Design Reference

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesFabric-enabled multi-service edge switches

151

152

153

154

155

156

157

158

159

160

Table Of Contents

Contents
Chapter 1: Introduction
- Purpose
- Related resources
- Support
Chapter 2: New in this release
- VOSS 4.2.1
  - Features
  - Other changes
- VOSS 4.2
  - Features
  - Other changes
Chapter 3: Network design fundamentals
Chapter 4: Hardware fundamentals and guidelines
- Supported hardware
- Platform considerations
- Hardware compatibility for VSP 4000
- Supported optical devices
- Dispersion considerations for long reach
- 10/100BASE-X and 1000BASE-TX reach
- 10/100/1000BASE-TX Auto-Negotiation recommendations
- Auto MDIX
- CANA
Chapter 5: Optical routing design
- Optical routing system components
Chapter 6: Platform redundancy
- Power redundancy
- Input/output port redundancy
- Configuration redundancy
- Link redundancy
Chapter 7: Link redundancy
- Physical layer redundancy
- MultiLink Trunking
- 802.3ad-based link aggregation
Chapter 8: Layer 2 loop prevention
- Loop prevention and detection
- SLPP example scenarios
Chapter 9: Layer 2 switch clustering and SMLT
- Split MultiLink Trunk configuration
Chapter 10: Layer 3 switch clustering and RSMLT
- Routed SMLT
- Switch clustering topologies and interoperability with other products
Chapter 11: Layer 3 switch clustering and multicast SMLT
- General guidelines
- Multicast triangle topology
- Square and full-mesh topology multicast guidelines
- SMLT and multicast traffic issues
Chapter 12: Spanning tree
- Spanning tree and protection against isolated VLANs
- MSTP and RSTP considerations
Chapter 13: Layer 3 network design
- VRF Lite
- Virtual Router Redundancy Protocol
- Open Shortest Path First
- Border Gateway Protocol
- IP routed interface scaling
- IPv6
Chapter 14: SPBM design guidelines
- 802.1aq standard
- VLANs without member ports
- Provisioning
- Implementation options
- Reference architectures
- Solution-specific reference architectures
- Best practices
- SPBM restrictions and limitations
- IP multicast over Fabric Connect restrictions
Chapter 15: IP multicast network design
- Multicast and VRF-Lite
- Multicast and MultiLink Trunking considerations
- Multicast scalability design rules
- IP multicast address range restrictions
- Multicast MAC address mapping considerations
- Dynamic multicast configuration changes
- IGMPv3 backward compatibility
- IGMP Layer 2 Querier
- TTL in IP multicast packets
- Multicast MAC filtering
- Guidelines for multicast access policies
- Split-subnet and multicast
- Protocol Independent Multicast-Sparse Mode guidelines
- Protocol Independent Multicast-Source Specific Multicast guidelines
- Multicast for multimedia
Chapter 16: System and network stability and security
- DoS protection mechanisms
- Damage prevention
- Data plane security
- Control plane security
- Additional information
Chapter 17: QoS design guidelines
- QoS mechanisms
- QoS interface considerations
- Network congestion and QoS design
- QoS examples and recommendations
Chapter 18: Layer 1, 2, and 3 design examples
- Layer 1 example
- Layer 2 example
- Layer 3 example
Glossary

This feature limits the number of forwarding database (FDB) entries learned on a particular port

to a user-specified value. After the number of learned FDB entries reaches the maximum limit,

the switch drops packets with unknown source MAC addresses.

Note:

The current release of the VSP 4000 allows you to enable limit-learning on a port and

configure the maximum number of MAC entries on this port.

VSP-switch(config-if)#mac-security limit-learning ?

enable Enable limit-learning on this port

max-addrs Set the maximum number of entries on this port

Security at Layer 3: filtering

At Layer 3 and higher, VSP 4000 provides enhanced filtering capabilities as part of its security

strategy to protect the network from different attacks.

VSP 4000 supports advanced filters based on Access Control Lists (ACL).

Customer Support Bulletins (CSBs) are available on the Avaya Technical Support website to

provide information and configuration examples about how to block some attacks.

Routing protocol security

You can protect OSPF and BGP updates with a Message Digest 5 (MD5) key on each interface. At

most, you can configure two MD5 keys for each interface. You can also use multiple MD5 key

configurations for MD5 transitions without bringing down an interface.

For more information, see Configuring OSPF and RIP on Avaya Virtual Services Platform 4000

Series, NN46251-506 and Configuring BGP on Avaya Virtual Services Platform 4000 Series,

NN46251-507.

Control plane security

The control plane physically separates management traffic using the in-band interface. The control

plane facilitates High Secure mode, management access control, access policies, authentication,

SSH and Secure Copy, and SNMP.

Management port

Avaya Virtual Services Platform 4000 Series requires one port to be configured as the management

port. This port separates user traffic from management traffic in highly sensitive environments, such

as brokerages and insurance agencies. By using this dedicated network (see

Figure 75: Dedicated

Ethernet management link on page 155) to manage the switch, and by configuring access policies

(if you enable routing), you can manage the switch in a secure fashion. You can also use terminal

servers to access the console port on the CP module (see Figure 76: Terminal server access on

page 155).

System and network stability and security

154 Network Design Reference for Avaya VSP 4000 Series June 2015

Comments on this document? infodev@avaya.com