The OmniSwitch implementation of SPBM provides L2 VPN capability that bridges L2 customer LAN segments. Customer edge (CE) devices form peers and exchange routing information, as well as perform the necessary IP forwarding. Then the SPBM BEBs bridge the already routed IP traffic across the SPBM backbone.
In addition to L2 VPN, the OmniSwitch also provides an IP over SPBM capability that consolidates the routing functionality of CE devices into the BEB devices. The Virtual Routing and Forwarding (VRF) instances on different BEBs are tied together via backbone I-SIDs across the same SPBM backbone that is used to support Layer 2 VPNs.
The OmniSwitch IP over SPBM solution supports two methods for combining L3 routing and L2 SPBM in the same switch: VPN-Lite and L3 VPN.
VPN-Lite
The VPN-Lite method provides a gateway between a regular SPBM service and a router within the same OmniSwitch chassis. This solution provides a specific advantage in that it allows a single box to represent two tiers in a typical fat-tree network, which is popular in data center deployments.
In addition, a VPN-Lite configuration can act purely as a L3 VPN when configured correctly. In this mode, existing routing protocols can form adjacencies across the SPBM PBB network. To keep it purely a L3 VPN, the administrator makes sure that no SPBM SAPs that can inject bridged flows are allowed to attach to the I-SID designated for the specific VPN.
The VPN-Lite approach uses the SPBM network in the same way a VLAN is used for transporting L3 frames. Each BEB or host can inject frames into the I-SID as needed, and BEBs can decide to bridge or route those frames based on their inner and outer destination MAC address.
L3 VPN
When the L3 VPN method is implemented, the OmniSwitch acts as an access or edge router to multiple VRFs and connects these VRFs across an SPBM PBB network. Each VPN is identified by a local VRF instance on each BEB and globally in the backbone by an I-SID in the PBB header. ISIS-SPB will import and export routes from the local routing protocols running inside their respective VRFs. In essence, ISIS-SPB is creating tunnels between BEBs through which routed frames are sent to reach their target networks.
The OmniSwitch L3 VPN solution is based on the IETF drafts IP/IPVPN services with IEEE 802.1aq SPB(B) networks and uses IS-IS TLVs to exchange routes between the BEBs that host the same VPN services. This approach also gives an administrator the ability to build VPNs and extend them over an SPBM core.
IP over SPBM Loopback
Both the VPN-Lite and L3 VPN solutions for routing IP over an SPBM backbone network require a physical loopback port configuration on the BEB. A regular switch port or a static link aggregate can serve as a loopback port. In addition, multiple loopback port pairs are allowed and can be shared between different VRFs.
The loopback configuration consists of one port tagged with an IP interface VLAN that belongs to a single VRF instance connected to another port that is assigned to an SPB SAP, to which the VLAN ID associated with the other loopback port is assigned.
• The loopback port assigned to the IP VLAN is referred to as the L3 VPN router port.
Configuring Shortest Path Bridging Shortest Path Bridging Overview
• The loopback port assigned to the SPB SAP is referred to as the L3 VPN access port.
• The VLAN associated with both loopback ports is referred to as the L3 VPN VLAN.
• The IP interface assigned to the VLAN is referred to as the L3 VPN IP interface.
The loopback cable connects a VRF to an SPB SAP and can carry traffic from different VRFs tagged with different L3 VPN VLANs. The following diagram shows a logical depiction of the IP over SPB loopback configuration:
Figure 7: IP over SPB Loopback
How it Works
This section describes the VPN-Lite and L3 VPN control and data plane operations in an IP over SPB network configuration. Although both approaches require the L3 VPN loopback configuration, they differ in how routing protocol control packets are exchanged and processed to support IP over SPB.
VPN-Lite Control Plane Operations
When routing protocols or static routes are running on the L3 VPN IP interface of the loopback
configuration, the interface can exchange IP routes with other L3 VPN IP interfaces that are running the same routing protocols and are associated with the same I-SID. By exchanging routes with other loopback IP interfaces, VRFs on different BEBs can learn remote networks from each other.
In this scenario, the routing protocol control packets sent from the L3 VPN IP interfaces travel though the L3 VPN router port, enter the L3 VPN access port, are distributed into different services by SAPs and are carried on SDPs into the SPBM backbone. The control packets received from the SPBM backbone travel from SDPs to the VRF following the same process but in reverse.
L3 VPN Control Plane Operations
. SPBM Backbone
Customer 1 Network B Customer 1
Network A
VRF-1 VRF-1
SAP 1/5:400 SAP 1/2:400
Loopback Cable L3 VPN VLAN 400 L3 VPN IP Interface Loopback Cable
L3 VPN VLAN 400 L3 VPN IP Interface
Shortest Path Bridging Overview Configuring Shortest Path Bridging
page 3-20 OmniSwitch AOS Release 7 Data Center Switching Guide August 2015
VPN-Lite and L3 VPN Data Plane Operations
Data is moved in the same manner for both VPN-Lite and L3 VPN traffic, and the existing data plane forwarding mechanisms for SPB and IP are used without modification:
• A L3 VPN IP interface serves as an IP gateway to access remote networks. The network administrator has to ensure the IP subnet reachability of the L3 VPN addresses on the same SPBM I-SID.
• L3 VPN IP interfaces use dynamic ARP to learn the MAC addresses of other L3 VPN IP interfaces and provide next-hop forwarding information to the switch.
• IP data plane packets travel the same path as VPN-Lite control packets (see “VPN-Lite Control Plane Operations” on page 3-19 for more information).
• Data in the SPBM cloud is encapsulated into the Provider Backbone Bridge (PBB) format (see “SPB Services” on page 3-12 for more information).
For more information and configuration examples, see “Configuring IP over SPB” on page 3-55 and “IP over SPB Configuration Examples” on page 3-56.
Configuring Shortest Path Bridging Interaction With Other Features