This blog post explains the benefits of using 6WIND VSR product suite to bring EVPN (Ethernet Virtual Private Networks) VXLAN (Virtual Extensible LAN) capabilities to Hosting Companies which are using a legacy network infrastructure that do not support those capacities. It also shows the ability for Hosted Companies to self-manage their networking design along with their switching and routing decision using 6WIND VSR products.
EVPN VXLAN in a nutshell
EVPN is used as the overlay control plane to exchange Layer 2/Layer 3 reachability information efficiently inside and across data centers using a Layer 3 underlay. Overlays allow newer applications to run over older infrastructure, reconciling both yesterday and tomorrow.
While older applications still require Layer 2 connectivity, virtualization provides these applications with their own virtual networks, using tunnels to connect them. This is what EVPN was designed to do. EVPN is made to support Layer 3 virtualization for newer applications while providing Layer 2 connectivity for older applications. Because EVPN works with Layer 2 protocols like VXLAN (a more scalable way to segment the network) you can create virtual tunnels that encapsulate data, transport it to a destination and then decapsulate it. So even if data leaves one network and goes to another, the tunnel makes it look like it is happening in one place. Also, the EVPN control plane automatically learns and updates the Layer2/Layer3 information when virtual machines move from one server to another wherever the server is in the data center.
A Data Center infrastructure network that leverages EVPN VXLAN is often known as an IP Fabric.
6FABRIC is an IP Fabric solution that leverage 6WIND VSR to facilitates flexible workload placement, Virtual Machine mobility and optimal traffic forwarding across a hosting facility.
6FABRIC relies on a distributed anycast gateway feature for EVPN VXLAN. This feature is a default addressing mechanism that enables the use of the same gateway IP addresses across all VSR instances part of a VXLAN network making every instance behave as the default gateway for the workloads directly connected to it.
The 6FABRIC delivers the following benefits compared to legacy data center infrastructures:
- Enabling virtual machine mobility inside a hosting facility
- Optimizing traffic forwarding between services belonging to the same rack
- Offering an overlay to abstract the data center underlay deployment from the delivered Service.
6FABRIC for Hosting Companies
A lot of small to medium Hosting Companies own racks and servers within rooms in data centers. Those racks have a TOR switch (Top of Rack) which brings network connectivity to servers installed locally in the rack with the rest of the data center. Those TOR switches were not built to support EVPN VXLAN but still are high-capacity switches with large port density. By adding a server with a VSR (Virtual Service Router) on each rack the Hosting Company can fill the EVPN feature gap its legacy TOR switch has in comparison with new EVPN capable TOR switches, keeping its initial investment and bringing better future proofing.
Figure 1: 6FABRIC – EVPN infrastructure modernization
In the above diagram a server is added below the TOR switch and a VSR instance is deployed on it.
In this scenario the VSR aggregates the totality of local rack traffic and therefore needs to be connected multiple times to the TOR switch (Nx1G or Nx10G with N a small value). This type of deployment is known as “router on a stick.” Also, from an operational perspective the VSR products exposes a standard Netconf API which brings an open way to do the network automation which is not available on current legacy TOR switches.
6FABRIC for Hosted Companies
Hosted Companies can also use the VSR to own their own overlay EVPN VXLAN IP Fabric to self-manage their network design using the underlay IP connectivity provided by the data center. In this scenario each Hosted Company will install a single VSR instance per presence rack.
Figure 2: 6WIND VSR Multi-tenancy Architecture
In the above diagram a VSR instance is deployed on a new dedicated server or in an existing server when possible.
If you think about the benefits of owning and managing their own networking overlay, you will see that this will give the Hosted Companies the opportunity to confidently secure the data in transit inside the data center if they consider it as an untrust entity. Indeed, the VSR can transport the VXLAN encapsulated traffic over IPsec tunnels ensuring the integrity, the confidentiality, and the authenticity of the communications.
Also building an overlay network will allow the Hosted Companies to own their own Network Functions from the 6WIND portfolio such as a virtual Border Router for Internet breakout connections or virtual CG-NAT to mitigate the IPv4 Public bloc exhaustion. The IPsec (virtual Security Gateway) Concentrator Network Function can also be considered to secure the remote management flows.
6FABRIC from 6WIND modernizes the data center network infrastructure for Hosting Companies and offers at the same time to Hosted Companies a solution to self-manage an overlay network and onboard new network functions on top of it.
This enhances the capabilities of Hosting companies and helps the Hosted Companies to enhance their service offers and innovate in the way they build these services.
All the 6WIND VSR products support the distributed anycast gateway feature needed to sustain the 6FABRIC solution. This enables building highly valuable solutions such as:
- Distributed virtual Firewall (same security policy on each VSR instance to bring security and micro segmentation the closest to the source IP).
- Distributed virtual CG-NAT (NAT444 to optimize the NAT load on each VSR instance).
If you need more details on how we can help enhancing your hosting facilities or enhancing your hosted services with such capabilities, please reach out to us through the following link: contact us.
You can also schedule a free trial of our VSR solutions.
Source : www.6wind.com