The modern, interoperable DC - Part 3: Seamless and secure connectivity for edge computing and hybrid clouds (video)


Jerzy Kaczmarski


Adam Kułagowski

Reading time: 3 minutes

In the third part of our “Modern DC” webinar series we focus on connectivity with resources located beyond the local data center, somewhere in the Internet. This includes extending Layer 2 and Layer 3 tunnels to public clouds (such as AWS, Azure and GCP), branch offices, Edge Computing servers and IoT devices based on single-board computers.

As we explain in the webinar, five mechanisms are required to make all this possible:

  • routing between overlay networks
  • forwarding traffic between the overlay and underlay networks
  • extending VXLAN tunnels over the Internet
  • encrypting traffic forwarded over untrusted networks
  • using Cloud-init to pre-provision VMs on public cloud

By using these functionalities, along with features we presented in the preceding two webinars, you will be able to provide secure and seamless connectivity to remote resources, even if they are located behind a NAT device.

In the first part of the video we discuss various considerations in regards to tunneling traffic to public clouds as well as inside of them; using consumer-grade routers to enable EVPN on branch locations; employing small computers such as Raspberry Pi to act as an EVPN-enabled IoT device; and, finally, how we can interconnect with more traditional VPNs such as L3VPN based on MPLS-over-GRE tunneling.
The second part of the webinar shows a live demo that includes the following topics:

  • Overlay <> Underlay/Internet communication

    • Making use of an L3 VXLAN Gateway, EVPN Type-5 routes and NAT
  • Extending overlay to public cloud:

    • Service migration from a local DC to AWS Cloud using VRRP
    • Service advertisement on AWS EC2 using BGP
    • Accessing AWS native resources (RDS)
    • AWS EC2 deployment using ZTP paradigm and Cloud-init
  • Branch office EVPN:

    • Extending VLANs to interconnect at L2 with different overlay networks:
    • WiFi, SSID ‘cameras’—ONVIF camera access from DC on L2
    • LAN, ‘users’—Internet access forced to go through a DC where a central firewall filters traffic
    • Consumer grade device support not supporting EVPN (using Mikrotik as an example)
  • Extending overlay to IoT:

    • Send command from a local DC to IoT to get reading from a sensor
    • Send another command to perform an action on a device connected to the IoT

Finally, in the last part of the presentation we go over a short list of the solution’s benefits and drawbacks and give a summary of what we have learned.

About the authors


Jerzy Kaczmarski

Senior Network Engineer
As a Senior Network Engineer at CodiLime, Jerzy focuses on advanced solutions for Data Center and ISP environments. He is a big enthusiast of making life easier through automation, including network configuration and management. In his free time, he enjoys mountain biking and board games.

Adam Kułagowski

Principal Network Engineer
CodiLime’s Principal Network Engineer, Adam likes to push network packets faster and faster, or to drop them on purpose. Also a reader of SciFi and an escape room enthusiast.

Contact us

For more information see our Privacy policy