17.) layer 3 (advanced tcp ip routing)
Download as PPTX, PDF0 likes297 views
The document discusses the features and capabilities of the xos network operating system, highlighting its router-like functionalities and various licenses, protocols, and advanced networking features. It emphasizes aspects such as policy-based routing, multicast capabilities, virtual router redundancy, and security enhancements. Additionally, it outlines the advantages of using xos for efficient routing, managing virtual routers, and supporting scalability in networks.
17.) layer 3 (advanced tcp ip routing)
- 1. XoS “is like a Router” “a very fast Router”
- 2. BusinessValue StrategicAsset Ethernet OS Single software train Fabric Multicasting Network Operating System Design once, leverage everywhere. Why?Why?How?
- 3. Xos Licenses & Feature Packs OSPFv2 OSPFv3 BGP-4, BGP-4+, MBGP MSDP, Anycast RP IS-IS IPv4/IPv6 OSPF-Edge PIM-SM / PIM-SSM PIM-DM ESRP VRRP/VRRPv3 6to4, v6 tunnels EAPS – Full Core Edge Advanced Edge SNMP v1/v2/v3 SSH-2/SCP HTTP / SSL / XML RADIUS / TACACS+ MIBs, RMON LLDP (LLDP MED) SFlow SNTPv4 CFM (802.1ag), Y.1731 Network Login (multiple supplicants) MAC + IP Security IGMP v1,v2,v3 IGMP snooping + filters (IGMP querier) Multicast Vlan Registration (MVR) PIM snooping EAPS-Edge VLANs, vMANs (QinQ), Private VLANs, VLAN Translation DHCP option 82 STP, 802.1D, 802.1w, 802.1s, PVST+ Software Redundant Port 802.3ad trunking, LACP, M-LAG ACLs, QoS, rate limiting CPU DoS protection Port Mirroring («1 to many» support) XOS scripting L2 Ping/Traceroute (802.1ag) L2 Edge RIP v1/v2, RIPng Static routes IPv4/IPv6 Policy-based routing MLAG 6to4, 6in4 tunnels Stacking Universal Port PFC, ETS, DCBx VLAN aggregation BootP Relay, UDP Relay User-created Virtual Routers CLEAR-Flow X430 X460 X440 X770 X670 Direct Attach MPLS OpenFlow AVB 3rd Party Optics Sync Ethernet 10GbE Upgrade License for X440 2 or 4 Ports
- 4. Router Functions • Route updates • Static or Dynamic Routing Information Base (RIB) • Route exchanges with neighbor nodes • Distance Vector or Link State Route selection • Destination address lookup • Filtering Forwarding Information Base(FIB) • Incoming packets • Outgoing packets Packet Forwarding Static Routing Dynamic Routing RIP v1 RIP v2 OSPF2 BGP4 Hello packets discovers neighbors and build adjacencies between them Dijkstra algorithm runs a Link State Database (LSDB) is constructed
- 5. SPF Calculation Link State Database Dijkstra’s (SPF) Algorithm Adjacent Database (Neighbors of X:A,B,C,D) Shortest Paths Forwarding Database (Routing Table) X B A C D E F G H B A C D E G H LSA – Link State Advertise LSU – Link State Update LSR – Link State Request LSAck – Link State Acknowledgement
- 6. Flow Redirect (Policy Based Routing) Forwarding Table 1 2 3 12 Flow Redirect Rules Routing/Forwarding decisions based on custom policies (ACLs) Ability to specify nexthop priority Ability to specify multiple next hops with health-check options Segregate traffic flows based on business demands and operational costs Increase network availability with PBR Redundancy Leverage policy framework knowledge and reduce service delivery time Benefits with ExtremeXOS® Network A Network B Nexthop Priorities Standards based solution for first hop router redundancy – for both IPv4 and IPv6 Enhanced to support multiple logical subnets within a single VRID Default V2 and V3 inter-operability mode: Works right out of the box for mixed deployments Leverage functionality across all ExtremeXOS® based switch portfolio Virtual Router Redundancy Protocol (VRRP) v3 Summit Summit Summit
- 7. Unicast, Broadcast, Multicast Unicast One sender – one receiver Broadcast Sends data to all possible receivers Multicast Sends data to interested receivers VLAN Red VLAN Blue Multicast VLAN Multicast Server Multicast Client Join and Leave Multicast Routing PIM-SM / SSM IGMPv1 / v2 / v3 Snooping IGMP IGMP Multicast Clients Join and Leave Routing Summit Summit Summit Applications of IP Multicast: Pay TV File Transfer Financial Information Vendor Code Serial Number 24 bits 24 bits 00000001 8 bit equal “1” 10111011 11111111 All bits equal “1” 0xFFFFFFFFFFFF
- 8. (up to 64 Virtual Routers) DMZ VOIP Guest WiFi VoIP DMZ WiFi Guest Guest WiFi VoIP Guest WiFi VoIP WiFi VoIP IP or MAC IP or MAC IP or MAC IP or MAC
- 9. Inter-VR Routing Legal Finance VRF1 VRF2 Solution Proposition: Allows for routing of IPv4 unicast packets between Virtual Router via static routes The next hop gateway of a static route may reside in a VLAN belonging to a different VR from the VR of the static route. Value Proposition Provides for efficient routing between VRs which exist on the same switch. Simplifies traffic flow between different user groups that exist on different Virtual Router instances. Inserts Static routes between two VRFs to allow for direct IPV4 connectivity Summit
- 10. Why LSNAT built into your Switch? Allocation of resources to LSNAT instead of Real IP Real IP Virtual IP Real IP Real IP Real Client resources resources resources Vritual resources Avoid IP Exhaustion NAT reuses the port mapping for subsequent packets sent from the same internal IP address to any external IP address and port
- 11. RADIUS Load Balancing Enhancements LAN RADIUS Server 1RADIUS Server XTraditional RADIUS authentication model – Focused on using RADIUS servers for redundancy purposes RADIUS server load balancing model – Uses multiple RADIUS servers to scale and spread across servers
- 12. L4 Networking (Advanced ACLs for Control) Layer 1: Physical Layer 2: Data Link Layer 3: Network Layer 4: Transport Device Identity, User Identity, Virtual Machine Identity, Application Identity, etc… Layer 7: Application Application Transport Network Link Physical Fiber Telnet DNS UDPTCP IP Ethernet Wi-Fi Co-ax HTTP Radio
- 13. XoS supports Wide keyed ACLs 0 ACL enables full classification, including • Ethernet source MAC address, destination MAC address • Ethernet packet type • IP protocol (GRE, ICMP, PIM, OSPF, etc.) • IP Source address, Destination address • Type of Service (ToS) or DiffServ Codepoint • IP options, fragment • TCP / UDP source port, destination port (including ranges) • TCP flags • IGMP message type • ICMP type, ICMP code New fields supported without disruptive upgrades • Full access to first 120 bytes of packet header • Flexible inspection, modification, tagging, monitoring Ethernet Dest (first 4 bytes) Eth Dest Eth Src Eth Src (last 4 bytes) Type Code IP ver LengthIh Identification Fragment OffF TTL Proto Checksum IP Src Address TCP Src Port TCP Dest Port Sequence Number Acknowledgement Number IP Dest Address Off Ec WindowRs Flag Checksum Urgent IP Options (Variable Length) TCP Options (Variable Length) Data (Variable Length) ToS Feature Description Allows to qualify on Wider ACL keys Feature Value ACL match on 362 bit double wide key as opposed to standard 181 bit single wide key including IPv6 src and dst Python Scripting - Leverage the vast mindshare of python to ease native switch automation Scripting support for Python 2.7.3 download and run Python scripts Enhance the load script <script> command to run user(customer) provided Python scripts
- 14. Next Gen IPv6 built-in… Addressing & Security •Stateless Address Auto Configuration (RFC 2462) •Global Unicast Address Format (RFC 3587) •Multinetting •EUI64 •IPv6 Addressing Architecture Compliance (RFC 3513) •Management Access Control •Anomaly Protection •Block Teredo Infrastructure and Management •Path MTU Discovery (RFC 1981) •IPv6 Manageability Support (RFC 2465) •ICMPv6 (RFC 2463) •ICMPv6 Manageability Support (RFC 2466) •SNTP •Ping and Traceroute •Telnet/SSH/DNS •Access Control Lists (Ingress) •Neighbor Discovery for IPv6 (RFC 4861) Routing / Forwarding •Router Discovery •ISIS for IPv6 •Static Routing •Route Sharing •RIPng (RFC 2080) •IPv6 Route Compression •Routing in User VRs •Static ECMP •BGP IPv6 •MLDv1 Network Availability and Transition Methodologies •ESRP •6in4 (aka 6over4, RFC 2893) •6to4 (RFC 3056) Flow Redirect (PBR) Virtual Router Redundancy Protocol (VRRP) v3 Virtual Router Redundancy Protocol (VRRP) v3 IPv6 Flow Redirect Weighted Random Early Detection (WRED) Network Time Protocol (NTP)
- 15. MPLS as a Router Corp - CE Rem 1 - CE Rem 2 - CE Rem 3 - CE DLCI 16 DLCI 16 DLCI 16 DLCI 16 MPLS Layer 3 VPN can make the carrier look like your core router Large carrier router/switch device encompasses many virtual routers for each customer A VRF is created for each customer and the VRF’s interact amongst themselves, turning this … VRF VRF VRF Summit Summit Summit Summit Summit
- 16. BGP – Autonomous System (AS), The Internet is nothing more than a set of interconnected AS’s, each one under a distinct technical administration. iBGP - Used when BGP devices talk amongst themselves within the same Autonomous System (AS). eBGP- Used when BGP devices talk amongst themselves between different Autonomous Systems (AS). Homing ISP Summit ISP #1 ISP #2 Summit B A c Summit Summit Summit iBGP B A Summit Summit eBGP Common header OPEN message NOTIFICATION message UPDATE message
- 17. Page 17 It’s not just about collision (network platform ) Extreme Innovation Education Customer Need How we changed the rules L3 Switching Virtual chassis ACLs Performance under Duress Eliminated Routers Wire speed w/features on LLDP/POE Hard QoS CNA Transparency Voice, Video & Data “ATM-like QoS” Dynamic QoS path wCNA VSRs Clientless NAC XML Interface Insight &Control/ Security CLEAR-Flow Remove bump In-the-line XOS Hitless V Routers Voice Grade Network Availability Modular Extensible Advanced Routing UPM (Dynamic) EAPs QnQ, MacnMac Simplify Leverage repeatability “SONET-like” Services