1 SPB: Habilitamos las redes de campusJorge Arasanz Noviembre 2016
2 Redes de Campus: Retos y NecesidadesEntornos Complejos Alta Disponibilidad Seguridad Rapidez de Provisión “Less is more”
3 SPB: Un ESTÁNDAR para cambiarlo todo – IEEE 802.1aqEthernet + 1Q + STP SPBM Flooding ISIS learning STP Single/Forced/Imposed Topology Optimized, Always Shortest Path. Topology: Mesh, Partial… no matter 4094 VLANs 16M iSID Node by Node Configuration (or legacy/tricky VTP/MVRP) Native Service AutoProvision & AutoDiscovery (ISIS) MACs learnt widely MAC containment Loops NO LOOPS by definition Convergence depends on size (seconds to …) Some 100ms for 1000 nodes BUM traffic impacting the NETWORK BUM traffic tunneled by the NETWORK Transparent Transport L2 (ELAN/VPLS) and L3 (IP-VPN) Services NO traffic Tromboning when topology changes
4 SPB: Plano de Control – ISIS + RFC63291) Definir al menos una BVLAN de topología (4000 y 4001) spb bvlan admin-state enable mac-learning vlan disable spantree vlan admin-state disable 2) SPB-ISIS spb isis bvlan 4000 ect-id 1 spb isis bvlan 4001 ect-id 2 spb isis control-bvlan 4000 spb isis interface port 1/1/25-27 spb isis admin-state enable 3) Cada BackboneBridge (BB) construye su topología mediante ISIS OS6860-1> show spb isis spf bvlan 4000 SPB ISIS Path Table: Destination Outbound Next Hop SPB Num (Name : BMAC) Interface (Name : BMAC) Metric Hops OS : 2c:fa:a2:02:d7: /1/25 OS : 2c:fa:a2:02:d7: OS : 2c:fa:a2:02:e2: /1/25 OS : 2c:fa:a2:02:d7: OS : 2c:fa:a2:11:24: /1/25 OS : 2c:fa:a2:02:d7: OS : 2c:fa:a2:16:b8: /1/26 OS : 2c:fa:a2:16:b8: OS : 2c:fa:a2:16:b8:9f 1/1/25 OS : 2c:fa:a2:02:d7: OS : e8:e7:32:cc:e5:df 1/1/25 OS : 2c:fa:a2:02:d7: OS : e8:e7:32:cc:f2:2d 1/1/25 OS : 2c:fa:a2:02:d7: OS : e8:e7:32:f6:12:fb 1/1/27 OS : e8:e7:32:f6:12:fb OS : e8:e7:32:fa:19: /1/25 OS : 2c:fa:a2:02:d7: SPF Path count: 9 Se establece SIEMPRE EL MISMO camino BIDIRECCIONAL. Nodo a Nodo, si hay varios caminos de igual coste, se desempata. (ECT-ID) Se puede modificar la prioridad para seleccionar un camino distinto (Traffic Engineering)
5 SPB: Plano de Control – ISIS + RFC6329El aprendizaje de MACs en el BackBone es vía ISIS El aprendizaje de MACs de cliente sólo se hace en el Acceso OS6860-1> show mac-learning learning-state vlan Legend: # = BVLAN, learning disabled by default Vlan Learning State # disabled # disabled OS6860-1> show mac-learning domain vlan vlan 4000 Legend: Mac Address: * = address not valid, Mac Address: & = duplicate static address, Domain Vlan/SrvcId[ISId/vnId] Mac Address Type Operation Interface VLAN c:fa:a2:02:d7: bmac bridging /1/25 VLAN c:fa:a2:02:e2: bmac bridging /1/25 VLAN c:fa:a2:11:24: bmac bridging /1/25 VLAN c:fa:a2:16:b8:9f bmac bridging /1/25 VLAN e8:e7:32:cc:e5:df bmac bridging /1/25 VLAN e8:e7:32:cc:f2:2d bmac bridging /1/25 VLAN e8:e7:32:fa:19: bmac bridging /1/25 VLAN c:fa:a2:16:b8: bmac bridging /1/26 VLAN e8:e7:32:f6:12:fb bmac bridging /1/27 Total number of Valid MAC addresses above = 9
6 SPB: Plano de Control – ISIS + RFC6329SAP (Service Access Point) UNI Sub-Interface Asocia Tráfico cliente con un Servicio SPB Service (ISID) Traffic: Todo el tráfico Todo el tráfico sin tag (Nativo) Una VLAN o un rango de VLAN Combinación de VLANs internas/externas en Q-in-Q SDP (Service Delivery Point) NNI Sub-interface Configurado Automáticamente Vincula BEBs Combina BMAC y BVLAN SAP: SAPs are UNI sub-interfaces into services The SAPs are mapped to service instances (ISID or Ethernet VPN). A SAP always maps to a single service, but a given service can accommodate multiple SAPs . Multiple services could be bound to a single SDP for multiplexing service traffic. SDP An SDP in SPBM is a combo of B-MAC and B-VLAN. SDP are dynamically configured. Services are also bound to SDPs. SDPs distribute the service connectivity to other BEBs through shortest path trees. CPE Customer equipment (CE devices) are shown as connected to SAPs on the access ports of the BEBs
7 SPB: Plano de Control – ISIS + RFC6329Todos los nodos intermedios de los SPT aprenden el nuevo servicio – AUTOMATICAMENTE !!! SPB: Plano de Control – ISIS + RFC6329 Auto-Provisión y Auto-Descubrimiento de Servicios Y además creación dinámica y AUTOMATICA de iSID y SAP con Reglas de Clasificación Configurar el iSID (Service ID) Ej.: 1011 Configurar el SAP (Service Access Point) Configurar el iSID (Service ID) Ej.:1011 Configurar el SAP (Service Access Point) OS6860-3> show spb isis services isid 1011 Legend: * indicates locally configured ISID SPB ISIS Services Info: System ISID BVLAN (Name : BMAC) MCAST(T/R) * OS : 2c:fa:a2:16:b8:23 * OS : e8:e7:32:cc:e5:df OS6900-2> show spb isis services isid 1011 Legend: * indicates locally configured ISID SPB ISIS Services Info: System ISID BVLAN (Name : BMAC) MCAST(T/R) OS : 2c:fa:a2:16:b8:23 OS : e8:e7:32:cc:e5:df OS6860-3> show configuration snapshot svcmgr ! SVCMGR: service access port 1/1/13 vlan-xlation enable service 1011 spb isid 1011 bvlan 4000 description "VLAN 11" vlan-xlation enable service 1011 sap port 1/1/13:0
8 SPB: Plano de Control – ISIS + RFC63292) SPB-ISIS 2 caminos posibles (XOR con diferente máscara) spb isis bvlan 4000 ect-id 1 spb isis bvlan 4001 ect-id 2 spb isis control-bvlan 4000 spb isis interface port 1/1/25-27 spb isis admin-state enable :5 :3 :1 :2 4000 4001 :4 OS6860-1> show spb isis spf bvlan 4000 bmac e8:e7:32:cc:e5:df SPB ISIS Path Details: Path Hop Name Path Hop BMAC OS e8:e7:32:cc:e5:df OS c:fa:a2:11:24:87 OS c:fa:a2:02:e2:69 OS c:fa:a2:02:d7:41 OS6860-1> show spb isis spf bvlan 4001 bmac e8:e7:32:cc:e5:df OS e8:e7:32:fa:19:23 (:1,:5,:3) ; (:1,:2,:3) ; (:4,:2,:3)
9 SPB: Plano de Forwarding – IEEE 802.1ahBMAC 00:00:00:00:00:01 -> :1 SPB: Plano de Forwarding – IEEE 802.1ah Servicio AZUL creado Cada trama de los clientes se ENCAPSULA en una NUEVA TRAMA de Backbone TODO está CONTENIDO en el Servicio Los BB no sufren tráfico BUM Cada Servicio puede contener: Ethernet Nativo Trunk 1Q Q-in-Q Payload :AA :BB :4 :6 Payload :AA :BB :BB Payload :AA :BB :4 :6 Payload :AA :BB :4 :6 Payload :AA :BB :4 :6 Payload :AA :BB :AA
10 SPB: Optimización de Multicast. IP Multicast snooping por iSIDGroup Address Host Address Tunnel Address Ingress Intf Egress Intf sap:1/5: sdp:32776:1 sap:1/5: sdp:32776:1 sdp:32776: sap:1/5:10 10005 SAP 1/5:10 ISID 1011 SDP 10005 10006 SDP 10006 SDP 10007 SAP 1/6:20 Head-End 10007 SAP 1/1/3:1000 Habilitando el multicast en el servicio, se evita el flooding en SAPs y SDPs. ->ip multicast service 1011 admin-state enable
11 SPB: Contenedores IoT en Campus UniversitariosAdministration Office Automation Science Lab Library Stadium Dormitory Signage Faculty Student Faculty Faculty Student Classify Authorize Auto Provision Container Quality Security Universal Profile Faculty Profile HVAC System Profile Security Profile Student Profile Automation Lab Profile
12 SPB: Contenedores IoT en Campus UniversitariosAdministration Office Automation Science Lab Library Stadium Dormitory Signage Contenedor Sistema Climatización Faculty Student Faculty Faculty Student Classify Authorize Auto Provision Container Quality Security HVAC System Profile
13 SPB: Contenedores IoT en Campus UniversitariosAdministration Office Automation Science Lab Library Stadium Dormitory Contenedor Sistemas de Seguridad Signage Faculty Student Faculty Faculty Student Classify Authorize Auto Provision Container Quality Security Security Profile Allow SIP video Allow Door lock protocol Drop all other traffic
14 Contenedores IoT: SPB y Redes Programables (SDN)CCTV-IP CCTV-IP Monitoring CCTV-IP IoT Container CCTV-IP Recording System CCTV-IP Updates IoT Container NEW Firmware Upgrade !!!! APP
15 Twitter.com/ALUEnterpriseFollow us on: Twitter.com/ALUEnterprise Facebook.com/ALUEnterprise Youtube.com/user/enterpriseALU Linkedin.com/company/alcatellucententerprise Slideshare.net/Alcatel-Lucent_Enterprise Storify.com/ALUEnterprise Updated November 2013
16 enterprise.alcatel-lucent.com