The short/simple answer is that a tenant is a group of endpoints which are given a common set of services, and policies for how they access those services by a 128T router. A tenant is fundamental to the 128T forwarding plane, and they can be useful in all sorts of ways.
Perhaps the primary utility is in taking the network of 128T routers, and segmenting it for different endpoints. Just like on a switch, you split up its behaviors into multiple virtual switches using VLANs...or on a traditional router, you segment its routing rules into multiple different route tables using VRFs. With a network running 128T, you can segment it for different groups of endpoints using tenants. Tenants differ from VRFs and VLANs in several ways however. For instance, VLANs segment broadcast domains, VRFs segment route tables, and tenants segment all the different policies that come with secure vector routing (service routing, access, security, redundancy, etc.). Unlike the flat segmentation of VLANs/VRFs, the segmentation of tenants are also hierarchical, with inheritance of services from parent tenants to subtenants. Last of all, they are a logical identifier for the entire network, thus they are independent of any physical network topology.
In practice, a tenancy design for a network can be modeled around many different things. For example, I've seen some model their networks around:
- organizational units, such as sales, finance, manufacturing
- business relationships, such as customer, corporate, partner
- enterprise identities, such as Acme, Initech, Hooli
IMHO the power of tenants are best realized when used to describe these sorts of "real world" things, because that is what services and applications are built around...and ultimately what the network is being built to deliver.
#Tenants