Fabric SPB (EN)
_ _ Yoann Jonard

VLAN and L2VSN

How do I propagate a VLAN using L2VSN within an Extreme Networks SPB Fabric?

Introduction

Fabric SPB (Shortest Path Bridging) is based on the use of services, known as VSNs (Virtual Services Network). In the case of a VLAN, we refer to it as a L2VSN, and the VLAN will be associated with a service number known as the I-SID (Service Instance Identifier).

Conventional approach and VTP

In a more conventional network, if you have a VLAN to propagate across 5 switches, you need to log on to all 5 switches, create the VLAN, tag it on the uplinks, and add it on the ports on which you want it to be available.

If you use trunk links on which all VLANs are authorized, you avoid having to configure intermediate switches, but at the expense of your network’s security.

Finally, if you’re using a technology like Cisco’s VTP, you need to define a VTP server, VTP clients, and your VLAN management then becomes centralized and based on the VTP server. Your VTP clients can’t advertise any new VLANs they might need because it’s the VTP server that distributes them throughout the network. You would also have to set up VTP pruning to ensure that only VLANs present on a switch are present on its uplinks, to avoid unnecessarily expanding the broadcast domain of each VLAN.

In the SPB Fabric, the principle is different: management is not centralized. Each switch in the Fabric informs all the other switches of all the services it has configured. In this article the service is a VLAN, but we’ll see in another article that the principle is the same for VRF.

Security

The Fabric is by design secure. Thanks to the MAC-in-MAC encapsulation implemented and the use of I-SID, traffic from one end of the Fabric to the other is encapsulated and sent directly to the relevant destination switch. Intermediate switches (Default-1, 2 and 3 in our case) will not see the traffic, as they are not the destination.

In a traditional Layer 2 environment without Fabric (regardless of VTP), each intermediate switch “sees” traffic even if it’s not intended for it.

Diving in

Now that we have understood how it works, how do we configure our VLAN so that our 2 PCs can communicate with each other?

Three lines of configuration suffice, and we only need to configure the VLAN where it’s needed, at the ends of the fabric.

  1. We create our VLAN, as we usually do for any manufacturer, but with Extreme Networks syntax.
  2. We associate this VLAN (VLAN ID 10) with a service number (I-SID 1010) so that it can be propagated throughout the Fabric.
  3. We add the VLAN to the port on which our virtual PC is located.
vlan create 10 type port-mstprstp 1
vlan i-sid 10 1010
vlan member add 10 1/1

These 3 lines are enough to enable level 2 communication throughout the Fabric, as demonstrated in the following video (French speaking but you can turn on subtitles).

Conclusion

Whether you have 5 switches, as in this example, or 100, the principle is the same with SPB Fabric: you configure services only where you need them. Infrastructure, routing and shortest path are all managed transparently by the Fabric.

In this article, we’ve seen how SPB Fabric can help you respond quickly to new business demands with simplicity, flexibility and security.

Test protocol

Switch : Extreme Networks 5420F-48P-4XE
OS : FabricEngine 9.1.0.0.

External resources

Extreme Networks Documentation : https://documentation.extremenetworks.com/Fabric%20Engine%20v9.1%20User%20Guide/downloads/Fabric_Engine_9_1_User_Guide.pdf
Video link : https://youtu.be/JFMDlc4MOIw

Contact us to find out how to implement these features.

Follow us on LinkedIn to see our next videos.