You are previewing Network Virtualization.
O'Reilly logo
Network Virtualization

Book Description

Share network resources and reduce costs while providing secure network services to diverse user communities

  • Presents the business drivers for network virtualization and the major challenges facing network designers today

  • Shows how to use virtualization designs with existing applications, such as VoIP and network services, such as quality of service and multicast

  • Provides design alternatives for different real-world deployment scenarios, with configuration examples and case studies 

  • Today's enterprises have several groups of users with specific needs. The differences between these groups translate into specific network requirements. Within some organizations, these requirements are so dissimilar that the different groups need to be treated as totally separate customers by the enterprise's IT department. As the number of groups increases, keeping them separate and secure is a challenge to IT departments, particularly with the advent of wireless networks, the requirement for enterprise-wide user mobility, and the need for cross group collaboration with resource sharing on a per project basis. Network Virtualization provides design guidance for virtualized enterprise networks and arms network architects with the background necessary to make sound technological choices in the face of different business requirements. As a means of introduction, Network Virtualization lays out the fundamentals of enterprise network design. The book builds upon these fundamental principles to introduce the different virtualization methods as the logical evolution of the enterprise network architecture. Detailed descriptions of the technology, design principles, network configurations, and real-world case studies are provided throughout the book, helping readers develop a pragmatic understanding of virtualized enterprise network architectures. Specific examples are included that tailor deployment advice to the small, medium, and large enterprise environment.

    Table of Contents

    1. Copyright
      1. Dedication
    2. About the Author(s)
      1. About the Technical Reviewers
    3. Acknowledgments
    4. Icons Used in This Book
    5. Command Syntax Conventions
    6. Introduction
      1. Goals and Methods
      2. Who Should Read This Book?
      3. How This Book Is Organized
    7. I. A Network Architecture for the Virtual Enterprise
      1. 1. Business Drivers Behind Enterprise Network Virtualization
        1. Why Virtualize?
          1. Visitors, Partners, Contractors, and Quarantine Areas
          2. Regulatory Compliance
          3. Secure Service Areas
          4. Network Consolidation
          5. Acquisitions and Mergers
          6. Multitenant Enterprises
          7. Virtual Project Environment: Next-Generation Business Processes
        2. Business Requirements Drive Technical Requirements
        3. Summary
      2. 2. Designing Scalable Enterprise Networks
        1. Hierarchical Campus Design
        2. Virtualizing the Campus
        3. WAN Design
          1. WAN Provider Service Offerings
          2. WAN Architecture
          3. WAN Resiliency
          4. WAN Routing Considerations
          5. Securing the WAN
          6. WAN Virtualization
        4. Summary
      3. 3. A Basic Virtualized Enterprise
        1. The Virtual Enterprise
        2. Transport Virtualization—VNs
          1. VLANs and Scalability
          2. Virtualizing the Routed Core
            1. Policy-Based Segmentation
            2. Control-Plane-Based Virtualization
          3. The LAN Edge: Authentication and Authorization
        3. Central Services Access: Virtual Network Perimeter
          1. Unprotected Services
        4. Summary
      4. 4. A Virtualization Technologies Primer: Theory
        1. Network Device Virtualization
          1. Layer 2: VLANs
          2. Layer 3: VRF Instances
            1. FIBs and RIBs
            2. Virtual and Logical Routers
            3. VRF Awareness
          3. Layer 2 Again: VFIs
          4. Virtual Firewall Contexts
          5. Network Device Virtualization Summary
        2. Data-Path Virtualization
          1. Layer 2: 802.1q Trunking
          2. Generic Routing Encapsulation
            1. GRE IOS Configuration
          3. IPsec
            1. Cisco IOS IPsec Configuration
          4. L2TPv3
            1. L2TPv3 IOS Configuration
          5. Label Switched Paths
            1. The FIB Revisited
            2. Cisco IOS LSP Example
          6. Data-Path Virtualization Summary
        3. Control-Plane Virtualization—Routing Protocols
          1. VRF-Aware Routing
            1. VRF per Process: OSPF
            2. VRF Address Families: EIGRP, RIP, and BGP
          2. Multi-Topology Routing
          3. Control-Plane Virtualization Summary
        4. Summary
      5. 5. Infrastructure Segmentation Architectures: Theory
        1. Hop to Hop
          1. Layer 3 H2H
          2. Single Address Space Alternatives
          3. H2H Summary
        2. Tunnel Overlay for L3VPN
          1. L3VPN Using GRE and IPsec Overlay
          2. Putting It All Together: DMVPN
          3. Layer 3 Tunnel Summary
        3. Tunnel Overlay for Layer 2 VPNs
          1. Layer 2 P2P Overlay Using L2TPv3
          2. Layer 2 P2P Overlay Using MPLS
          3. Layer 2 VPN MP2MP Using MPLS (VPLS)
          4. Layer 2 VPN Summary
        4. Peer-Based Model for Layer 3 VPNs
          1. RFC 2547bis the MPLS Way
          2. RFC 2547bis Forwarding-Plane Alternatives
            1. MPLS over mGRE
            2. MPLS over L2TPv3
        5. Inter-Autonomous System Connectivity: Another Application of Tunnels
          1. Carrier Supporting Carrier
          2. Inter-Autonomous System Routing
          3. Inter-Autonomous System Connectivity Summary
        6. Summary
    8. II. Enterprise Virtualization Techniques and Best Practices
      1. 6. Infrastructure Segmentation Architectures: Practice
        1. Hop-to-Hop VLANs
          1. Layer 3 Hop to Hop
        2. Single Address Space Solutions
        3. Tunnel Overlay for Layer 3 VPNs
          1. GRE Tunnels
          2. Multipoint GRE Tunnels
            1. Hub mGRE Configuration
            2. Spoke GRE Configuration
          3. Mapping Traffic to Tunnels
            1. PBR
            2. VRFs
          4. Resiliency and Routing Considerations
          5. Encryption Considerations
        4. Layer 3 VPNs
          1. RFC 2547bis the MPLS Way
            1. Campus Network / MAN Deployment
              1. Multi-VRF CE Deployments
          2. RFC 2547bis over L2TPv3
          3. RFC 2547bis over GRE
          4. IGP Best Practices
          5. BGP Best Practices: Route Reflectors
          6. BGP Best Practices: Route Distinguishers and ECMP Routing
          7. Migration Recommendations
        5. Layer 2 VPNs
          1. Ethernet over MPLS
            1. Providing Point-to-Point Connectivity
            2. Providing Multipoint Connectivity
            3. Resilient Pseudowire Topologies
              1. Multiple Tunnels and CE STP
              2. Multiple Tunnels and CE Link Aggregation
          2. VPLS
        6. Summary
      2. 7. Extending the Virtualized Enterprise over the WAN
        1. WAN Services
          1. IP Services
          2. Layer 2 Circuits
          3. P2P GRE
          4. Multipoint GRE
          5. Dynamic Multipoint VPN
        2. Extending Segmentation over the WAN
        3. MPLS over Layer 2 Circuits
          1. VRF-to-VRF Connections at the Autonomous System Border Routers
          2. MP-eBGP Exchange of Labeled VPN-IPv4 Routes Between Adjacent ASBRs
          3. Multihop MP-eBGP Between Remote Autonomous Systems
          4. Using MPLS over Layer 2 Circuits for Segmented Branch Aggregation
          5. Benefits and Drawbacks
        4. Contracting Multiple IP VPNs
          1. Benefits and Drawbacks
        5. Carrier Supporting Carrier (CsC)
          1. Using CsC for Segmented Branch Aggregation
          2. Benefits and Drawbacks
        6. MPLS over GRE
          1. Benefits and Drawbacks
        7. RFC 2547 VPNs over L2TPv3 Tunnels
          1. Benefits and Drawbacks
        8. VRFs Interconnected by a GRE or DMVPN Overlay
          1. Benefits and Drawbacks
        9. RFC 2547 VPNs over DMVPN
          1. Benefits and Drawbacks
        10. Summary
      3. 8. Traffic Steering and Service Centralization
        1. Shared Services: Protected vs. Unprotected
          1. Unprotected Services
          2. Protected Services
        2. Unprotected Services Access
          1. Basic Import/Export Mechanism
            1. Multiplatform Deployment
            2. Single-Platform Deployment
          2. Any-to-Any and Hub-and-Spoke VPNs
          3. Extranet VPN
          4. Localized Inter-VPN Communication
          5. Leaking Traffic with the Global Table
        3. Protected Services Access
          1. Firewalling for Common Services
          2. Routed Firewalls and Transparent Firewalls
          3. Routed Firewall Deployments
            1. Single Common Services/Internet Edge Site
            2. Multiple Common Services/Internet Edge Sites
            3. Routing Considerations
              1. Advertising Multiple Routes into MP-iBGP
              2. Asymmetric Return Paths
            4. Network Address Translation (NAT)
              1. Benefits of NAT
              2. Dynamic NAT
              3. Static NAT
              4. NAT in the VN Perimeter
          4. Transparent Firewall Deployments
        4. Providing IP Services
          1. DHCP
            1. Dedicated DHCP Services per VN
            2. Shared DHCP Services
          2. Domain Name System (DNS) Services
        5. Summary
      4. 9. Multicast in a Virtualized Environment
        1. Multicast Introduction
          1. Internet Group Management Protocol (IGMP)
          2. Multicast Routing
            1. Source Trees
            2. Shared Trees
          3. Protocol Independent Multicast (PIM)
        2. VRFs and Multicast
          1. Multicast Sourced from an External IP Network
          2. Multicast Across VRFs (mVPN Extranet)
        3. mVPN Transport
          1. Global
          2. Tunnel Overlay
          3. mVPN
        4. Connecting the WAN
        5. Summary
      5. 10. Quality of Service in a Virtualized Environment
        1. QoS Models and Mechanisms: A Review
          1. Differentiated Services
        2. MPLS Quality of Service
          1. Tunnels and Pipes
        3. MPLS Traffic Engineering and Guaranteed Bandwidth
          1. DS-TE and Guaranteed Bandwidth
          2. Do I Really Need This in an Enterprise Virutal Network?
        4. QoS Models for Virtualized Networks
          1. One Policy per Group
            1. Multiple Policies per Group—Hierarchical QoS
        5. Summary
      6. 11. The Virtualized Access Layer
        1. Access Layer Switching
        2. Implementing Dynamic Authentication and Authorization
          1. Clientless Authentication
            1. Static Clientless Implementation—Port Security
            2. Centralized Dynamic Clientless Authentication—VMPS
            3. Layer 3 Clientless Authentication—Web Clients
          2. Client-Based Layer 2
            1. 802.1. x Protocol Details
            2. dot1x Implementation
        3. Virtualizing the Access Layer
          1. Layer 3 Access
        4. Summary
    9. III. Appendixes
      1. A. L2TPv3 Expanded Coverage
        1. L2TPv3 Control Channel
        2. L2TPv3 Data Channel
      2. B. MPLS QoS, Traffic Engineering, and Guaranteed Bandwidth
        1. MPLS QoS—Uniform Tunnel and Pipe Modes
        2. MPLS Traffic Engineering
        3. MPLS Fast Reroute
        4. Guaranteed Bandwidth
      3. C. Recommended Reading
        1. Chapter 1
        2. Chapter 4
        3. Chapter 5
        4. Chapter 7
        5. Chapter 8
        6. Chapter 9
        7. Chapter 10
        8. Chapter 11
        9. General technology references
      4. D. RFCs and Internet Drafts
        1. Chapter 4
        2. Chapter 5
        3. Chapter 6
        4. Chapter 9
        5. Chapter 10
        6. Chapter 11