Extreme Networks

Let me add my views on a couple of the points your raised:

Q: “When reading the various manuals you observe from a high level things that are sometimes hard to put into a real world context, like being able to join different VLAN ID’s on a single I-SID, but what sort of problems would that solve?”

A: Here are a couple use cases where port based VIDs can come in handy:

• If you are a provider or multi-tenant offering and you have multiple customers with their own VLAN space. With this feature you can serve each customer individually per port and you don’t have to worry what VLANs they are using. This gives 24bits to address the customer segments and removes the 12bit VLAN limitation.
• I already talked about collision avoidance with FA and Auto-Sense, where VLANs are used as multi-plexing Id and less about a VLAN identifier.
• We have used switched/flex UNIs on ports where we had L2 firewalls between two ISIDs. This allowed us to route the traffic through FW elegantly.

 Q: “I understand the hyper virtualisation aspect of the fabric, but what about pulling it together, using the i-SID as service and the addition of L3VSN’s. How complicated or practical or widespread would it be to use lots of IS-IS accept polices to allow access to services or is the use of a Firewall more prevalent for intra service communication or generally this is just for special cases?”

A: We do see both heavily used. As you say, using IS-IS accept policies allows you to build nice hub-and-spoke L3 domains where you can create a shared segment that all spokes can access. This is a nice way to provide a shared voice infrastructure to many tenants. However some customers need more security and they interconnect L3 VSNs only through firewalls. Either approach is fine and can be used in conjunction.

Q: “Also not sure about the idea where Fabric is extensively being used for the VLAN /IP  to follow the client anywhere in the network as the norm i.e. if you have a network with lots of edge cabinets through ExtremeControl I’ve kept say logical /24 subnets for Data, Voice etc contained to location - kept traditional best practices. If a client moves it simply gets a different IP in the new location based on the switch it connects too. I am seeing that the fabric is removing those boundaries but is that a good idea? I get it for specific cases but not adopted as the norm. ”

A: Actually, that is happening quite often; when you take this approach, you can define the security per service (VLAN/ISID/IP Subnet) and not per physical location. It does not matter anymore where users connect to the network. Wired mobility becomes as flexible as wireless mobility to support adds moves and changes. Especially with IOT this is becoming more and more important.

Q: “What about prospect of VLAN loops with the VLAN potentially anywhere in the network?”

A: “Loops within the fabric itself are not happening. When there are loops, then it is at the edge. All edge nodes MAC table for the looping service (VLAN/ISID) will be affected, no matter whether they are spread out or locallized. The core switches will not be affected, except that they might see more traffic. We do recommend using loop-protection features such as BPDU-guard and SLPP. However I think using EAP/NEAP will reduce the likelyhood of loops greatly as ports are not by default open anymore.

I hope other folks will chime in as well in provide their perspectives.

regards

Roger