Fabric Extend over an MPLS IP-VPN provider WAN
Fabric Extend over an MPLS Virtual Private LAN Service (VPLS) or Provider Backbone Bridging (PBB) Ethernet LAN (ELAN) provider network
Fabric Extend over an IP campus network
Fabric Extend over an MPLS Pseudo-Wire or Ethernet Virtual Private Line (E-Line) provider network
Fabric Extend over IPsec
The most common Fabric Extend deployment is a hub and spoke topology that connects the Main office over a service provider‘s MPLS IP VPN to multiple Branch offices. The following figure illustrates how the hub device on the main site establishes virtual tunnels with all of the spoke devices in the same domain. In this scenario, the traffic flows are bidirectional: from hub-to-spoke and spoke-to-hub.
Note
If Fabric Extend with IPsec or fragmentation and reassembly is a requirement, depending on your requirements, you can use a mix of VSP 7400 Series, VSP 4900 Series, or 5720 Series with Fabric IPsec Gateway and XA1400 Series at the main and branch sites.
Where the preceding hub and spoke deployment is over a Layer 3 MPLS IP-VPN, the following VPLS deployment is over a Layer 2 segment. This type of hub and spoke deployment extends the fabric over an MPLS Virtual Private LAN Service (VPLS) or Provider Backbone Bridging (PBB) Ethernet LAN (E-LINE) network. In this scenario, the SPB nodes are connected with a point-to-point Ethernet link.
Some customers do not want to migrate their infrastructures to SPB immediately. They want to keep their existing IP core network and deploy SPB on the edge. In this scenario, Fabric Extend supports a fabric overlay on top of the existing campus infrastructure.
The following hub and spoke deployment over an MPLS Pseudowire or Ethernet Virtual Private Line (E-Line) uses service provider VLAN tunnels. Because you can map many (VID, port/mlt list) sets to an I-SID, this gives Service Providers the flexibility to let more than one customer use the same VLAN with different I-SIDs.
Note
The VSP 4450 Series switches in this type of deployment do not require an ONA because the tunnels are point-to-point VLAN connections, not VXLAN. Therefore, there is no need for an ONA to encapsulate a VXLAN header to SPB packets.
The following figure illustrates how two dedicated Backbone VLAN IDs (B-VIDs) are mapped from the hub to spoke sites. Logical IS-IS interfaces translate the B-VIDs and maps them to each of the branch provider VIDs.
For a detailed configuration example showing logical interfaces using B-VID translation to two different logical VLAN IDs, see Shortest Path Bridging (802.1aq) Technical Configuration Guide.
The Fabric Extend over IPsec hub and remote deployment uses service provider VLAN tunnels and IPsec to provide permanent connections between locations. It is best used for site-to-site connections, such as connecting remote sites to the core network. Because IPsec works at the network layer, this type of configuration is not limited or dedicated to a particular application.
Note
FE over IPsec connectivity requires an XA1400 Series device on each end of the FE tunnel.
The following figure illustrates how the FE over IPsec deployment supports the site-to-site connections. It shows a Layer 3 core network where Fabric Extend uses IP tunneling by adding a VXLAN header to the SPBM packets. This can be over a third party IPv4 transport network such as MPLS IP-VPN or in a Campus IP backbone.