Documente Academic
Documente Profesional
Documente Cultură
in Campusnetzen
Für die deutsche Airheads Community
3
High Availability at the Edge
A short Overview
4
STP with VRRP
VRRP
Master
VRRP – Configuration intensive: switch by switch
Aggregation/Core Backup
configuration and management
– STP prevents loops, but blocks paths -
x x reducing effective bandwidth
x x
Access – Slow reconvergence impact business,
applications and users
x x
5
VRRP without STP
VRRP
Master
VRRP
Backup
– Medium Configuration intensive: switch by
Aggregation/Core switch configuration and management, but
no STP configuration
– No STP needed, as each set of VLANs only
Access on one Access Switch
6
Access switch stacking
7
IRF/VSF simpler, resilient & high performance networks
8
DRNI - Distributed Resilient Network Interconnect
11
IRF/VSF simpler, resilient & high performance networks
12
HP IRF
Traditional Layer 2 Fabric
Pros Cons
Mature technology Proprietary
Simple topology ISSU not always available
(Single IP for management, peering etc)
Hash algorithms not perfect
Simplified configuration file
Scalability
Single IRF core = single point of failure?
13
CLOS Fabric
• CLOS (physical) network architecture provide edge/core multi-tier design
• Each leaf switch is connected to all spine switches
• Customers may choose to deploy a 2 spine fabric (2 x 40G uplinks) and expand to 4+
spines (4 x 40G uplinks or more) when they require additional bandwidth
• Protocol independent (STP/TRILL/SPB/L3) over the physical fabric
14
L3 Fabric with distributed control plane (OSPF/IS-IS/BGP)
L3 Nework
10G/40G
OSPF/IS-IS/BGP
interconnects
15
L2 Fabric with distributed control plane (TRILL/SPB)
• TRILL/SPB removes STP while still providing a loop free L2 network for east/west traffic
• Distributed control plane (No single point of failure), but lack of control plane
interoperability
• Architecture Neutral (leaf to leaf or spine leaf)
Spine Switches Spine = independent function
16
VxLAN for Campus networks
A short excurse
17
VXLAN and Overlay Networking Introduction
• Virtual Extensible Local Area Network (VXLAN) is a network encapsulation mechanism first
introduced in 2011
• Supports up to 16 million virtual overlay tunnels over a physical layer 2/3 underlay network for L2
network connectivity and multi-tenancy
• VXLAN allows traffic to be load shared across multiple equal cost paths
• Supports both intra-Campus and inter-Campus deployment scenarios
• VXLAN capable device = VXLAN Tunnel End Point (VTEP)
18
VXLAN Deployment With Centralized Control Plane
• VXLAN with centralized control plane (e.g. DCN VSC, IMC with HPE switches)
• Typically a VM or application installed on a server and includes clustering capabilities for High
Availability (HA)
• OVSDB / NETCONF are examples of protocols used between controller and VTEPs to
setup/teardown VXLAN tunnels and share MAC addresses
Network Virtualization
Controller
OVSDB / NETCONF
VM VM VM
VM VM VM
Hypervisor 172.16.10.0/24
Hardware VTEP B Physical
Software VTEP A in rack 1 Underlay Network in rack 100 Routers
Layer 3
VM1
10.0.0.2/24
Physical Bare Metal Server
Firewalls 10.0.0.6/24 19
VXLAN Deployment Without Centralized Control Plane
• VXLAN without centralized control plane (e.g. HPE Comware switches)
• VXLAN tunnels can be setup manually (CLI) or dynamically (MP-BGP EVPN)
• CLI Implementation is Vendor proprietary, don‘t expect interoperability
• EVPN is standardized
172.16.10.0/24
Hardware VTEP A Hardware VTEP B
in rack 1 Underlay Network in rack 100
VM VM VM Layer 3 VM VM VM
VM VM VM VM VM VM
Hypervisor Hypervisor
VM1 Bare Metal Physical Physical Bare Metal
10.0.0.2/24 Server 2 Router Firewalls Server3
10.0.0.6/24
20
EVPN MP-BGP as VxLAN control plane
VxLAN traditional MAC address auto-learning challenge
Spine Spine
21
VXLAN architecture
IP LAN/MAN/WAN
VXLAN VNI 45501
VLAN 501 VLAN 501 VLAN 501 VLAN 501 VLAN 501
VLAN 502 VLAN 502 VLAN 502 VLAN 502 VLAN 502
23
ADVPN automates secure connectivity
Campus Simple
– Automated zero-touch deployment with IMC
– Reduces configuration steps
Secure
– Flexible support for any IP WAN technology
– Standards-based IPSec encryption
WAN Scalable
– Site-to-site performance for rich media
– Scales to over 30,000 sites
Headquarter
MC MC MC
Recreational Youtube 26
Recommendation
Everything should be made as simple as possible,
but not simpler.
27
Downtime on software Upgrades
28
No downtime at the Campus CORE
29