Borderless Campus Network

Virtualization—
Path Isolation Design Fundamentals

To design campus networks four prime areas of concern are:

Scalability
• Availability
• Mobility
• Security

Network virtualization may be described as the ability to

logically define individual, virtual networks (VNs) whose data planes for forwarding traffic and control
planes for processing unicast and multicast routing information are completely isolated from each other.
Effectively, each virtual network can consist of its own set of devices, interfaces, and services, allowing
complete isolation from other virtual networks or, as policy dictates, the ability to share common
services between virtual networks. Figure 1 depicts three virtual networks defined on a single physical
infrastructure.

The fundamental building block of a virtual network is the Virtual Routing and Forwarding (VRF)
instance. VRF is a technology that allows multiple instances of a routing table to exist on a single router
with each instance isolated from the other. A VRF consists of its own IP routing and forwarding table as
well as a set of physical interfaces assigned to the VRF that use the derived forwarding table.

Network virtualization is enabled by technologies such as VRF-Lite (also known as Multi-VRF) and
Easy Virtual Network (EVN), either exclusively or in addition to MPLS.
In the past, VRF-Lite has been the most easily deployed technology when less than eight VNs are
required. VRF-Lite relies on common routing protocols such as OSPF and EIGRP and a hop-by-hop
configuration of the VNs by first defining them on the networking device, such as a switch or router, and
then configuring the method by which the devices interconnect. This interconnection can be
accomplished through the use of 802.1q Trunking or Generic Route Encapsulation (GRE)/Multipoint
GRE (mGRE), and mapping each virtual network (VNET) to a VLAN over an Ethernet trunk or tunnel
in the case of GRE/mGRE.

Recently, VRF-Lite has been enhanced through features in the new technology known as Easy Virtual
Network or EVN. EVN makes configuration easier and improves scalability to 32 VNs per device. In addition to
incorporating features found in Multi-VRF, EVN introduces new concepts such as VNET Trunks, VNET Tags,
and a simplified approach to route replication between virtual networks.

it is easier to develop and deploy a

virtualization strategy if there are distinct boundaries between areas of the network such that the
approach taken to virtualization can be tailored to suit the needs of each “block”.