Академический Документы
Профессиональный Документы
Культура Документы
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
Past
CTO of IT and security ventures
Architect of switches and routers
Researcher with focus in systems, networking,
and security
Present
CTO of Nuage Networks
Focus
Large-scale SDN and cloud environments
Distributed systems
More @ ipSpace.net/About
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
3 This material
ipSpace.net
2014
Overlay
Virtual Networks
Past
Kernel programmer, network OS and web developer
Sysadmin, database admin, network engineer, CCIE
Trainer, course developer, curriculum architect
Team lead, CTO, business owner
Present
Network architect, consultant, blogger, webinar and book author
Teaching the art of Scalable Web Application Design
Focus
Large-scale data centers, clouds and network virtualization
Scalable application design
Core IP routing/MPLS, IPv6, VPN
More @ ipSpace.net/About
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
4 This material
ipSpace.net
2014
Overlay
Virtual Networks
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
5 This material
ipSpace.net
2014
Overlay
Virtual Networks
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
PHP
Web server
Web server
Web server
App server
App server
Web server
Apache
MySQL
Linux
Cache
Cache
Primary DB
Slave DB
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
8 This material
ipSpace.net
2014
Overlay
Virtual Networks
Outside
Web servers
App servers
DB servers
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
9 This material
ipSpace.net
2014
Overlay
Virtual Networks
IP packet
MAC unicast
VNI
Encapsulation
VNI
Overlay module
TEP
Kernel IP stack
IP packet
Overlay module
TEP
Kernel IP stack
Hypervisor/Rtr MAC
IP packet
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
10This material
ipSpace.net
2014
Overlay
Virtual Networks
Overlay
Virtual
Network
Outside
Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
11This material
ipSpace.net
2014
Overlay
Virtual Networks
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+12This material
ARP: C D
MAC: C bcast
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
Example: ARP request C D
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
13This
2014
Overlay
Virtual Networks
1
ofmaterial
6ipSpace.net
ARP: C D
MAC: C bcast
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
Example: ARP request C D
Intercepted by local L3 forwarding module
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
14This
2014
Overlay
Virtual Networks
2
ofmaterial
6ipSpace.net
ARP: C D
MAC: C bcast
ARP: D = MAC-D
MAC: GW C
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
Example: ARP request C D
Intercepted by local L3 forwarding module
Replied from local ARP cache
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
15This
2014
Overlay
Virtual Networks
3
ofmaterial
6ipSpace.net
ARP: C D
MAC: C bcast
ARP: D = MAC-D
MAC: GW C
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
Example: ARP request C D
Intercepted by local L3 forwarding module
Replied from local ARP cache
Controller is contacted on ARP cache miss
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
16This
2014
Overlay
Virtual Networks
4
ofmaterial
6ipSpace.net
ARP: C D
MAC: C bcast
ARP: D = MAC-D
MAC: GW C
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
Example: ARP request C D
Intercepted by local L3 forwarding module
Replied from local ARP cache
Controller is contacted on ARP cache miss
Controller can reply with authoritative information or flood ARP request
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
17This
2014
Overlay
Virtual Networks
5
ofmaterial
6ipSpace.net
ARP: C D
MAC: C bcast
ARP: D = MAC-D
MAC: GW C
VNI: 1
VNI: 2
VNI: 2
Overlay Module
VNI: 3
Overlay Module
GW
Some overlay virtual networking solutions implement combined L2+L3 forwarding model
Intra-subnet ARP caching significantly reduces overlay broadcast traffic
Example: ARP request C D
Intercepted by local L3 forwarding module
Replied from local ARP cache
Controller is contacted on ARP cache miss
Controller can reply with authoritative information or flood ARP request
Available in VMware NSX for vSphere, Nuage Networks VSP
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
18This
2014
Overlay
Virtual Networks
6
ofmaterial
6ipSpace.net
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
19This material
ipSpace.net
2014
Overlay
Virtual Networks
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
20This material
ipSpace.net
2014
Overlay
Virtual Networks
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
Cloud
Management
Overlay
VTEP
Kernel IP stack
SDN Controller
Overlay
VTEP
Kernel IP stack
IP transport network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
22This material
ipSpace.net
2014
Overlay
Virtual Networks
CMP
Federation
SDN
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
23This material
ipSpace.net
2014
Overlay
Virtual Networks
Overlay
VTEP
Kernel IP stack
Controller
Overlay
VTEP
Kernel IP stack
IP transport network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
24This material
ipSpace.net
2014
Overlay
Virtual Networks
BGP
Terminology:
VSP: Virtual Services Platform
CMP: Cloud Management Platform
VSD: Virtual Services Directory
VSC: Virtual Services Controller
VRS: Virtual Routing & Switching
Plane of operation
VSD: Management/Policy
VSC: Control plane
VRS: Data plane
REST
VSD
XMPP
CMP
BGP
BGP
VSC
VRS
VSC
VRS
VRS
VSG/PE
VRS
Scale-out architecture
Single VSD per CMP
Multiple VSC per VSD (scale-out within CMP)
VSC confederation via MP-BGP (scale-out across CMP)
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
26This material
ipSpace.net
2014
Overlay
Virtual Networks
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
REST
VSD
XMPP
CMP
BGP
VSC
VRS
VSC
VRS
VRS
VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
28This material
ipSpace.net
2014
Overlay
Virtual Networks
REST
CMP
VSD
XMPP
BGP
VSC
VRS
VSC
VRS
VRS
VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
29This material
ipSpace.net
2014
Overlay
Virtual Networks
CMP
CMP
Federation
SDN
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
30This material
ipSpace.net
2014
Overlay
Virtual Networks
Underlying infrastructure
Each availability zone = independent
L3 forwarding domain
VRS
XMPP
Controller/orchestration infrastructure
Single CMP/VSD per region
VSD works on policy plane VSD failure is similar to CMP failure
VSC per availability zone VSC failure does not spread across zones
BGP information exchange through a set of route reflectors
use BGP security mechanisms to
protect availability zones
REST
Pair of VSGs per availability zone
CMP
VSD
(when needed)
BGP
BGP
VSC
VSC
VRS
VRS
VSG/PE
VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
31This material
ipSpace.net
2014
Overlay
Virtual Networks
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
VMs within an overlay virtual network must interact with the physical world
L2 gateways (VNI-to-VLAN)
P2V migrations
Integration with legacy equipment
L3 gateways
Multiple VNIs routed to a VLAN
Simple P2V or WAN integration
Network services gateway
Firewalls and load balancers
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
33This material
ipSpace.net
2014
Overlay
Virtual Networks
Deployment format
VM-based
Hypervisor kernel module
Bare-metal x86 server
Hardware VTEP
Design and deployment considerations
Performance
Control-plane integration with overlay fabric
Management plane integration with overlay network controller and
orchestration system
Integration with existing network infrastructure (example: MPLS/VPN)
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
34This material
ipSpace.net
2014
Overlay
Virtual Networks
IP packet
VM
IP packet
Appliance MAC
VLAN tag
VXLAN
Next-hop MAC
VNI
UDP
VNI
VXLAN
VTEP
Kernel IP stack
IP multicast
VXLAN
VTEP
Kernel IP stack
MAC multicast
VLAN
IP packet
IP transport network
Outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
35This material
ipSpace.net
2014
Overlay
Virtual Networks
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
37This material
ipSpace.net
2014
Overlay
Virtual Networks
OVSDB
Lightweight JSON-RPC-based database query/update protocol
OVSDB database table schema defines the actual data
OVSDB
EVPN
L3VPN
MPLS/VPN
GW
VSC
PE
Nuage VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+40This material
MPLS/VPN
MP-BGP
GW
VSC
PE
Nuage VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
41This
2014
Overlay
Virtual Networks
1
ofmaterial
7ipSpace.net
OpenFlow
GW
MPLS/VPN
MP-BGP
VSC
PE
Nuage VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
42This
2014
Overlay
Virtual Networks
2
ofmaterial
7ipSpace.net
IP: A S
MAC: A GW
OpenFlow
GW
MPLS/VPN
MP-BGP
VSC
PE
Nuage VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
43This
2014
Overlay
Virtual Networks
3
ofmaterial
7ipSpace.net
IP: A S
MAC: A GW
OpenFlow
GW
MPLS/VPN
MP-BGP
VSC
PE
Nuage VRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
44This
2014
Overlay
Virtual Networks
4
ofmaterial
7ipSpace.net
OpenFlow
IP: A S
GW
Nuage VRS
MPLS label
MPLS/VPN
MP-BGP
VSC
PE
GRE header
IP to PE
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
45This
2014
Overlay
Virtual Networks
5
ofmaterial
7ipSpace.net
OpenFlow
GW
MPLS/VPN
MP-BGP
VSC
PE
Nuage VRS
IP to PE VTEP
Underlay IP transport network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
46This
2014
Overlay
Virtual Networks
6
ofmaterial
7ipSpace.net
OpenFlow
GW
Nuage VRS
MPLS/VPN
MP-BGP
VSC
PE
IP/MPLS to S
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
47This
2014
Overlay
Virtual Networks
7
ofmaterial
7ipSpace.net
Deployment format
Low bandwidth VM
High bandwidth hardware VTEP
Integration requirements
Physical VLANs OVSDB or EVPN
MPLS/VPN WAN EVPN + L3VPN
Choose an SDN controller that supports all the options you need
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
48This material
ipSpace.net
2014
Overlay
Virtual Networks
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
Outside
Outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
50This material
ipSpace.net
2014
Overlay
Virtual Networks
High-level view
Assign VMs to groups
Specify filtering rules between groups
From
To
Any
Web
80
Any
Web
443
Typical implementations
Packet filter (OVS or Linux iptables)
Each group exploded into a list of IP addresses
ACL = Cartesian product of source-destination
IP addresses
Web
App
9000
App
DB
3306
Mgmt
All-VM
Port
22
Outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
51This material
ipSpace.net
2014
Overlay
Virtual Networks
From
To
Any
Web
Any
From
To
80
Any
W1
80
Web
443
Any
W2
80
Web
App
9000
Any
W3
80
App
DB
3306
Any
W1
443
Mgmt
All-VM
22
Any
W2
443
Any
W3
443
W1
A1
9000
W1
A2
9000
W2
A1
9000
W2
A2
9000
W3
A1
9000
W3
A2
9000
W1
W2
Port
W3
A1
D1
Outside
A2
D2
Port
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
52This material
ipSpace.net
2014
Overlay
Virtual Networks
SDN
Hypervisor
Outside
Network
From
To
Port
Any
Web
80
Any
Web
443
Web
App
9000
App
DB
3306
Mgmt
All-VM
22
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
53This material
ipSpace.net
2014
Overlay
Virtual Networks
VSD
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+54This material
VSD
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
55This
2014
Overlay
Virtual Networks
1
ofmaterial
6ipSpace.net
VSD
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
56This
2014
Overlay
Virtual Networks
2
ofmaterial
6ipSpace.net
VSD
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
57This
2014
Overlay
Virtual Networks
3
ofmaterial
6ipSpace.net
VSD
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
58This
2014
Overlay
Virtual Networks
4
ofmaterial
6ipSpace.net
VSD
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
59This
2014
Overlay
Virtual Networks
5
ofmaterial
6ipSpace.net
VSD
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
60This
2014
Overlay
Virtual Networks
6
ofmaterial
6ipSpace.net
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+61This material
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
62This
2014
Overlay
Virtual Networks
1
ofmaterial
5ipSpace.net
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
63This
2014
Overlay
Virtual Networks
2
ofmaterial
5ipSpace.net
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
64This
2014
Overlay
Virtual Networks
3
ofmaterial
5ipSpace.net
VSD
VSC
VSC
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
65This
2014
Overlay
Virtual Networks
4
ofmaterial
5ipSpace.net
VSD
VSC
VSC
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
66This
2014
Overlay
Virtual Networks
5
ofmaterial
5ipSpace.net
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+67This material
VM sends an IP packet
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
68This
2014
Overlay
Virtual Networks
1
ofmaterial
5ipSpace.net
VM sends an IP packet
Ingress ACL check on ingress VRS
From security group = VM NIC group
To security group = BGP community
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
69This
2014
Overlay
Virtual Networks
2
ofmaterial
5ipSpace.net
VM sends an IP packet
Ingress ACL check on ingress VRS
From security group = VM NIC group
To security group = BGP community
Encapsulated VM frame is sent across the
transport network
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
70This
2014
Overlay
Virtual Networks
3
ofmaterial
5ipSpace.net
VM sends an IP packet
Ingress ACL check on ingress VRS
From security group = VM NIC group
To security group = BGP community
Encapsulated VM frame is sent across the
transport network
Egress ACL check on egress VRS
From security group = BGP community
To security group = VM NIC group
VSD
VSC
VSC
VRS
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
71This
2014
Overlay
Virtual Networks
4
ofmaterial
5ipSpace.net
VM sends an IP packet
Ingress ACL check on ingress VRS
From security group = VM NIC group
To security group = BGP community
Encapsulated VM frame is sent across the
transport network
Egress ACL check on egress VRS
From security group = BGP community
To security group = VM NIC group
VSD
VSC
VSC
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
72This
2014
Overlay
Virtual Networks
5
ofmaterial
5ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+73This material
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
74This
2014
Overlay
Virtual Networks
1
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
Packet delivered to VM
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
75This
2014
Overlay
Virtual Networks
2
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
IP packet sent from VRS to PE-router
Packet delivered to VM
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
76This
2014
Overlay
Virtual Networks
3
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
IP packet sent from VRS to PE-router
IP packet delivered to remote host
Packet delivered to VM
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
77This
2014
Overlay
Virtual Networks
4
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
IP packet sent from VRS to PE-router
IP packet delivered to remote host
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
78This
2014
Overlay
Virtual Networks
5
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
IP packet sent from VRS to PE-router
IP packet delivered to remote host
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
79This
2014
Overlay
Virtual Networks
6
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
IP packet sent from VRS to PE-router
IP packet delivered to remote host
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
80This
2014
Overlay
Virtual Networks
7
ofmaterial
8ipSpace.net
Security groups (in BGP communities) can extend across MPLS/VPN backbone
Automatic ingress/egress filters on VM NICs
Requires trust (or strict filters) between cloud and MPLS/VPN networks
VM to remote host:
VM sends a packet
Ingress ACL on VRS
IP packet sent from VRS to PE-router
IP packet delivered to remote host
VSC
MPLS
backbone
VRS
Transport Network
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
81This
2014
Overlay
Virtual Networks
8
ofmaterial
8ipSpace.net
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
Shared state
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
Floating IP address
NAT
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+86This material
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
87This
2014
Overlay
Virtual Networks
1
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
88This
2014
Overlay
Virtual Networks
2
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Packet sent to IP address in public vDRS (received by hypervisor)
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
89This
2014
Overlay
Virtual Networks
3
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Packet sent to IP address in public vDRS (received by hypervisor)
Hypervisor translates destination IP address to VM IP address
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
90This
2014
Overlay
Virtual Networks
4
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Packet sent to IP address in public vDRS (received by hypervisor)
Hypervisor translates destination IP address to VM IP address
Inside-to-outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
91This
2014
Overlay
Virtual Networks
5
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Packet sent to IP address in public vDRS (received by hypervisor)
Hypervisor translates destination IP address to VM IP address
Inside-to-outside
VM sends packet to a destination unreachable in tenant vDRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
92This
2014
Overlay
Virtual Networks
6
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Packet sent to IP address in public vDRS (received by hypervisor)
Hypervisor translates destination IP address to VM IP address
Inside-to-outside
VM sends packet to a destination unreachable in tenant vDRS
Per-VM default route pushes the packet through NAT rule into public vDRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
93This
2014
Overlay
Virtual Networks
7
ofmaterial
8ipSpace.net
Setup
Floating IP from public vDRS is
allocated to a tenant VM
1:1 NAT rule is created on the
hypervisor
Internal communication
Destination IP address is within tenant vDRS
NAT rule is not invoked
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Packet sent to IP address in public vDRS (received by hypervisor)
Hypervisor translates destination IP address to VM IP address
Inside-to-outside
VM sends packet to a destination unreachable in tenant vDRS
Per-VM default route pushes the packet through NAT rule into public vDRS
2014
Overlay
Virtual Networks
8
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
ipSpace.net
2014
Overlay
Virtual Networks
+95This material
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
96This
2014
Overlay
Virtual Networks
1
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
97This
2014
Overlay
Virtual Networks
2
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
H-IP
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
Stateful NAT entry is created in the hypervisor
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
98This
2014
Overlay
Virtual Networks
3
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
H-IP
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
Stateful NAT entry is created in the hypervisor
Packet is delivered to the outside server
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
99This
2014
Overlay
Virtual Networks
4
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
H-IP
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
Stateful NAT entry is created in the hypervisor
Packet is delivered to the outside server
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Return packet is sent to IP address in public vDRS (received by hypervisor)
This
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
100
2014
Overlay
Virtual Networks
5
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
H-IP
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
Stateful NAT entry is created in the hypervisor
Packet is delivered to the outside server
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Return packet is sent to IP address in public vDRS (received by hypervisor)
Hypervisor uses PNAT entry to translate destination IP address to VM IP address
This
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
101
2014
Overlay
Virtual Networks
6
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
H-IP
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
Stateful NAT entry is created in the hypervisor
Packet is delivered to the outside server
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Return packet is sent to IP address in public vDRS (received by hypervisor)
Hypervisor uses PNAT entry to translate destination IP address to VM IP address
Translated packet is delivered to target VM
This
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
102
2014
Overlay
Virtual Networks
7
ofmaterial
8ipSpace.net
Setup
IP from public vDRS (H-IP) is
allocated to each hypervisor
H-IP
Inside-to-outside
VM sends packet to a destination
unreachable in tenant vDRS
Default route pushes the packet
through NAT rule into public vDRS
Stateful NAT entry is created in the hypervisor
Packet is delivered to the outside server
Public
vDRS
(VRF)
Transport
Network
VSG/PE
Outside
Outside-to-inside
Return packet is sent to IP address in public vDRS (received by hypervisor)
Hypervisor uses PNAT entry to translate destination IP address to VM IP address
Translated packet is delivered to target VM
2014
Overlay
Virtual Networks
8
ofmaterial
8ipSpace.net
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
105
ipSpace.net
2014
Overlay
Virtual Networks
A
S
B
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
106
ipSpace.net
2014
Overlay
Virtual Networks
+
IP-A IP-S
MAC-A MAC-S
S
B
1 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
107
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
S
B
2 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
108
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
S
IP-B IP-S
MAC-B MAC-S
3 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
109
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
S
IP-B IP-S
MAC-B MAC-S
4 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
110
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
S
IP-B IP-S
MAC-B MAC-S
IP-B IP-S
MAC-B MAC-S
5 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
111
ipSpace.net
2014
Overlay
Virtual Networks
MAC-A MAC-S
IP-A IP-S
S
IP-B IP-S
MAC-B MAC-S
IP-B IP-S
MAC-B MAC-S
6 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
112
ipSpace.net
2014
Overlay
Virtual Networks
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
S
IP-B IP-S
MAC-B MAC-S
IP-B IP-S
MAC-B MAC-S
7 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
113
ipSpace.net
2014
Overlay
Virtual Networks
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
S
MAC-B MAC-S IP-B IP-S
8 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
114
ipSpace.net
2014
Overlay
Virtual Networks
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
S
MAC-B MAC-S IP-B IP-S
9 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
115
ipSpace.net
2014
Overlay
Virtual Networks
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
S
MAC-B MAC-S IP-B IP-S
10 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
116
ipSpace.net
2014
Overlay
Virtual Networks
MAC-A MAC-S
IP-A IP-S
MAC-A MAC-S
IP-A IP-S
S
MAC-B MAC-S IP-B IP-S
11 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
117
ipSpace.net
2014
Overlay
Virtual Networks
A
S
B
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
118
ipSpace.net
2014
Overlay
Virtual Networks
+
IP-A IP-S
MAC-A MAC-G
S
B
1 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
119
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-A MAC-G
IP-A IP-S
MAC-G MAC-S
S
B
2 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
120
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-A MAC-G
IP-A IP-S
MAC-G MAC-S
S
IP-B IP-S
MAC-B MAC-G
3 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
121
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-B MAC-G
IP-A IP-S
MAC-G MAC-S
MAC-F
IP-B IP-S
MAC-A MAC-G
4 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
122
ipSpace.net
2014
Overlay
Virtual Networks
IP-A IP-S
MAC-B MAC-G
IP-A IP-S
MAC-F
IP-B IP-S
MAC-A MAC-G
MAC-G MAC-S
S
IP-B IP-S
MAC-F MAC-S
5 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
123
ipSpace.net
2014
Overlay
Virtual Networks
MAC-B MAC-G
MAC-F
IP-B IP-S
S
IP-B IP-S
MAC-F MAC-S
6 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
124
ipSpace.net
2014
Overlay
Virtual Networks
MAC-B MAC-G
MAC-F
IP-B IP-S
S
IP-B IP-S
MAC-F MAC-S
7 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
125
ipSpace.net
2014
Overlay
Virtual Networks
S
MAC-G MAC-S IP-B IP-S
8 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
126
ipSpace.net
2014
Overlay
Virtual Networks
MAC-F
S
MAC-G MAC-S IP-B IP-S
9 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
127
ipSpace.net
2014
Overlay
Virtual Networks
IP-B IP-S
MAC-F
MAC-B MAC-F
S
MAC-G MAC-S IP-B IP-S
10 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
128
ipSpace.net
2014
Overlay
Virtual Networks
IP-B IP-S
MAC-F
MAC-B MAC-F
S
MAC-G MAC-S IP-B IP-S
11 of 11
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
129
ipSpace.net
2014
Overlay
Virtual Networks
VSD
VSC
VSC
VRS
VRS
Transport Network
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
130
ipSpace.net
2014
Overlay
Virtual Networks
VSC
VSC
MP-BGP
VRS
VRS
Transport Network
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
131
ipSpace.net
2014
Overlay
Virtual Networks
GARP
VRS
VRS
Transport Network
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
132
ipSpace.net
2014
Overlay
Virtual Networks
This material is copyrighted and licensed for the sole use by Dimitar Stojanovski (dimitar.s@gmail.com [164.143.240.34]). More information at http://www.ipSpace.net/Webinars
Architectural elements:
Distributed forwarding plane (L2 and L3)
Control plane with scale-out architecture
Distributed L4 services (security, NAT)
Scalable security mechanisms
Additional considerations:
High-performance gateways
Control- and management-plane integration with external networks
This material
is copyrighted
and licensed for the sole use by Dimitar Scaling
Stojanovski
(dimitar.s@gmail.com
[164.143.240.34]). More information at http://www.ipSpace.net/Webinars
134
ipSpace.net
2014
Overlay
Virtual Networks
Questions?