In the third part of our “Modern DC” webinar series we focus on connectivity with resources located beyond the local data center, somewhere in the Internet. This includes extending Layer 2 and Layer 3 tunnels to public clouds (such as AWS, Azure and GCP), branch offices, Edge Computing servers and IoT devices based on single-board computers.
As we explain in the webinar, five mechanisms are required to make all this possible:
- routing between overlay networks
- forwarding traffic between the overlay and underlay networks
- extending VXLAN tunnels over the Internet
- encrypting traffic forwarded over untrusted networks
- using Cloud-init to pre-provision VMs on public cloud
By using these functionalities, along with features we presented in the preceding two webinars, you will be able to provide secure and seamless connectivity to remote resources, even if they are located behind a NAT device.
In the first part of the video we discuss various considerations in regards to tunneling traffic to public clouds as well as inside of them; using consumer-grade routers to enable EVPN on branch locations; employing small computers such as Raspberry Pi to act as an EVPN-enabled IoT device; and, finally, how we can interconnect with more traditional VPNs such as L3VPN based on MPLS-over-GRE tunneling.
The second part of the webinar shows a live demo that includes the following topics:
Overlay <> Underlay/Internet communication
- Making use of an L3 VXLAN Gateway, EVPN Type-5 routes and NAT
Extending overlay to public cloud:
- Service migration from a local DC to AWS Cloud using VRRP
- Service advertisement on AWS EC2 using BGP
- Accessing AWS native resources (RDS)
- AWS EC2 deployment using ZTP paradigm and Cloud-init
Branch office EVPN:
- Extending VLANs to interconnect at L2 with different overlay networks:
- WiFi, SSID ‘cameras’—ONVIF camera access from DC on L2
- LAN, ‘users’—Internet access forced to go through a DC where a central firewall filters traffic
- Consumer grade device support not supporting EVPN (using Mikrotik as an example)
Extending overlay to IoT:
- Send command from a local DC to IoT to get reading from a sensor
- Send another command to perform an action on a device connected to the IoT
Finally, in the last part of the presentation we go over a short list of the solution’s benefits and drawbacks and give a summary of what we have learned.