Search Results

As mentioned earlier, EVPN was adopted to allow network segmentation at Datalink and Network layers along with network extension (L2/L3 VPNs) where relevant The “Local” VRF represents a Layer 2 domain isolated to a datacenter making sure the traffic is not tr...

Management VRF is a Layer 3 VRF built on top of the existing “Local” L2 VRF used as transport From the Data link layer perspective, we are using the same RT allowing for L2 connectivity within the Datacenter, yet from the Network layer view, we are standing u...

Public VRF is built to provide connectivity with public peers (IP Transit) and the Outside Firewall Zone and is an example of L2/L3 VRFs extended over the backhaul. Core VTEPs in each of the datacenters are configured with matching RTs allowing EVPN peers to ...

Like the Public, Private VRF has been built to accommodate for peering in the Private address space (e.g. AWS)

Public VRF is represented by various logical zones. At the centre we have a Core AS PUBLIC which has peering upstream and downstream. Each of the switches has an upstream leg to one IP Transit provider with ISP1 being preferred with local preference of 150 fo...

Private VRF is represented by two Core ASNs 65101 (DC01) and 65111(DC11) and has peering with AWS ASN 65121 out of each datacentre. To allow for Inter-VRF routing (Public/Private) all switches have BGP peering with the firewall cluster. MED is used to route a...

Private VRF is represented by four security zones each with its' own feature set and functionality

Public VRF is represented by a single security zone with an intent to publish front end and other resources to the external networks

MPLS is nothing more than another method of encapsulation which is primarily used for L2/L3 VPNs and traffic engineering Lets imagine a simple IP Transit network Looking at the diagram we can see that each router needs to know how to reach both Network A a...

LDP is used to exchange, build and maintain labels in MPLS enabled networks and to better understand label propagation, let's have a look at the following diagram On this diagram we can see six MPLS enabled routers with two /24 networks at the edge. Router ...

In our previous example we could see that both networks (A/24 and B/24) had to be a part of LDP exchange and, therefore, had to be learned by the transit routers. That, to a degree, defeats the purpose of MPLS where one of our goals is to avoid that. So what d...

As was discussed in the Introduction section, it's often required to transport the traffic across the core for overlapping networks (a good example of this can be an ISP providing end to end connectivity for Customer A and Customer B). In this case we will r...

First of all a couple of words on MPLS L2 VPNs. Generally speaking we have two types - Point to Point VPWS and Point to Multipoint VPLS. You can think of VPWS operating at Layer 1 and forwarding everything PE learns from Attached Circuit (AC) facing the CE in...

Generally speaking we have two options when it comes to WAN interconnects - either Point to Point or Point to Multipoint And while being perfectly normal for some of the use cases, in some others you might want to start thinking of adding more devices, circ...

So to deal with the challenges described in the previous chapter while also allowing for simplified and centralized management we could introduce an additional SD-WAN layer like this As you can see, nothing changes in our topology and we are still using red...

To answer the question of why VXLAN was even invented, let's have a look at what problems it's trying to address. First of all, if you try building a standard Layer two Clos topology like this, you will end up with STP which comes with two drawbacks - Roug...

So what is VXLAN ? Simply put, a protocol allowing to encapsulate L2 frames into it's own header and then carry those across L3 underlay network. Looking at the above diagram we can see two Virtual Tunnel End Points (VTEPs) having a Layer 3 connectivity be...

server { listen 80; server_name _; return 301 https://$host$request_uri; }