Allied Telesis x908, X900 User Manual 4

Solutions | Network Virtualization

Allied Telesis provide virtual customer networks

over shared Ethernet infrastructure

Solutions | Network Virtualization

Today’s building management companies can derive revenue
from their commercial tenants by providing facilities beyond
just floor space. Reliable and secure network connectivity and
data storage services are now highly attractive to commercial
tenants. However, when your company manages a multiple tenant
building – this could be a shopping mall or office block – how
do you provide these services securely, affordably, and simply?

They key is to be able to build a single network infrastructure
through the building, and then allow the individual tenants
to overlay their own virtual networks over this shared
infrastructure. Moreover, it is vital that you achieve this
network vir tualization securely. Individual tenants need to
be 100% confident that their virtual network is completely
invulnerable to snooping or infection by other tenants.

In addition, to meet your network management needs the
infrastructure must be resilient, scalable, and simple to manage.

Allied Telesis have developed a combination of products and features
that provide remarkably secure, reliable, high-performance virtual
network infrastructure at extremely cost-effective price points.

Virtualisation

The key component in this solution is the standards-compliant
VLAN encapsulation (known as VLAN double tagging or QinQ).
This makes it possible for each tenant to have their own
complete VLAN structure overlaid onto the physical network,
running parallel with every other tenant’s VLAN structure,
even if they are using the same VLAN IDs as other tenants.

Each tenant is assigned a unique encapsulating VLAN, which forms
their own vir tual tunnel right across the whole shared network.
On the shared segments, each tenant’s data runs within its own
tunnel, completely separated from anyone else’s data, with no
possibility of cross-over from one virtual network to another.

Resilience

Allied Telesis premium ring resiliency technology, Ethernet Protected
Switching Ring (EPSR), has been developed and hardened in
demanding Service Provider and Telco sectors. This technology
provides true carrier-class network resiliency, and has been made
available on Allied Telesis switches at an Enterprise-level price point
with absolutely no drop in reliability or performance.

The layout of typical commercial premises, such as office blocks,
shopping malls, and airports, lends itself to the use of a core ring of
switches as a high-speed backbone of the network infrastructure.
This highly resilient network technology is perfect to overlay
multiple virtual networks for many tenants or clients, where
everyone benefits from the maximum network uptime and high
bandwidth provided.

More information on using EPSR in enterprise applications can be
found in the “Resilient Networking with EPSR” technology solution
available here:

http://www.alliedtelesis.com/resources/literature/literature.aspx?id=5

Other features such as excellent network storm control and
prioritisation of network control traffic also contribute to creating
extremely high network availability. Add switch hardware features
like dual hot-swappable power supplies, and continuation of services
is all but guaranteed.

Security

Allied Telesis switches combine leading LAN security with
comprehensive privacy protection to ensure complete
security for end-customers who vir tualize their LANs
over a shared physical infrastructure. More information
on the advanced LAN security features found in Allied
Telesis switches can be found on our website:

http://www.alliedtelesis.com/solutions/category.aspx?5

The IP-binding and Private VLAN (using MAC-Forced Forwarding)
implementations in Allied Telesis products have been developed
to meet the stringent user privacy and data security requirements
of Service Providers. Private VLANs ensure that no traffic from a
switch port can be seen from another switch port. The addition
of MAC-Forced Forwarding adds fur ther security by sending
all traffic only to a specific known destination, making snooping
on your neighbour near impossible. Commercial tenants can
be fully confident that their privacy and security is ensured.

2 | Allied Telesis Solutions: Network Virtualisation www.alliedtelesis.com

Ne t w o r k re s i l i e N c y so l u t i o N s

| VCStack + Link aggregation

Performance

As the corporate world comes to rely more than ever on
Information Technology resources and applications, a high
performance, high availability infrastructure is vital. An EPSR ring at
the core of the network provides these performance benefits:

High bandwidth: An EPSR ring can run at up to 10Gbps (or ■

multiples of 10Gbps), utilizing today's fastest Ethernet standard
for maximum data throughput.

Immediate access: Seamless connectivity via voice, video, or ■

email is maintained, and network servers are accessible with no
delay.

High availability: With no single point of failure, continuous ■

access to critical business data and network resources is
maintained.

Application versatility: High bandwidth and ultra-fast failover ■

lend themselves to multiple applications simultaneously using
the network. Real-time applications like surveillance, video
streaming and voice over IP can be used right alongside data
and Internet access.

The Allied Telesis SwitchBlade x908 and x900 series switching
fabrics provide extremely powerful and reliable forwarding engines
over which to lay the network infrastructure. All Layer 2 and Layer
3 forwarding, traffic filtering, data encapsulation, traffic prioritization,
and network storm protection are carried out at wire-speed on all
interfaces with low latency.

Scalability

The flexibility of the SwitchBlade x908 and x900 series switches
makes network expansion incredibly simple. The modular chassis
design, coupled with the hot-swappable interface modules, mean
that it is possible, for example, to upgrade the bandwidth of the
core ring with absolutely ZERO downtime.

Similarly, as client device numbers increase, new sets of client­facing ports can be hot-swapped into the chassis, and new clients
connected, with no service disruption.

The advanced design of the switching hardware provides a platform
that will not be obsolete for many years to come. The hardware is
already completely IPv6 capable. The Layer 2 and Layer 3 forwarding
table and hardware ACL table capacities are measured in the
thousands – this is a platform that is well able to support major
network and service expansions, and network technology advances.

Solution overview

The virtualization of a single physical network infrastructure (seen
in Figure 1) can provide a real private network for a number of
different tenants. By using VLAN encapsulation over an EPSR ring,
and deploying Allied Telesis secure LAN switches, this network is
resilient, secure, scalable, and high performing.

As well as providing these core data storage and Internet services,
Allied Telesis switch technology allows you to make additional
services available to tenants.

A combination of a Power over Ethernet (PoE) access layer with
the high-speed shared core is ideal for having a video surveillance
network overlaid on it. Multicast streams from multiple cameras
attached to diverse locations on the network are carried back to a
central control centre via a dedicated video VLAN that is laid across
the physical network. Camera control signalling is also transported
in this same VLAN.

A separate virtual Voice over IP (VoIP) network can also be
provided for multiple tenants, providing them with the many benefits
that advanced VoIP systems have to offer.

Figure 2 shows VoIP and Video sur veillance vir tual networks
overlaying the physical network infrastructure.

3 | Allied Telesis Solutions: Network Virtualisation www.alliedtelesis.com