Search Results

Core Layer 1 represents a physical ring spanned across two data centres with the access extensions provided off the Layer 3 core switches. The backhaul connectivity is provided by two carriers.

Infrastructure Layer 1 represents an access layer built to the server farm hosted in the private cloud

Core Layer 2 connectivity is provided through EVPN sub interfaces (refer to the respective chapter) where dot1q tagged frames are getting popped at the PE and then, incapsulated into Layer 2 VXLAN VNIs for further transport. The only exception from that rule ...

The same principle applies to the Core – Cloud trunks represented by EVPN ESI

OSPF has been chosen as an EVPN underlay protocol as opposed to Full Mesh BGP unnumbered to minimize the complexity of the network at a cost of scalability. The Following diagram represents a single OSPF backbone area 0 spanned across two datacenters (logical...

The Core overlay is built up on VXLAN EVPN allowing for granular network segmentation (L2/L3 VPN) not only within a single datacenter but also spanning the connectivity across the entire infrastructure. Each Datacenter is represented by its’ own autonomous sy...

As mentioned earlier, EVPN was adopted to allow network segmentation at Datalink and Network layers along with network extension (L2/L3 VPNs) where relevant The “Local” VRF represents a Layer 2 domain isolated to a datacenter making sure the traffic is not tr...

Management VRF is a Layer 3 VRF built on top of the existing “Local” L2 VRF used as transport From the Data link layer perspective, we are using the same RT allowing for L2 connectivity within the Datacenter, yet from the Network layer view, we are standing u...

Public VRF is built to provide connectivity with public peers (IP Transit) and the Outside Firewall Zone and is an example of L2/L3 VRFs extended over the backhaul. Core VTEPs in each of the datacenters are configured with matching RTs allowing EVPN peers to ...

Like the Public, Private VRF has been built to accommodate for peering in the Private address space (e.g. AWS)

Public VRF is represented by various logical zones. At the centre we have a Core AS PUBLIC which has peering upstream and downstream. Each of the switches has an upstream leg to one IP Transit provider with ISP1 being preferred with local preference of 150 fo...

Private VRF is represented by two Core ASNs 65101 (DC01) and 65111(DC11) and has peering with AWS ASN 65121 out of each datacentre. To allow for Inter-VRF routing (Public/Private) all switches have BGP peering with the firewall cluster. MED is used to route a...

Private VRF is represented by four security zones each with its' own feature set and functionality

Public VRF is represented by a single security zone with an intent to publish front end and other resources to the external networks