Docker security

Modularization Virtualization

Modularization Virtualization

Modularization virtualization has emerged as a game-changing technology in the field of computing. This innovative approach allows organizations to streamline operations, improve efficiency, and enhance scalability. In this blog post, we will explore the concept of modularization virtualization, understand its benefits, and discover how it is revolutionizing various industries.

Modularization virtualization refers to breaking down complex systems or applications into smaller, independent modules that can be managed and operated individually. These modules are then virtualized, enabling them to run on virtual machines or containers separate from the underlying hardware infrastructure. This approach offers numerous advantages over traditional monolithic systems.

Modularization virtualization brings together two transformative concepts in technology. Modularization refers to the practice of breaking down complex systems into smaller, independent modules, while virtualization involves creating virtual instances of hardware, software, or networks. When combined, these concepts enable flexible, scalable, and efficient systems.

Enhanced Flexibility and Scalability: By modularizing systems, organizations can easily add or remove modules as needed, allowing for greater flexibility and scalability. Virtualization further enhances this by providing the ability to create virtual instances on-demand, eliminating the need for physical infrastructure.

Modularization virtualization optimizes resource utilization by pooling and sharing resources across different modules and virtual instances. This leads to efficient use of hardware, reduced costs, and improved overall system performance.

- IT Infrastructure: Modularization virtualization has revolutionized IT infrastructure by enabling the creation of virtual servers, storage, and networks. This allows for easy provisioning, management, and scaling of IT resources, leading to increased efficiency and cost savings.

- Manufacturing:In the manufacturing industry, modularization virtualization has streamlined production processes by creating modular units that can be easily reconfigured and adapted. This enables agile manufacturing, faster time-to-market, and improved product quality.

- Healthcare:The healthcare sector has embraced modularization virtualization to enhance patient care and improve operational efficiency. Virtualized healthcare systems enable seamless data sharing, remote patient monitoring, and resource optimization, leading to better healthcare outcomes.

Highlights: Modularization Virtualization

Data centers and modularity

There are two ways to approach modularity in data center design. In the first step, each leaf (pod or rack) must be constructed entirely. Each pod contains the necessary storage, processing, and other services to perform a specific task. It is possible to design pods to provide Hadoop databases and human resources systems or even build application environments.

In a modular network, pods can be exchanged relatively independently of each other and other services and pods. Services can be connected (or disconnected) according to their needs. This model is extremely flexible and ideal for enterprises and other users of data centers with rapidly changing needs.

The second approach modularizes pods according to their resource availability. Block storage pods, file storage pods, virtualized compute pods, and bare metal compute pods can all be housed in different pods. By upgrading one type of resource in bulk, the network operator can minimize the effect of upgrading it on the operation of specific services in the data center. This solution would benefit organizations that virtualize most of their services on standard hardware and want to separate hardware and software lifecycle management.

Of course, the two options can be mixed. In a data protection pod, backup services might be provided to other pods, which would then be organized based on their services rather than their resources. A resource-based modularization plan may be interrupted if an occasional service runs on bare metal servers instead of virtual servers. There are two types of traffic in these situations: those that can be moved for optimal traffic levels and those that cannot.

Performing modularization

With virtualization modularization, systems are deemed modular when they can be decomposed into several components that may be mixed and matched in various configurations. So, with virtualization modularization, we don’t have one flat network; we have different modules with virtualization as the base technology performing the modularization. Some of these virtualization technologies include MPLS.

MPLS overlay
Diagram: MPLS Overlay

Overlay Networking: Modular Partitions

To move data across the physical network, overlay services, and data-plane encapsulations must be defined. Underlay networks (or simply underlays) are typically used for this type of transport. The OSI layer at which tunnel encapsulation occurs is crucial to determining the underlay. The overlay header type somewhat dictates the transport network type. With VXLAN, for example, the underlying transport network (underlay) is a Layer 3 network that transports VXLAN-encapsulated packets between the source and destination tunnel edge devices. As a result, the underlay facilitates reachability between the tunnel edge devices and the overlay edge devices.

VXLAN multicast mode
Diagram: VXLAN multicast mode

Reducing state and control plane

Why don’t we rebuild the Internet into one flat-switched domain – the flat earth model? The problem with designing one significant flat architecture is that you would find no way to reduce individual devices’ state and control plane. To forward packets efficiently, every device would have to know how to reach every other device; each device would also have to be interrupted every time there was a state change on any router in the entire domain. This is in contrast to modularization virtualization, also called virtualization modularization.

Modularity: Data Center Design

Modularity in data center design can be approached in two ways.

To begin with, each leaf (or pod, or “rack”) should be constructed as a complete unit. Each pod provides storage, processing, and other services to perform all the tasks associated with one specific service set. One pod may be designed to process and store Hadoop data, another for human resources management, or an application build environment.

This modularity allows the network designer to interchange different types of pods without affecting other pods or services in the network. By connecting (or disconnecting) services as needed, the fabric becomes a “black box”. The model is flexible for enterprises and other data center users whose needs constantly change.

In addition, pods can be modularized according to the type of resources they offer. The bare metal compute, the virtualized compute, and the block storage pods may be housed in different pods. As a result, the network operator can upgrade one type of resource en masse with minimal impact on the operation of any particular service in the data center. A solution like this is more suited to organizations that can virtualize most of their services onto standard hardware and want to manage the hardware life cycle separately from the software life cycle.

what is spine and leaf architecture
Diagram: What is spine and leaf architecture? 2-Tier Spine Leaf Design

Related: Before you proceed, you may find the following posts helpful:

  1. What is VXLAN
  2. Container Based Virtualization
  3. What is Segment Routing
  4. WAN Virtualization
  5. WAN SDN
  6. IPSec Fault Tolerance

Modularization Virtualization

Back to basics with network modularity and hierarchical network design

Hierarchical network design reaches beyond hub-and-spoke topologies at the module level and provides rules, or general design methods, that give the best overall network design. 

The first rule is to assign each module a single function. Reducing the number of functions or roles assigned to any particular module will help. It will also streamline the configuration of devices within the module and along its edge. 

The second general rule in the hierarchical method is to design the network modules. Hence, every module at a given layer or distance from the network core has a roughly parallel function.

Modularization Virtualization
Why perform modularization? One big failure domain.

The amount of state and the rate at which it changes is impossible to maintain, and what you would witness would be a case of information overload at the machine level. Machine overload can be diagnosed into three independent problems below. The general idea behind machine overload is that too much information is insufficient for network efficiency. Some methods can reduce these defects, but no matter how much you try to optimize your design, you will never get away from the fact that fewer routes in a small domain are better than many routes in a large domain.

virtualization modularization
The need for virtualization modularization with machine overload.

CPU and memory utilization

On most Catalyst platforms, routing information is stored in a special high-speed memory called TCAM. Unfortunately, TCAM is not infinite and is generally expensive. Large routing tables require more CPU cycles, physical memory, and TCAM.

Rate of state of change

Every time the network topology changes, the control plane must adapt to the new topology. The bigger the domain, the more routers will have to recalculate the best path and propagate changes to their neighbors, increasing the rate of state change. Because MAC addresses are not hierarchical, a Layer 2 network has a much higher rate of state change than a Layer 3 network.

Positive feedback loops

Positive feedback loops add the concept of rate of change with the rate of information flow.

Virtualization Modularization
Positive feedback loops

 

  • Router A sends Router B a large database update which causes Router B’s control plane to fail.

  • Router B’s control plane failure is propagated to Router D and causes Router D’s control plane to fail.

  • Router D’s control plane failure is propagated to Router C and causes Router C’s control plane to fail.

  • Router C’s control plane failure is propagated to Router B and causes Router B’s control plane to fail.

Positive feedback loops

How can we address these challenges? The answer is network design with modularization and information hiding using virtualization modularization.

Modularization, virtualization, and information hiding

Information hiding reduces routing table sizes and state change rates by combining multiple destinations into one summary prefix, aggregation, or separating destinations into sub-topologies, aka virtualization. Information hiding can also be carried out by configuring route filters at specific network points.

Router B summarizes network 192.168.0.0/16 in the diagram below and sends the aggregate route to Router C. The aggregation process hides more specific routes behind Router A. Router C never receives any specifics or state changes for those specifics, so it doesn’t have to do any recalculations if the reachability of those networks changes. Link flaps and topology changes on Router A will not be known to Router C and vice versa.

Positive feedback loops

Positive feedback loops add the concept of rate of change with the rate of information flow.

Virtualization Modularization

Routers A and B are also in separate failure domains from router C. Routers C’s view of the network differs from Routers A and B. A failure domain is the set of devices that must recalculate their control plane information in the case of a topology change.

When a link or node fails in one fault domain, it does not affect the other. There is an actual split in the network. You could argue that aggregation does not split the network into “true” fault domains, as you can still have backup paths ( specific routes ) with different metrics reachable in the other domain.

If we split the network into fault domains, devices within each fault domain only compute paths within their fault domain. This drags the network closer to the MTTR/MTBF balance point, another reason you should divide complexity from complexity.

Virtualization Modularization

The essence of network design and fault domain isolation is based on the modularization principle. Modularization breaks up the control plane, giving you different information in different network sections. It would help if you engineered the network so it can manage organic growth and change with fixed limits. You can move to the next module when the network gets too big. The concept of repeatable configurations creates a more manageable network. Each topology should be designed and configured using the same tools where possible. 

Why Modularize?

The prime reason to introduce modularity and a design with modular building blocks is to reduce the amount of data any particular network device must handle when it describes and calculates paths to a specific destination. The less information the routing process has to process, the faster the network will converge in conjunction with tight modulation limits.

The essence of modularization can be traced back to why the OSI and TCP/IP models were introduced. So why do we have these models? First, they allow network engineers to break big problems into little pieces so we can focus on specific elements and not get clouded by the complexity of the entire problem all at once. With the practice of modulation, particular areas of the network are assigned specific tasks.

The core focuses solely on fast packet forwarding, while the edge carries out various functions such as policing, packet filtering, QoS classification, etc. Modulization is done by assigning specific tasks to different points in the network.

Virtualization techniques to perform modularization

Virtualization techniques such as MPLS and 802.1Q are also ways to perform modularization. The difference is that they are vertical rather than horizontal. Virtualization can be thought of as hiding information and vertical layers within a network. So why don’t we perform modularization on every router and put each router into a single domain? The answer is network stretch.

MPLS provides modularization by providing abstraction with labels. MPLS leverages the concept of predetermined “labels” to route traffic instead of relying solely on the ultimate source and destination addresses. This is done by appending a short bit sequence to the packet, known as forwarding equivalence class (FEC) or class of service (CoS).

Enhanced Scalability and Flexibility:

One of the primary benefits of modularization virtualization is its ability to enhance scalability and flexibility. Organizations can quickly scale their infrastructure up or down by virtualizing individual modules based on demand. This flexibility allows businesses to adapt rapidly to changing market conditions and optimize resource allocation.

Improved Fault Isolation and Resilience:

Modularization virtualization also improves fault isolation and resilience. Since each module operates independently, a failure or issue in one module does not impact the entire system. This isolation ensures that critical functions remain unaffected, enhancing the overall reliability and uptime of the system.

Simplified Development and Maintenance:

With modularization, virtualization, development, and maintenance become more manageable and efficient. Each module can be developed and tested independently, enabling faster deployment and reducing the risk of errors. Additionally, updates or changes to a specific module can be implemented without disrupting the entire system, minimizing downtime and reducing maintenance efforts.

Summary: Modularization Virtualization

In today’s fast-paced technological landscape, businesses constantly seek ways to optimize their operations and maximize efficiency. Two concepts that have gained significant attention in recent years are modularization and virtualization. In this blog post, we will explore the power of these two strategies and how they can revolutionize various industries.

Understanding Modularization

In simple terms, modularization refers to breaking down complex systems or processes into smaller, self-contained modules. Each module serves a specific function and can be developed, tested, and deployed independently. This approach offers several benefits, such as improved scalability, easier maintenance, and faster development cycles. Additionally, modularization promotes code reusability, allowing businesses to save time and resources by leveraging existing modules in different projects.

Unleashing the Potential of Virtualization

Conversely, virtualization involves creating virtual versions of physical resources, such as servers, storage devices, or networks. By decoupling software from hardware, virtualization enables businesses to achieve greater flexibility, cost-effectiveness, and resource utilization. Virtualization technology allows for creating virtual machines, virtual networks, and virtual storage, all of which can be easily managed and scaled based on demand. This reduces infrastructure costs, enhances disaster recovery capabilities, and simplifies software deployment.

Transforming Industries with Modularization and Virtualization

The combined power of modularization and virtualization can potentially transform numerous industries. Let’s examine a few examples:

1. IT Infrastructure: Modularization and virtualization can revolutionize how IT infrastructure is managed. By breaking down complex systems into modular components and leveraging virtualization, businesses can achieve greater agility, scalability, and cost-efficiency in managing their IT resources.

2. Manufacturing: Modularization allows for creating modular production units that can be easily reconfigured to adapt to changing demands. Coupled with virtualization, manufacturers can simulate and optimize their production processes, reducing waste and improving overall productivity.

3. Software Development: Modularization and virtualization are crucial in modern software development practices. Modular code allows for easier collaboration among developers and promotes rapid iteration. Virtualization enables developers to create virtual environments for testing, ensuring software compatibility and stability across different platforms.

Conclusion:

Modularization and virtualization are not just buzzwords; they are powerful strategies that can bring significant transformations across industries. By embracing modularization, businesses can achieve flexibility and scalability in their operations, while virtualization empowers them to optimize resource utilization and reduce costs. The synergy between these two concepts opens up endless possibilities for innovation and growth.

WAN Design Requirements

Network Stretch

Network Stretch

Network stretch refers to the capability of a network to extend its reach, connecting users and devices across geographical boundaries. This can be achieved through various technologies such as virtual private networks (VPNs), wide-area networks (WANs), or cloud-based networking solutions.

Network stretch goes beyond the traditional limitations of physical infrastructure and geographical boundaries. It refers to the ability of a network to expand, adapt, and connect diverse devices and systems across various locations. This flexibility allows for enhanced communication, collaboration, and access to resources.

Highlights: Network Stretch

Understanding Network Stretch Techniques

Network stretch techniques involve extending the boundaries of a network, enabling seamless communication across multiple locations, and enhancing connectivity beyond traditional limitations. Whether it’s through physical or virtual means, these techniques empower businesses to establish secure and reliable connections, regardless of geographic distances.

Organizations must adopt robust strategies tailored to their specific requirements to implement network stretch techniques successfully. Some key strategies include leveraging virtual private networks (VPNs), utilizing software-defined networking (SDN) solutions, and implementing hybrid cloud architectures. Each approach offers unique advantages, such as enhanced security, scalability, and flexibility.

Network routing forms the backbone of data transmission, guiding packets of information from source to destination. It involves selecting the most suitable path for data to travel through a network of interconnected devices. By efficiently navigating the network, data reaches its destination promptly, ensuring a smooth user experience.

Factors Influencing Network Path Selection

– Network Congestion: High network congestion can lead to data packet loss, delays, and poor quality of service. Routing algorithms consider network congestion levels to avoid congested paths and select alternative routes for optimal performance.

– Bandwidth Availability: Bandwidth availability along different network paths affects the speed and reliability of data transmission. Routing protocols consider the bandwidth capacity of various paths to choose the one that can efficiently handle the data volume.

– Latency and Delay: Reducing latency and minimizing delays are crucial for real-time applications such as video streaming, online gaming, and VoIP. Network routing algorithms consider latency measurements to choose paths with minimal delay, ensuring smooth and responsive user experiences.

Example: EIGRP and LFA

EIGRP LFA utilizes a pre-computed table called the Topology Table (T-Table), which stores information about feasible successors and loop-free alternate paths. When a primary path fails, EIGRP refers to the T-Table to quickly identify a backup path, avoiding potential loops.

EIGRP LFA offers numerous benefits, including reduced convergence time, improved network stability, and optimized resource utilization. It is particularly useful in environments where fast and reliable rerouting is critical, such as data centers, large enterprise networks, or service provider networks.

EIGRP LFA

Understanding BGP Route Reflection

BGP route reflection is a method that allows for efficient and scalable distribution of routing information within an Autonomous System (AS). It reduces the full mesh requirement between BGP speakers, providing a more streamlined approach for propagating routing updates.

One of the primary objectives of network redundancy is to ensure uninterrupted connectivity in the event of link or router failures. BGP route reflection plays a crucial role in achieving redundancy by allowing the distribution of routing information to multiple reflector routers. In case of a failure, the reflector routers can continue forwarding traffic to the remaining operational routers, ensuring seamless connectivity.

Enhancing connectivity

One of the critical advantages of network stretch is enhanced connectivity. By extending the network to different locations, businesses can seamlessly connect their employees, customers, and partners, regardless of location. This improves collaboration and communication and enables organizations to tap into new markets and expand their customer base.

End users perception

Defining and engineering the most optimal network path is critical to network architecture. The value of the network is most evident in the end users’ perception of application quality. Application quality and the perception of quality will vary from user to user.

For example, one user may view a 5-second interrupt to a voice call as acceptable, while another could classify this as unacceptable. To maintain a high-quality perception for all users, you must engineer a packet to reach its destination as quickly as possible. This is where the concept of “network stretch” comes into play. 

Software-defined networking (SDN)

Software-defined networking (SDN) is a crucial technology driving network stretch. SDN enables centralized control and management of network infrastructure, making it easier to scale and extend networks across multiple locations. By decoupling the network control plane from the underlying hardware, SDN offers greater flexibility, agility, and scalability, making it an ideal solution for network stretch.

software defined networking
Diagram: Software Defined Networking (SDN). Source is Opennetworking

Virtual private network (VPN) and GRE

Another critical technology is virtual private networks (VPNs), which provide secure and encrypted connections over public networks. VPNs play a crucial role in network stretch by enabling organizations to connect their various locations and remote workers securely. By utilizing VPNs, businesses can ensure that their data remains protected while allowing employees to access company resources anywhere in the world.

GRE configuration

Google Data Centers

Understanding Network Tiers

Network tiers, in the context of Google Cloud, refer to different levels of network performance and cost. Google Cloud offers three tiers: Premium, Standard, and Subnet. Each tier is designed to cater to specific requirements and budgets. By understanding the characteristics of each tier, businesses can make informed decisions to align their network spend with their operational needs.

The Premium tier is Google Cloud’s highest performing network tier. It offers low latency, high throughput, and extensive global coverage. This tier is ideal for businesses that require real-time data synchronization, such as streaming services, gaming platforms, and financial institutions. While the Premium tier comes at a higher cost compared to other tiers, its unmatched performance justifies the investment for businesses that prioritize speed and reliability.

The Standard tier strikes a balance between performance and cost-effectiveness. It provides reliable network connectivity for a wide range of use cases, including web applications, enterprise workloads, and database management systems. The Standard tier offers competitive pricing while maintaining reasonable latency and throughput. For businesses seeking a cost-efficient yet dependable network solution, the Standard tier is a compelling choice.

Understanding Google Cloud CDN

Google Cloud CDN is a global network of servers designed to deliver content with low latency and high availability. It caches static assets, such as images, videos, and documents, in strategically edge locations worldwide. When a user requests content from your website, Google Cloud CDN serves it from the nearest edge location, drastically reducing latency and improving overall performance.

a. Accelerated Content Delivery: By caching content at edge locations, Google Cloud CDN reduces the distance data must travel, resulting in faster content delivery. This translates to an improved user experience, decreased bounce rates, and increased conversions.

b. Scalability and Global Reach: With Google’s vast network infrastructure, Cloud CDN can effortlessly handle sudden spikes in traffic. Whether you have a local or global audience, Google Cloud CDN ensures consistent and reliable content delivery worldwide.

c. Cost Optimization: Google Cloud CDN optimizes cost by reducing bandwidth usage and offloading traffic from your origin server. With intelligent caching policies and efficient content delivery, you can save on infrastructure costs without compromising performance.

Understanding Google HA VPN

Google HA VPN is a highly scalable and fully managed service that allows you to securely connect your on-premises network to your Google Cloud Virtual Private Cloud (VPC) network. It provides a seamless and encrypted connection over the public internet, ensuring the confidentiality and integrity of your data. With HA VPN, you can establish a high-availability connection between your on-premises network and Google Cloud, enabling secure access to your cloud resources.

a. Enhanced Security: HA VPN utilizes robust encryption protocols, such as IPsec, to protect your data in transit. This ensures that your sensitive information remains secure from threats and unauthorized access.

b. Scalability: Google HA VPN is designed to handle high traffic volumes, allowing your network to grow seamlessly as your business expands. It provides ample bandwidth and can accommodate increased traffic demands without compromising performance.

c. Automated Failover: HA VPN offers built-in redundancy and failover capabilities, ensuring uninterrupted connectivity even during a network failure or outage. This feature guarantees high availability and minimizes downtime, enhancing your network’s reliability.

Related: For pre-information, you may find the following useful:

  1. Observability vs Monitoring
  2. Virtual Device Context
  3. Redundant Links
  4. SDN Data Center
  5. LISP Hybrid Cloud
  6. Ansible Architecture

Network Stretch

Understanding Stretch LAN

Stretch LAN, also known as Extended LAN or Stretched LAN, is an innovative networking approach that enables seamless connectivity across multiple geographical locations. Unlike traditional LANs, which are typically confined to a specific physical area, Stretch LAN extends the network coverage to distant places, creating a unified and expanded network infrastructure. This breakthrough technology has revolutionized how organizations establish and manage their networks, providing unprecedented flexibility and scalability.

Benefits of Stretch LAN

Enhanced Connectivity: Stretch LAN eliminates distance limitations, enabling seamless communication and data sharing across multiple locations. It promotes collaboration, improves productivity, and fosters a cohesive work environment even when teams are geographically dispersed.

Cost-Effective: By leveraging existing network infrastructure and extending it to new locations, Stretch LAN eliminates the need for costly hardware investments. This cost-effectiveness makes it attractive for businesses looking to expand their operations without breaking the bank.

Scalability and Flexibility: Stretch LAN offers unparalleled scalability, allowing organizations to add or remove locations as needed quickly. It provides the flexibility to accommodate evolving business needs, ensuring the network can grow alongside the organization.

Implementing Stretch LAN

Network Architecture: Implementing Stretch LAN requires careful planning and a well-designed network architecture. It involves deploying specialized equipment, such as stretch switches and routers, which facilitate the seamless extension of the LAN.

Configuration and Security: Proper configuration and security measures are essential to ensure the integrity and confidentiality of data transmitted across the Stretch LAN. Encryption protocols, firewalls, and robust access controls must be implemented to safeguard against potential threats.

Applications of Stretch LAN

Multi-Site Organizations: Stretch LAN is particularly advantageous for businesses with multiple locations, such as retail chains, educational institutions, or healthcare facilities. It provides a unified network infrastructure, enabling seamless site communication and resource sharing.

Disaster Recovery: Stretch LAN plays a crucial role in disaster recovery scenarios, where maintaining network connectivity is vital. By extending the LAN to a remote backup site, organizations can ensure uninterrupted access to critical data and applications, even in a disaster at the primary location.

Lab Guide: Router on a stick configuration

A router on a Stick is a networking setup where a single physical interface on a router is used to communicate with multiple VLANs (Virtual Local Area Networks). A trunk port is utilized instead of dedicating a separate port for each VLAN. This trunk port carries traffic from multiple VLANs to the router, which is processed and forwarded accordingly. Network administrators can effectively manage and control traffic flow within their network infrastructure by leveraging this configuration.

Note: 

VLAN 10 and VLAN 20 are configured on the switch, and a single cable connects the router and switch. Routers need access to both VLANs, so switches and routers will share the same trunk!

Subinterfaces can be created on a router. We can configure IP addresses on each sub-interface of these virtual interfaces.

Here are the IP addresses I assigned to my two sub-interfaces. The default gateway for computers in VLAN 10 will be 192.168.10.254, while the default gateway for computers in VLAN 20 will be 192.168.20.254.

Encapsulation dot1Q is an important command. Our router cannot tell which VLAN belongs to which sub-interface, so we must use this command.Fa0/0.10 will belong to VLAN 10, and Fa0/0.20 will belong to VLAN 20.

router on a stick

To grasp the concept of the router on a stick, we must first delve into its fundamental principles. Essentially, a router on a stick involves using a single physical interface on a router to handle traffic between multiple VLANs. By utilizing subinterfaces and 802.1Q tagging, network administrators can achieve efficient inter-VLAN routing without requiring dedicated router interfaces for each VLAN.

Benefits and Use Cases

A router on a stick offers several advantages, making it an attractive option for various scenarios. First, it saves costs by reducing the number of physical router interfaces required. Second, it simplifies network management by centralizing routing configurations. This technique is beneficial in environments where VLANs are prevalent, such as educational institutions, large enterprises, or multi-tenant buildings.

Deploying Stretched VLANs/LAN Extensions

Migration of virtual machines to another data center is critical for virtual workload mobility. Conversely, virtual machines and their applications can still communicate and be identified on the network, and services can continue to run.

Stretched VLANs, which span multiple physical data centers, are typically required for this to work. A Layer 3 WAN SDN connects locations in multisite data center topologies. This is the most straightforward configuration, removing many complex considerations from the environment.

A native Layer 3 environment requires migrated devices to change their IP addresses to match the addressing scheme at the other site, or all resources on the VLAN subnet must be moved at once. This approach severely restricts the ability to move resources from one site to another and does not provide flexibility.

Therefore, it is necessary to implement stretched VLANs to facilitate live migration over distance since they can extend beyond a single site and enable resources to communicate as if they were local.

Stretched VLAN
Diagram: Stretch VLAN. The source is VMware.

Overlay Networking

Overlay networking is a virtual network infrastructure that operates on top of an existing physical network. It allows for creating logical networks decoupled from the underlying hardware infrastructure. Organizations can achieve greater flexibility, scalability, and security by encapsulating data packets within a separate overlay network.

Benefits of Overlay Networking

Overlay networking offers a multitude of benefits for businesses. Firstly, it simplifies network management by enabling seamless integration of different network types, such as virtual private networks (VPNs) and software-defined networks (SDNs). Secondly, overlay networks empower organizations to scale their infrastructure effortlessly, as new devices and services can be added without disrupting the existing network. Lastly, overlay networking enhances security by isolating and encrypting traffic within the overlay, protecting sensitive data from unauthorized access.

VXLAN multicast mode

Implementation of Overlay Networking

Implementing overlay networking requires a robust and flexible software-defined network controller. This controller manages the creation, configuration, and maintenance of overlay networks. The underlying physical network must also support the necessary protocols, such as Virtual Extensible LAN (VXLAN) or Generic Routing Encapsulation (GRE). Organizations can leverage these technologies to establish overlay networks across data centers, cloud environments, and geographically dispersed locations.

GRE over IPsec

Network modularity. Different designs and approaches.

Layered hub-and-spoke topologies are more widely used because they provide better network convergence than ring topologies. What about building a full mesh of modules?

Although a full mesh design might work well for a network with a small set of modules, it does not have stellar scaling characteristics because it requires an additional (and increasingly more extensive) set of ports and links for each module added to the network. 

Additionally, full mesh designs don’t lend themselves to efficient policy implementation; each link between every pair of modules must have policy configured and managed, a job that can become demanding as the network expands.

network modularity
Diagram: Network modularity. Source is Networkdirection

The Value of Network Modularity

Modular network design is an approach to architecture that divides the entire network into small, independent units or modules. These modules can be connected to form a more extensive network, enabling organizations to create a custom network tailored to their specific needs. Organizations can customize their network using modular network design to meet performance and scalability requirements while providing a cost-effective solution.

The value of a stretch network is that it’s modular and can affect only certain network parts. Therefore, you can design around its concept. A modular network separates the network into various functional modules consisting of network functions, each targeting a specific place or purpose in the network.

This brings a lot of value from a security and performance perspective. In a leaf and spine data center design, you could consider a network module, a pod, or a group of pods. So, the stretched network concepts must first be addressed with a bird’s eye view in the network design.

Network Stretch and Route Path Selection

Network stretch is the difference between the best possible path and the actual path the traffic takes through the network. The concept of a stretched network relates to both Layers 2 and 3.

For instance, if the shortest actual path available is 2 hops, but the traffic follows a 3-hop path, the stretch is 1. An increase in network stretch always represents sub-optimal use of available resources. To fully understand the concept of network stretch, first, consider the basics of route path selection and route aggregation.

stretch network
Diagram: The basics of routing: Destination-based routing.

The following diagram illustrates the basics of routing. We have three routers in the network topology. Router 1 has two outbound connections—one to Router 2 and another to Router 3, each with different routing metrics. Routers 1 to Router 2 cost 10, and Router 1 to Router 3 cost 20. Destination-based routing for the same prefix length always prefers a path with a lower cost, resulting in traffic following the path to Router 2.

Route path selection

One critical aspect of a router’s functionality is its ability to determine the most efficient route for these packets. This process, known as route path selection, ensures data is transmitted optimally and reliably.

Factors Influencing Route Path Selection:

1. Network Topology:

The underlying network topology significantly impacts the route path selection process. Routers have a routing table containing information about the available paths to different destinations. Based on this information, a router determines the best path to forward packets. Factors such as the number of hops, link capacity, and network congestion are considered to ensure efficient data transmission.

2. Administrative Distance:

Administrative distance is a metric routers use to determine the reliability of a particular routing protocol or source. Each forwarding routing protocol is assigned a numerical value indicating its preference level. With multiple routing protocols or sources, the router selects the one with the lowest administrative distance. For example, a router might prefer a directly connected network over a network learned through a dynamic routing protocol.

3. Routing Metrics:

Routing metrics are used to quantify the performance characteristics of a route. Different routing protocols utilize various metrics to determine the best path. Standard metrics include hop count, bandwidth, delay, reliability, and load. By analyzing these metrics, routers can select the most suitable path based on the network requirements and priorities. Take note of the metric assigned to the individual routes once the summary routes have been configured on R1. A metric of 16 is assigned, meaning they are not used while the summary route is in place.

RIP configuration

Routing Algorithms:

1. Shortest Path First (SPF) Algorithm:

The SPF algorithm, Dijkstra’s algorithm, is widely used for route path selection. It calculates the shortest path between the source and destination based on the link costs. The algorithm maintains a routing table that stores the shortest path to each destination. By iteratively updating the routing table, routers can dynamically adapt to changes in the network topology.

2. Border Gateway Protocol (BGP):

BGP is a routing protocol used in large-scale networks like the Internet. Unlike interior routing protocols, BGP focuses on inter-domain routing. BGP routers exchange routing information to determine the best path for data transmission. BGP considers path length, AS (Autonomous System) path, and routing policies to select routes.

Route aggregation

Next, we have route aggregation. Route summarization—also known as route aggregation—is a method to minimize the number of routing tables in an IP network. It consolidates selected multiple routes into a single route advertisement, which serves two purposes in the network. 

  1. Breaking the network into multiple failure domains and
  2. Reducing the amount of information the routing protocol must deal with when converging.

In our case, Router 1 must install all individual routes without route aggregation, including metrics, tags, and other information. The best path to reach a particular destination must be calculated every time the topology changes.

Route aggregation is crucial in simplifying the routing process and optimizing network performance in networking. By consolidating multiple network routes into a single entry, route aggregation reduces the size of routing tables, improves scalability, and enhances overall network efficiency. In this blog post, we will explore the concept of route aggregation, its benefits, and its implementation in modern networking environments.

RIP Configuration

1st Lab guide: EIGRP Summary Address

In the following lab guide, we have a DMVPN network.  R11 is the hub, and R31 and R41 are the spokes. We are running EIGRP over the DMVPN tunnel, which is a mGRE tunnel. EIGRP has been configured to send a summary route to the spoke sites.

Notice below in the screenshot that after the configuration, we have a Null0 route on the hub where the summarization was configured, and also, the spokes now only have one route, i.e., the summary route, in their routing tables.

Remember that when you have a Hub and Spoke topology and a Distant Vector protocol, we have issues with Split Horizon at the hub site. However, as we are sending a summary route from the Hub, this is not an issue.

EIGRP Summary Address
Diagram: EIGRP Summary Address

What is Route Aggregation?

Route aggregation, also known as route summarization or supernetting, is a technique for consolidating multiple network routes into a more concise representation. Instead of advertising individual routes, network administrators can advertise a summarized route, which encompasses several smaller routes. This consolidation allows routers to make more efficient routing decisions, reducing the complexity of routing tables.

Benefits of Route Aggregation:

1. Reduced Routing Table Size: One of route aggregation’s primary advantages is the significant reduction in routing table size. By summarizing multiple routes into a single entry, the number of entries in the routing table is significantly reduced, leading to faster routing lookups and improved scalability.

2. Enhanced Network Efficiency: Smaller routing tables allow routers to process routing updates more quickly, improving network efficiency. The reduced size of routing tables also reduces memory and processing requirements, enabling routers to handle higher traffic loads without performance degradation.

3. Improved Convergence: Route aggregation helps to improve network convergence, which refers to the time it takes for routers to reach a consistent view of the network topology after a change occurs. Consolidating routes expedites the convergence process, as routers have fewer individual routes to process and update.

4. Enhanced Security: Using route aggregation, network administrators can help protect network resources by concealing internal network details. By advertising summarized routes instead of specific routes, potential attackers find it more challenging to gain insight into the network’s internal structure.

Implementation of Route Aggregation:

Route aggregation can be implemented using various routing protocols, such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF). These protocols allow network administrators to configure route summarization at specific points within the network, optimizing routing efficiency.

When implementing route aggregation, balancing summarizing routes too aggressively and maintaining the necessary network granularity level is essential. Over-aggregation can lead to suboptimal routing decisions and potential connectivity issues. Network administrators must carefully design and configure route aggregation to ensure optimal performance.

Route Aggregation: A networking technique

Route aggregation is a networking technique that reduces the number of routes in a routing table. It is based on summarizing multiple IP addresses into a single IP address prefix. The method reduces the size of routing tables, thereby reducing the memory and bandwidth required for network communication.

Route aggregation, also known as route summarization or supernetting, groups multiple IP addresses into a single IP address prefix by selecting a typical bit pattern between the IP addresses and replacing that bit pattern with a single value. This reduces the number of routes, reducing the router’s total memory and bandwidth requirements.

Route aggregation can be used in both interior and exterior routing protocols. In internal protocols, the router can use route aggregation to reduce the number of routes in the routing table, thus reducing the total memory and bandwidth requirements.

In exterior protocols, route aggregation can reduce the number of routes sent to other network routers. This reduces the overall network traffic and the time it takes for the routing information to be propagated throughout the network.

Route aggregation and performance problems

This can cause performance problems, especially if the network has a high state change rate and many routes. Whenever the network topology changes, the router’s control plane must go through the convergence process steps ( detect, describe, switch, find ) and recalculate the best path to the affected destinations. If the rate of change is faster than the control plane can calculate new best paths, the network will never converge. One method used to overcome this is Route Aggregation.

Route aggregation creates separate failure domains and boundaries in the network. Routing nodes on different sides of the boundary will not query each other. It is essentially slicing the network. In addition, if a specific link frequently alternates between Up and Down states, the links uninvolved in the route summarization will not be affected. This prevents route flapping and improves network stability.

Route aggregation example:

So, in summary, route aggregation lets you take several specific routes and combine them into one inclusive route. As a result, route aggregation can reduce the number of routes a given protocol advertises. This is because the aggregates are activated by contributing routes. The routing protocols will have different route aggregation methods, such as those used in OSPF. When an ABR sends routing information to other areas, it originates Type 3 LSAs for each network segment.

If any contiguous segments exist in this area, run the abr-summary command to summarize these segments into one. An ABR then sends just one summarized LSA to other areas, and no LSAs belong to the summarized network segment specified by this command. Therefore, the routing table size is reduced, and router performance is improved. The critical point in the diagram below is the two separate failure domains. Failure domains A and B. 

route aggregation
Diagram: Route aggregation.

State versus stretch

This has benefits and drawbacks in that packets can follow a less optimal path to reach their destination. When you summarize at the edge of the network, the receiving router loses complete network visibility, which can cause an increase in network stretch in some cases. What happens to traffic entering Router 1 and traveling to destination 192.168.1.1/24?

route summarization
Diagram: The issues of route summarization.

Loss of visibility and state results in suboptimal traffic flow

Without aggregation on Router 3, this traffic would flow to Router 1 – Router 3 – Router 6. However, with route aggregation configured on both Router 2 and Router 3, this traffic will take the path with the better cost, Router 1 – Router 2 – Router 3 – Router 6, increasing one hop. As a result, the path from Router 1 to reach the destination 192.168.1.1/24 has stretched by one hop – or the stretch of the network has increased by 1.

Understanding Suboptimal Traffic Flow:

Suboptimal traffic flow is when data packets transmitted through routers take longer than necessary to reach their destination. This issue arises due to the complex nature of router operations, congestion, and routing protocols. Simply put, the path the data packets take is inefficient, resulting in delays, packet loss, and even degraded network performance.

    • Causes of Suboptimal Traffic Flow:

Several factors contribute to routers’ suboptimal traffic flow. One significant factor is the inefficient routing algorithms employed by routers. These algorithms determine the best path for data packets to travel through a network. However, due to limitations in these algorithms, they may choose suboptimal paths, such as congested or longer routes, resulting in delays.

Another cause of suboptimal traffic flow is network congestion. Conger occurs when multiple devices are connected to a router, and the data traffic exceeds capacity. This congestion leads to packet loss, increased latency, and inefficient traffic flow.

    • Impact on Online Experiences:

The suboptimal traffic flow in routers can significantly impact our online experiences. Slow-loading web pages, buffering videos, and laggy online gaming sessions are just a few examples. Beyond these inconveniences, businesses relying on efficient data transfer may suffer from decreased productivity and customer dissatisfaction. It is, therefore, crucial to address this issue to ensure a seamless online experience for all users.

    • Solutions to Improve Traffic Flow:

Several approaches can improve routers’ suboptimal traffic flow. One solution is investing in routers with advanced algorithms that optimize the path selection process. These algorithms can consider network congestion, latency, and packet loss to choose the most efficient route for data packets.

Additionally, implementing Quality of Service (QoS) techniques can help prioritize critical traffic, ensuring that it receives higher bandwidth and lower latency. By giving priority to time-sensitive applications such as video streaming or VoIP calls, QoS can significantly improve the overall traffic flow.

Regular router maintenance and firmware updates are also crucial to maintaining optimal traffic flow. By keeping the router’s software current, manufacturers can address any known issues and improve the device’s overall performance and efficiency.

    • Network Performance and CDN

Moreover, network performance can be impacted when the network is stretched over long distances. Latency and bandwidth limitations can affect the user experience, particularly for applications that require real-time data transmission. To overcome these challenges, businesses must carefully design their network architecture, leveraging technologies like content delivery networks (CDNs) and edge computing.

    • State reduction ( blocking links ) costs increase the stretch. 

Consider the example of a Spanning Tree regarding state/stretch trade-offs. A spanning tree works by selecting one switch as the tree’s root and selecting specific links within the tree structure to move toward the root. This reduces the state to an absolute minimum by forcing all traffic along a single tree and blocking redundant links that don’t belong to that Tree. However, the state reduction ( blocking links ) costs increase the stretch through the network to the maximum possible.

This has led to the introduction of THRILL and Cisco’s FabricPath. These technologies allow you to have active/active paths, thereby increasing the state of the network while decreasing the stretch. When examining the data center transition, the default way to create scalable designs for Layers 2 and 3 is to have an overlay, such as VXLAN. Layer 2 and 3 traffic is differentiated with the VNI of the VXLAN header. All of these operate over a routed Layer 3 underlay.

VXLAN Benefits
VXLAN Benefits: Scale and loop-free networks.

A closing point on the stretch network

You can’t hide state information constantly, as it decreases the network’s overall efficiency by increasing the stretch. However, if all your traffic flows north/south, reducing the state will not impact the stretch, as the traffic can only follow one direction. But if you have a combination of traffic patterns ( north/south & east/west ), reducing the state will cause traffic to take a sub-optimal path through the network – thus increasing the stretch.

Summary: Network Stretch

In this fast-paced digital age, the concept of network stretch has emerged as a game-changer. Network stretch refers to expanding and optimizing networks to meet the increasing demands of connectivity. This blog post explored the various aspects of network stretch and how it can revolutionize how we connect and communicate.

Understanding Network Stretch

Network stretch is more than expanding physical infrastructure. It involves leveraging advanced technologies, such as software-defined networking (SDN) and network function virtualization (NFV), to enhance network capabilities. By embracing network stretch, organizations can achieve scalability, flexibility, and improved performance.

The Benefits of Network Stretch

Network stretch offers a myriad of benefits. Firstly, it enables seamless connectivity across various locations, allowing businesses to expand their reach without compromising network performance. Secondly, it enhances disaster recovery capabilities by creating redundant pathways and ensuring business continuity. Lastly, network stretch empowers organizations to adopt cloud-based services and leverage the Internet of Things (IoT) power.

Implementing Network Stretch Strategies

Implementing network stretch requires careful planning and execution. Organizations need to assess their current network infrastructure, identify areas for improvement, and leverage technologies like SDN and NFV. Working with experienced network providers can also help design and deploy robust network stretch solutions tailored to specific business needs.

Overcoming Challenges

While network stretch offers immense potential, it comes with its challenges. Ensuring security across stretched networks becomes paramount, as it involves a broader attack surface. Proper encryption, authentication protocols, and network segmentation are crucial to mitigate risks. Additionally, organizations must address potential latency issues and ensure seamless integration with existing network infrastructure.

Conclusion:

In conclusion, network stretch presents a remarkable opportunity for organizations to unlock new connectivity, scalability, and performance levels. By embracing advanced technologies and implementing sound strategies, businesses can revolutionize their networks and stay ahead in the digital era. Whether expanding geographical reach, improving disaster recovery capabilities, or embracing emerging technologies, network stretch is the key to a more connected future.