ZT-LAN Architecture
The Versa ZT-LAN architecture is based on software-defined networking principles and includes the following elements:
- Provides a focused portfolio for the enterprise campus and branches
- Provides intelligent nodes on the edge of an SDN-based overlay for best connectivity
- Provides flexible deployment options that make it easy to insert ZT-LAN into the existing infrastructure
- Runs on Versa Operating System™ (VOS™)-enabled Ethernet switches, WLAN access points (APs), and on-premises appliances
Versa ZT-LAN allows you to place services flexibly in the LAN network and includes the following benefits:
- Assesses the security posture of all devices and implements security policies
- Defines a single policy for users, devices, and applications that works in the campus, branch, and in the cloud
- Full stack of Layer 2, Layer 3, and Layer 4 through Layer 7 functions to satisfy deployment and service requirements
- Includes detailed policy-based network access and distributed security enforcement
- Leverages ZTNA and a rich set of built-in security services
- Places clients and devices into specific microsegments
The following figures shows a typical ZT-LAN architecture. In the lower left, VOS running on distributed LAN edge access points provides Layer 2 through Layer 7 services to the traffic, which is then sent through the overlay to the LAN edge device. In the lower right, traffic from third-party networking devices is sent through the overlay to VOS running on a service node. VOS then provides the Layer 2 through Layer 7 services to to the traffic, which is then sent through the overlay to the LAN edge.
Regardless of topology, the SDN approach is the same: devices find each other, establish overlay tunnels, and traffic is forwarded over physical interfaces using encapsulated packets.
ZT-LAN Topologies
Because ZT-LAN employs overlays to establish connections within the LAN environment, it can be deployed easily using different topologies, including:
- Small branches, large branches, and regional offices
- Classic campus architecture
- Heavily distributed architecture
- Converged classic campus and heavily distributed architecture
Small Branch
In a small branch environment, ZT-LAN edge switches can be located adjacent to the WAN edge. The example in the figure below shows two separate LAN edge switches running VOS that forward traffic from devices on the LAN to the WAN MPLS and/or broadband networks.
Regional Branch
In the example of a regional branch environment shown below, the ZT-LAN edge switches are also positioned adjacent to the WAN edge and are configured for high availability for the larger regional branch environment.
Classic Campus Architecture
The classic campus architecture shown below is an example of the widely deployed spine-and-leaf topology, in which traffic from the leaf switches is sent to a pair of aggregation switches, which then forward the traffic to the ZT-LAN edge switches.
Heavily Distributed Architecture
In a heavily distributed architecture, such as you might find at a manufacturing plant, LAN switches are positioned at different locations throughout the plant. The switches are connected by means of EVPN VXLAN-based overlays using Layer 3 underlays to the ZT-LAN edge switches, which are configured for high availability.
Converged Classic Campus and Heavily Distributed
Another example topology is a hybrid of the classic campus topology and the heavily distributed topology in which some switches are concentrated at a central location while other switches are distributed at different locations.
