fast and reliable network connections there was a need to devise a method to increase the performance, reliability and security of networks, hence the development of LSNAT in August 1998. The basic operation of LSNAT is as follows, servers are grouped into server pools based on having some common functionality. The router operating LSNAT has a virtual IP address and port number which it can translate to any of the server IP addresses and port number in the server pool based on some load sharing algorithm such as round-robin.

As incoming connections to the network are not all mapped to a single machine both the network performance and reliability is increased. An added bonus is that external computers dont have access to the IP addresses and port numbers of individual network servers and so it provides some security. There are of course limitations to the LSNAT approach, which will be discussed in due course.The need for load sharing arises when a single server is not able to cope with the demand for multiple sessions simultaneously. The problem of Load sharing goes back many years, and a variety of techniques have been applied to address the problem. Some of these approaches are very ad-hoc and platform specific as well as having the problems that reordering time periods can be very large on the order of minutes and does not reflect real-time load variations on the servers.Another problem is that all hosts in the server pool are assumed to have equal capability to offer all services, which may not be the case. In addition, there may only be a need to support load balancing for a few specific services e.g. Telnet sessions but not for all network services. The LSNAT approach addresses both these concerns and offers a solution that does not require changes to clients or servers and one that can be tailored to individual services or for all services.


RADIUS Load Balancing Enhancements

LAN

RADIUS Server 1RADIUS Server X

Traditional RADIUS authentication model Focused on using RADIUS servers for redundancy purposes

RADIUS server load balancing model Uses multiple RADIUS servers to scale and spread across servers

Algorithms:Standard Back-Off/Round RobinTraditional redundant model uses primary until not avialbleRound Robin Load sharing model spreads across servers

Traditional model - secondary servers are only used when the primary server is unreachable. LB model - large numbers of authentications can be spread across the servers


L4 Networking(Advanced ACLs for Control)

Layer 1: Physical

Layer 2: Data Link

Layer 3: Network

Layer 4: TransportDevice Identity, User Identity, Virtual Machine Identity, Application Identity, etcLayer 7: ApplicationApplicationTransportNetworkLinkPhysical

FiberTelnetDNSUDPTCPIPEthernetWi-FiCo-axHTTPRadio

Smart Connectivity for the Enterprise: There is a fundamental shift in the Enterprise market to move away from a static infrastructure where users, devices and applications are locked to physical cubes, wiring closets, and server racks. Smart connectivity removes these physical barriers and takes advantage of the expanding mobility of these users, devices and applications to make an interactive network available to deliver the best "user experience" for:

Network managers Beyond the Static Network: User, Device, Location and Presence Awareness Extreme Networks moves beyond the traditional static network, enabling smart enterprises to proactively manage their business operations, maintain business continuity, and enhance user productivity and IT manageability while applying on-demand network performance for business critical applications. As a result, Extreme Networks delivers unprecedented network visibility, mobility, and control that enable businesses to successfully deploy a converged, smarter network that enables network awareness of users, devices, applications, location and presence through transparent authentication, role-based access control, automation, and zero-touch configuration. The next generation of network intelligence is embedded within Extreme Networks smart enterprise solutions to achieve plug-and-play, resilient, and secure connectivity at lower cost of ownership.

Proactive Network Management With Extreme Networks open standards architecture, businesses can easily and safely interoperate with any vendors edge switches, allowing them to easily migrate to the next-generation converged network and make the choice to move from reactive management of their business operations to proactive management for the best user experience today, while preparing for the demanding requirements of the future. Extreme Networks provides smart enterprise solutions to help businesses move to the next level of network awareness.

What will we possibly do with all the new bandwidth? That sounds like a legitimate question, If immediate needs were technology's guiding lights, we would all still be in the Stone Ages. Sometimes necessity is indeed the mother of invention, but inventions can create newer necessities and propel needs to newer heights. Metcalfe's dream for Ethernet was driven by the belief that if you build it, they will come. And that includes the needs themselves. Metcalfe said last year he wants to "help shape a road map" to Terabit Ethernet, because "we're going to get there anyway." As we move further into the paradigm of cloud computing, where computing power and storage will gradually move to the center of the network, it becomes necessary that the network be fast enough to meet the needs of this new, highly distributed model. The aspiration of "the network being the computer" can only become real if the network is as fast as the computer, if not faster. The possibilities are endless for applications that Terabit Ethernet would influence, with one obvious example being high-definition Web/video conferencing tools from the desktop. 1211/13/2016Jeff Greens Point-of-View [email protected]

XoS supports Wide keyed ACLs0

Feature DescriptionAllows to qualify on Wider ACL keys

Feature ValueACL match on 362 bit double wide key as opposed to standard 181 bit single wide key including IPv6 src and dst

Python Scripting - Leverage the vast mindshare of python to ease native switch automation

Scripting support for Python 2.7.3download and run Python scriptsEnhance the load script command to run user(customer) provided Python scripts

Python scripting support will allow customers to provide extensive scripting capability to automate repetitive tasks, filter log events and fire off scripts, diagnose and troubleshoot network issues and customized scripting solve their specific use-cases in their network environments. Allow bridging of frames belonging to different VLANs that have been trunked by third party equipment. As depicted below, X will send frames from vlan (CVID) 10, 11 and 12 without doing local switching to the IXP. The IXP then does the switching between those VLANs for X as well as normal forwarding of those frames. In addition, it also forwards those frames to the third party network on the right with the right VLAN IDs. The IXP network can include L2VPN (VPLS/VPWS), and EAPS

Python v2.7.3 - Built in Python Shell. There are many open source .py scripts already available in the public domain which with small tweaks can be ported to EXOS

EXOS Python Modules:CLI Supports expect like interactive mode to interface with EXOS CLISockets Raw (EXPKT), IPLogs - EMS Trace BuffersProcess Management EPMSession Management - AAATwo ways to run Python: Run to completion CLI scripts (EXOS 15.6.1)On Demand or Event Triggered (e.g.: run script woL.py, via UPM)Native Application (EXOS 15.7.1)Start Modes: on-demand, persistentEPM Managed : Ability to Start, Stop, Re-start, show, etc. Python Apps


Next Gen IPv6 built-inFlow Redirect (PBR)Virtual Router Redundancy Protocol (VRRP) v3

Virtual Router Redundancy Protocol (VRRP) v3IPv6 Flow RedirectWeighted Random Early Detection (WRED)Network Time Protocol (NTP)

Networking & Mgmt, IPv6, Next Gen Network, With IPv6, everything from appliances to automobiles can be interconnected. But an increased number of IT addresses isn't the only advantage of IPv6 over IPv4. In honor of World IPv6 Day, here are six more good reasons to make sure your hardware, software, and services support IPv6. IPv6 offers improved network intelligence and a considerable number of new capabilities over IPv4. However, there are specific challenges whether choosing to actively participate in the transition to IPv6 or holding off to further evaluate...

More Efficient Routing - IPv6 reduces the size of routing tables and makes routing more efficient and hierarchical. IPv6 allows ISPs to aggregate the prefixes of their customers' networks into a single prefix and announce this one prefix to the IPv6 Internet. In addition, in IPv6 networks, fragmentation is handled by the source device, rather than the router, using a protocol for discovery of the path's maximum transmission unit (MTU).More Efficient Packet Processing - IPv6's simplified packet header makes packet processing more efficient. Compared with IPv4, IPv6 contains no IP-level checksum, so the checksum does not need to be recalculated at every router hop. Getting rid of the IP-level checksum was possible because most link-layer technologies already contain checksum and error-control capabilities. In addition, most transport layers, which handle end-to-end connectivity, have a checksum that enables error detection.Directed Data Flows - IPv6 supports multicast rather than broadcast. Multicast allows bandwidth-intensive packet flows (like multimedia streams) to be sent to multiple destinations simultaneously, saving network bandwidth. Disinterested hosts no longer must process broadcast packets. In addition, the IPv6 header has a new field, named Flow Label, that can identify packets belonging to the same flow.Simplified Network Configuration - Address auto-configuration (address assignment) is built in to IPv6. A router will send the prefix of the local link in its router advertisements. A host can generate its own IP address by appending its link-layer (MAC) address, converted into Extended Universal Identifier (EUI) 64-bit format, to the 64 bits of the local link prefix14Jeff Greens Point-of-View [email protected]

MPLS as a Router

Corp - CERem 1 - CERem 2 - CERem 3 - CE

DLCI 16DLCI 16DLCI 16

DLCI 16

MPLS Layer 3 VPN can make the carrier look like your core routerLarge carrier router/switch device encompasses many virtual routers for each customerA VRF is created for each customer and the VRFs interact amongst themselves, turning this

VRFVRFVRF

Summit

Summit

Summit

Summit

Summit

Extreme would be a great fit for an XYZ Account branch office deployment. Per our conversation, the MPLS carrier will look like the XYZ Account core router, while the Summit Switches at the remote locations will deliver a simple event-driven edge. Sure, this is an oversimplification of a very complex arrangement but the important thing to remember is that the MLPS networks will allow for very simple devices to be deployed across the edge of the network because devices have no idea that MPLS and all its nuances (VRF, RD, etc) exist. In addition, Extreme will extend this simplification to the provisioning of devices at the XYZ Account remote locations. To simplify device configuration,

I recommend that XYZ Account take advantage of UPM. Put simply UPM will allow XYZ Account to do more with less. XYZ Account can reduce acquisition costs by way of one common hardware and software platform. Extremes Summit switch line offers 10/100 alternatives where Gigabit speeds (and prices) are overkill without sacrificing the advanced feature set normally associated with gigabit switches. Summit provides chassis-like management and availability with distributed Layer 2 and Layer 3 switching, link aggregation across the stack and distributed uplinks. The Summit switch can be stacked together, with switches letting XYZ Account deploy the switch best suited for its network requirements.

Multi-Protocol Label Switching - A type of carrier backbone for switching traffic - Multi-Protocol Label Switching -Allows the carrier to maintain an all-IP backbone for themselves, simplifying management and support. Can be less expensive than traditional Frame Relay networks that use ATM backbones. Allows the burden of core routing and connectivity to be placed on the carrier network, as opposed to the customer. A number of new words to learn

VRF Virtual Routing and ForwardingA fully functional virtual router running within the confines of a real and large routerCapable of doing everything a standalone router does but is purely a logical construct within the larger deviceRD Route Distinguisher - A tag that is pre-pended to all the routes learned from the customer, so they can be separately identified or distinguished from routes learned from other customers


BGP Autonomous System (AS),The Internet is nothing more than a set of interconnected ASs, each one under a distinct technical administration.iBGP - Used when BGP devices talk amongst themselves within the same Autonomous System (AS).eBGP- Used when BGP devices talk amongst themselves between different Autonomous Systems (AS).

Homing

ISP

Summit

ISP #1

ISP #2

Summit

BA

c

Summit

Summit

Summit iBGP

BA

Summit

Summit eBGP

Common headerOPEN messageNOTIFICATION messageUPDATE message

BGP is the protocol that glues all those ASs forming a huge net that should work well even under actions of thousands of administrators from allover the world. No matter what routing protocol you choose, they are going to turn it into BGP in the core anyway If you choose some other method, they might accommodate you from the perspective of the CE-PE relationship. But at the PE, they will redistribute your routes into a BGP process by allowing you to use something other than BGP, theyre making extra work for themselves and consuming resources that could be allocated to serving additional customers

BGP characteristics:BGP is a distance vector protocol . Current version is v4, according to RFC 1771.Network prefixes are announced with a list of the ASs that are in the path to reach such prefixes.Internal topology of the AS doesnt matter, but only information on how to reach the prefixes (AS path and next hop)

It really depends on what the individual carrier has chosen to support and offer as an option to the customer. Can also be influenced by how large the customer network will be? 10 nodes or 10,000 nodes? So why not use the others? Static Routes - Must be hand coded every time - Can be error prone - If the network is large, can get extremely time consuming for the carrier to maintain. If a remote adds a new LAN segment, there is no dynamic nature. New subnets must be added by hand, which means they will be unreachable until that occurs. Depending on the carriers procedures, that time could be measured in weeks/months. RIP Routing. Updates every 30 seconds can be considered chatty depending on how the rest of the network is configured. Would require more resources on the PE device RAM CPU. The more customers that want to do this, the more instances of RIP would be running, consuming more resources. Even more chattiness. Even more RAM and CPU cyclesOSPF - Less chatty hello timers can be adjusted and full table updates are only sent every 45 minutes. OSPF would require considerably more resources on the PE device . RAM OSPF has multiple table types to keep up with CPU OSPF algorithm is very CPU intensive. The more customers that want to do this, the more instances of OSPF would be running, consuming more resources . Even more chattiness -Substantially more RAM and CPU cycles


Page 17Its not just about collision (network platform )

ExtremeInnovationEducation Customer NeedHow we changed the rulesL3 SwitchingVirtual chassisACLsPerformance under DuressEliminated Routers

Wire speed w/features onLLDP/POEHard QoSCNATransparency Voice, Video & DataATM-like QoS

Dynamic QoS path wCNA

VSRsClientless NACXML InterfaceInsight &Control/ Security CLEAR-Flow

Remove bumpIn-the-lineXOSHitlessV RoutersVoice GradeNetwork AvailabilityModular Extensible

AdvancedRoutingUPM (Dynamic)EAPsQnQ, MacnMacSimplifyLeverage repeatability

SONET-likeServices

Jeff Green 248-521-759311/13/2016Page 17

XYZ Customer Bandwidth is critical, but latency is king: "If you don't have a low-latency core network, then you have the wrong foundation for the rest of the kingdom," says Whiteley. Low latency is vital for switching applications efficiently and for real-time disk mirroring and other data protection and fail-over technologies. To get low latency, large organizations have gone to semi proprietary technologies, such as InfiniBand inside the data center, low-latency, high-bandwidth Ethernet that is attractive inside the data center.

Intelligence at the XYZ Customer edge means value. Intelligence at the core means complexity: The second most important issue in the core network is reliability. Core networks are designed with modularity, session fail-over and clustering, and they are built with proven, highly reliable equipment that, like Ciena, often comes out of the carrier marketplace. However, many things, such as extra intelligence, that are important in the edge network just add problems in the core.

XYZ Customer Scalability is vital as core traffic grows 100% a year: "Best practice is to use a platform with plenty of headroom," Whiteley says. "Cisco has done well designing the Catalyst 6500 switches to allow users to upgrade the backplane by adding more bandwidth and switch capability. But some large organizations are reaching the limits of the Catalyst 6500. For them, he suggests looking at load-balanced switch clusters. These give 100% capability increases for each new box added, rather than the 50% that is normal without load balancing.

The evolution of traffic characteristics: Traditionally. most traffic was unicast, point-to-point, from one user or server to one other. Video-over-IP has introduced multicast -- one origin point to multiple end points. A typical video conference may be from one central point to eight or more corporate locations.

Managing for efficiency: Traditionally, core networks were architected on a static model. "You install a bunch of boxes and bring in a certified engineer or consultant to do all the black-art, command-line interfacing, and the network was done. Management tools were always an afterthought of the vendors, almost a marketing effort after the hardware was built and almost ready to go to market," Whiteley says.

Jeff Greens Point-of-View [email protected]