Documente Academic
Documente Profesional
Documente Cultură
Networking—
Architecture and
Design Guidelines
BRKDCT-2001
Ian Bond
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
HOUSEKEEPING
We value your feedback, don’t forget to complete your online session
evaluations after each session and complete the Overall Conference
Evaluation which will be available online from Friday.
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Before We Get Started:
Q and A at end of session
Intermediate level session focused on data centre front
end architecture for the transactional model
Other recommended sessions:
BRKDCT-2002 : Data Centre IP Front-End : Solution for Business Continuance
BRKDCT-2003 : High-Density Server Farms
BRKDCT-2004 : Data Centre Fibre Channel Back End Infrastructure: Solutions
for Disaster Recovery
BRKDCT-2005 : Design and Deployment of Layer 2 Clusters and Geoclusters
BRKDCT-2006 : Introduction to High-Performance Computing
BRKDCT-2007 : Data Centre Optical Infrastructure for the Enterprise
BRKDCT-3008 : Advanced SAN Fabrics and Storage Virtualisation
BRKDCT-3009 : Advanced Understanding of Infiniband Technology
TECDCT-1001 : Architecting Data Centre Infrastructure and Services
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Agenda
Data Centre Infrastructure
Overview of Cisco Data Centre Network Architecture
Core Layer Design
Aggregation Layer Design
Access Layer Design
Density and Scalability Implications
Scaling Bandwidth and Density
Spanning Tree Design and Scalability
Increasing HA in the DC
A look at the Future…
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Cisco Data
Centre
Networking
Architecture
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Cisco Data Centre Network Architecture –
Intelligent Information Network and
Service Oriented Network Architecture
Architecture Framework
for implementing IIN in SONA What?
the Enterprise
HCM Applications
Procurement SCM IPCC Applications
IP Phone Video
Delivery
Traditional Architecture / Service Oriented Architecture
Optimisation,
Optimisation, Security and Server Offload
SERVICES
LAYER
POLICY
Firewalls, Intrusion Protection,
Security
Security Services
Agents
Infrastructure
RDMA,
Enhancing Services
Virtualisation, Replication,
Compute
Low LatencyServices
Clustering Storage Fabric Services
Virtual Fabrics
Infrastructure Management
Fabric Data
Switching Enterprise
Switching Interconnect
Campus Branch Places in the Network WAN/MAN Teleworker
Centre
Modular EdgeDirector DWDM,
Infiniband Rack SONET,
Switching Fabric
Blade SDH, FCIP
Server Storage Clients
SFS Family Catalyst Family MDS Family ONS Family
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Data Centre Architecture Overview
Layers of the Enterprise Multi-Tier Model
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Core Layer
Design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Core Layer Design
Requirements
Scaling
Is a separate DC Core Layer Campus Access Layer
required?
Campus
Consider: Distribution
10GigE port density
Administrative domains
Anticipate future requirements Campus Core
Scaling
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Core Layer Design
L2/L3 Characteristics
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Core Layer Design
Routing Protocol Design: OSPF
NSSA helps to limit LSA propagation,
but permits route redistribution (RHI)
Campus Core
Advertise default into NSSA,
summarise routes out
OSPF default reference b/w is 100M, Area 0
use “auto-cost reference-bandwidth” NSSA DC Core
set to 10G value L0=10.10.1.1
Default Default
L0=10.10.2.2
interswitch L3 vlan
Aggregation
Loopback interfaces simplify
troubleshooting (neighbor ID)
L0=10.10.3.3 L0=10.10.4.4
Use passive-network default: open
up only links to allow Access
Use authentication: more secure and
avoids undesired adjacencies
Timers spf 1/1, interface hello-dead =
1/3 Web Application Database
Servers Servers Servers
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Core Layer Design
Routing Protocol Design: EIGRP
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Aggregation Layer
Design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Aggregation Layer Design
Spanning Tree Design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Aggregation Layer Design
Integrated Services
Services: Firewall, Load Balancing, SSL
Encryption/Decryption
+
L4-L7 services integrated in Cisco Catalyst® 6500
Server load balancing, firewall and SSL services may be
deployed in:
Active-standby pairs (CSM, FWSM 2.X)
Active-active pairs (ACE, FWSM 3.1)
Integrated blades optimise rack space, cabling, mgmt, providing flexibility
and economies of scale
Influences many aspects of overall design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Aggregation Layer Design
Service Module Placement Consideration
Cisco Catalyst 6500 Switch Fabric Channels Cisco Catalyst 6513
6-Slot 9-Slot 13-Slot
The Choice Between 6509 and 6513 Usually Comes Down to:
6513: Supports Larger Number of Service Modules
6509: Supports Larger Number of 10GE Ports * Primary Sup720 Placement
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Aggregation Layer Design
Active-Standby Service Design
Active-standby services
Content Switching Module
Core
Firewall Service Module (2.x)
SSL Module Root Primary Root Secondary
HSRP Primary HSRP Secondary
Under utilises access Active Context Standby Context
layer uplinks
Under utilises service
modules and switch fabrics
Multiple service module pairs
does permit active-active
design but….
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Aggregation Layer Design
Active-Active Service Design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Aggregation Layer Design
Establishing Path Preference
Establish Route Preference for
Service Enabled Applications
Use Route Health Injection Core
feature of ACE and CSM 3. Route Map on Host
Route Sets Preferred
Introduce route-map to Metric of Route
route-map RHI permit 10 4. If Context Failover
desired metric
Aligns advertised route
of VIP with active context on 2. If Healthy, Installs
ACE, CSM, FWSM and SSL Host Route to VIP
on Local MSFC
service modules
Avoids unnecessary use
of inter-switch link and
vlan6 vlan6
asymmetrical flows
vlan5 vlan6 vlan6 vlan5
1. ACE Probes to
Real Servers in VIP
to Determine Health
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Core and Aggregation Layer Design
STP, HSRP and Service Context Alignment
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Aggregation Layer Design
Scaling the Aggregation Layer
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Aggregation Layer Design
Using VRFs in the DC (1)
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Aggregation Layer Design
Using VRFs in the DC (2)
Red VRF Red VRF
Maps the virtualised DC Green VRF Blue VRF Green VRFBlue VRF
MAN/WAN cloud
Core: P-Nodes
PE PE
DC Core
Agg module 1 Agg module 2
802.1Q 802.1Q
Trunks Trunks
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Access Layer
Design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Access Layer Design
Defining Layer 2 Access
nks
T ru
VLANs are extended across
.1q
inter-switch link trunk
802
for looped access
VLANs are not extended across
inter-switch link trunk for loop-
free access
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Access Layer Design
Establish a Deterministic Model
Align active components in traffic path on
common Agg switch:
Primary STP root DC Core
Aggregation-1(config)#spanning-tree vlan 1-10 L3+L4 Hash
root primary Path
Pref
Primary HSRP (outbound) L3 Agg1 Agg2
standby 1 priority X L2
Primary Root
Active Service modules/contexts Primary HSRP
Active Services
nks
Path Preference (inbound) Def gwy
T ru
Use RHI & Route map
.1q
802
Route-map preferred-path
match ip address x.x.x.x
set metric -30
(also see slide 15 )
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Access Layer Design
Balancing VLANs on Uplinks: L2 Looped
Access
Distributes traffic load across
uplinks
DC Core
STP blocks uplink path L3+L4 Hash
for VLANs to secondary Agg1 Agg2
root switch L3
If active/standby service L2
Blue-Primary Root Red-Primary Root
modules are used; consider Blue-Primary HSRP Red-Primary HSRP
Red-Sec Root Blue-Sec Root
inter-switch link utilisation to Red-Sec HSRP Def gwy Def gwy Blue-Sec HSRP
reach active instance
Multiple service modules may be
distributed on both agg switches to 802.1q Trunks
achieve balance
Consider b/w of inter-switch link in a
failure situation
If active/active service modules
are used;
(ACE and FWSM3.1)
Balance contexts+hsrp across agg
switches
Consider establishing inbound path
preference
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Access Layer
Design:
L2 Looped Design
Model
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Access Layer Design
Looped Design Model
VLANs are extended between Primary STP Root Secondary STP Root
aggregation switches, creating Primary HSRP Secondary HSRP
the looped topology Active Services Standby Services
Spanning Tree is used to L3 Inter-Switch Link
prevent actual loops (Rapid L2
PVST+, MST) F F
.1Q Trunk
Redundant path exists through a
F F F F F F F
second path that is blocking
Two looped topology designs:
Triangle and square
FB FB F F
VLANs may be load balanced B
across access layer uplinks
Inter-switch link utilisation must
be considered as this may be
used to reach Looped Triangle Looped Square
active services
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Access Layer Design
L2 Looped Topologies
VLAN VLAN
10 10
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Access Layer Design
Drawbacks of Layer 2 Looped Design
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Access Layer
Design:
L2 LoopFree
Design Model
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Access Layer Design
Loop-Free Design
Alternative to looped design
2 Models: LoopFree U and LoopFree
Inverted U DC Core
Benefit: Spanning Tree
is enabled but no port is blocking so L3
all links are forwarding L2
L3
Benefit: less chance of
L2
loop condition due to
misconfigurations or other anomolies
L2-L3 boundary varies
by loop-free model used:
U or Inverted-U
Implication considerations with
service modules, L2 adjacency, and
single attached servers
LoopFree U LoopFree
Inverted U
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Access Layer Design
Loop-Free Topologies
VLAN
10
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Access Layer Design
Loop-Free U Design and Service Modules (1)
Agg1, Active HSRP Agg2, Standby
Services Services
HSRP Secondary on
L3 Agg2 Takes Over as def-
L2 gwy, But How to Reach
Active Service Modules?
MSFC on Agg1
VLAN 10 VLAN 11
VLAN 20, 21
If the uplink connecting access and aggregation goes down, the VLAN interface on the MSFC
goes down as well due to the way autostate works
CSM and FWSM has implications as autostate is not conveyed (leaving black hole)
Tracking and monitoring features may be used to allow failover of service modules based on
uplink failure but would you want a service module failover for one access switch uplink failure?
Not recommended to use loop-free L2 access with active-standby service module
implementations. (See slide on ACE next)
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Access Layer Design
Loop-Free U Design and Service Modules (2)
ACE Context 1 ACE Context 1
HSRP
L3
L2 HSRP Secondary on Agg2
Takes over as def-gwy
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
Access Layer Design
Using FlexLinks in the Data Centre
Flexlinks are an active-standby pair
defined on a common DC Core
access switch
Flexlink pairs have STP turned “off” so no
BPDU’s are propagated
Failover in 1-2 second range
An interface can belong to only 1 FlexLink
pair of same or different interface
types (GE, 10GE, port-channel, etc.)
Agg switch is not aware of FlexLinks
configured on access switch, links are
up and STP logical/virtual ports are
active/allocated
Router# configure terminal
Supported as of 12.2.18SXF Router(conf)# interface Gigabit1/1
Router(conf-if)# switchport backup interface Gigabit1/2
An alternative to triangle Router(conf-if)# exit
loop design but must consider risk of
possible loop (see next slides) Router# show interface switchport backup
Router Backup Interface Pairs:
Active Interface Backup Interface State
------------------------------------------------------------------------
Gigabit1/1 Gigabit1/2 Active Up/Backup Standby
Port-channel1 Gigabit7/1 Active Up/Backup Standby
Gigabit7/2 Gigabit7/3 Active Up/Backup Standby
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
Access Layer Design
Considerations when using FlexLinks (1)
Loop Considerations: 10.20.15.57 10.20.16.27
oops
VLAN 6
10.20.6.67 10.20.6.56
00:A0:D1:E1:DB:7F 00:A0:D1:E1:DB:FD
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Access Layer Design
Considerations when using FlexLinks (2)
Loop Considerations: 10.20.15.57 10.20.16.27
Other Considerations
No preempt: need to consider inter- Po-2 T7/4
T7/4 Po-3
switch link b/w for failover
situations
oops!
Access1 Access2
G2/1 G2/1
Backup link is unused and in
standby state which doesn’t align
to active/active service module oops
designs 10.20.6.67
VLAN 6
10.20.6.56
00:A0:D1:E1:DB:7F 00:A0:D1:E1:DB:FD
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Access Layer Design
Comparing Looped, Loop-Free and Flexlinks
(3)
Looped
Triangle
- + + + - +
Looped
Square
+ + + + + -
(4)
(4)
Loop-Free U + - - + + +
(1,2)
Loop-Free (1,2)
Inverted U
+ + + +/- + -
FlexLinks - + + + - +
1. Use of Distributed EtherChannel Greatly Reduces Chances of Black Holing Condition
2. NIC Teaming Can Eliminate Black Holing Condition
3. When Service Modules Are Used and Active Service Modules Are Aligned to Agg1
4. ACE Module Permits L2 Loopfree Access with per Context Switchover on Uplink failure
5. Applies to when using CSM or FWSM in active/standby arrangement
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
Access Layer
Design:
L3 Design Model
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
Access Layer Design
Defining Layer 3 Access
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
Access Layer Design
Need L3 for Multicast Sources?
Multicast sources on L2
access works well when
IGMP snooping is available
DC Core DC Core
IGMP snooping at access
switch automatically limits
multicast flow to interfaces
with registered clients DC Aggregation
in VLAN
Use L3 when IGMP snooping
is not available or when
particular L3 administrative DC Access
functions are required L3
L2
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
Access Layer Design
Benefits of L3 Access
Minimises broadcast domains
attaining high level of stability
Meet server stability DC Core
DC Core
requirements or isolate
particular application
environments
Creates smaller failure DC Aggregation
domains, increasing stability
All uplinks are available
paths, no blocking (up to DC Access
ECMP maximum) L3
L2
Fast uplink convergence:
failover and fallback, no arp
table to rebuild for agg
switches
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
Access Layer Design
Drawbacks of Layer 3 Design
L2 adjacency is limited to
access pairs (clustering and
NIC teaming limited) DC Core DC Core
IP address space
management is more difficult
than L2 access DC Aggregation
If migrating to L3 access, IP
address changes may be
difficult on servers (may DC Access
break apps) L3
L2
Would normally require
services to be deployed at
each access layer pair to
maintain L2 adjacency with
server and provide stateful
failover
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
Access Layer Design
L2 or L3? What Are My Requirements?
Aggregation Aggregation
L3
OSPF, EIGRP
L2
Layer 2 Layer 3
The Choice of One Design Versus the Other One Has to Do With:
Difficulties in managing loops Ability to extend VLANs
Staff skillset; time to resolution Specific application requirements
Broadcast domain sizing
Convergence properties
Oversubscription requirements
NIC teaming; adjacency
Link utilisation on uplinks
HA clustering; adjacency Service module support/placement
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
Access Layer
Design:
BladeServers
and VMs
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
Blade Server Requirements
Connectivity Options
Aggregation
Layer
External L2
Switches
Integrated L2
Switches
Interface 1
Interface 2
Blade Server Chassis Blade Server Chassis
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
Blade Server Requirements
Connectivity Options
Layer 3 access tier may be used
to aggregate blade Aggregation
Layer
server uplinks L3
L2
–Permits using 10GE uplinks
into agg layer 10GE
Avoid dual tier Layer 3 Layer 2
Access Access
Layer 2 access designs
L3
STP blocking L2
Over-subscription
Integrated L2
Larger failure domain Switches
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
Blade Server Requirements
Trunk Failover Feature
Switch takes down server Aggregation
interfaces if corresponding uplink
fails, forcing NIC teaming failover
Solves NIC teaming limitations;
prevents black-holing of traffic
Achieves maximum bandwidth
utilisation:
No blocking by STP, but STP is
enabled for loop protection
Can distribute trunk failover groups
across switches Integrated L2
switches
Dependent upon the NIC feature
set for NIC Teaming/failover
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
Virtual Machine Principles &
Considerations
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
Virtual Machine Considerations
Virtual Machines
multiply network
resource utilisation
Increased Control &
Data Plane demands
Virtual
Servers
Real Servers
Port Address
Port Address
Scalable Data & Control Port
Port
Port Address
Port 2/1 Address
Address
2/1Address
aa.aa.aa
aa.aa.aa
2/1 aa.aa.aa
Plane Attributes…Hardware Port 2/1 Address
Port 2/1 Address
2/1
2/1
2/1
aa.aa.aa
aa.aa.aa
aa.aa.aa
bb.bb.bb
bb.bb.bb
2/1 bb.bb.bb
MAC learning, Dedicated 2/1
2/1 2/1
2/1
2/1 aa.aa.aa
aa.aa.aa
2/1
2/1
bb.bb.bb
bb.bb.bb
bb.bb.bb
cc.cc.cc
cc.cc.cc
2/1
bb.bb.bb cc.cc.cc
Control buffers, Cache 2/1 2/1
2/1 2/1 bb.bb.bb
2/1
cc.cc.cc
dd.dd.dd
2/1cc.cc.cc
2/1 dd.dd.dd
cc.cc.cc
dd.dd.dd
2/1cc.cc.cc
2/1
based forwarding, Broadcast 2/1 2/1
2/1
2/1
2/1
2/1
dd.dd.dd
2/1cc.cc.cc
dd.dd.dd
dd.dd.dd
ee.ee.ee
ee.ee.ee
ee.ee.ee
2/1 2/1 dd.dd.dd
Suppression, Layer-2 trace, 2/1 2/1 dd.dd.dd
2/1
2/1
2/1
2/1
ee.ee.ee
ee.ee.ee
ee.ee.ee
11.11.11
11.11.11
11.11.11
2/1 2/1 ee.ee.ee
etc 2/1 2/1 ee.ee.ee
2/1
2/1
11.11.11
11.11.11
11.11.11
11.11.11
2/1 11.11.11
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
Density and
Scalability
Implications in the
Data Centre
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
Density and Scalability Implications
Modular or 1RU Access Layer Switching
Models
Where are the issues?
Cabling
Power
Cooling
Spanning Tree Scalability
Management
Oversubscription
Sparing
Redundancy
The right solution is usually
based on business
requirements
Hybrid implementations can
and do exist
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
57
Density and Scalability Implications
Server Farm Cabinet Layout
~30-40 1RU Servers per Rack
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59
Density and Scalability Implications
Network Topology with 1RU Switching Model
Aggregation
GEC or 10GE Uplinks?
Access
Cabinet 1 Cabinet 2
… Cabinet 25
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60
Density and Scalability Implications
Cabinet Design with Modular Access Switches
Servers Connect Directly to a Modular Switch
Cable bulk at cabinet floor entry
can be difficult to manage and
block cool air flow
Typically spaced out by placement
at ends of row or within row
Minimises cabling to Aggregation
Reduces number of
uplinks/aggregation ports
Redundant switch power and CPU
are options
GEC or 10GE Uplink
Considerations
NEBS Considerations
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61
Density and Scalability Implications
Network Topology with Modular Switches in the
Access
Aggregation
Access
Aggregation
More Uplinks
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 63
Density and Scalability Implications
Density: How Many NICs to Plan For?
Front End Interface
Three to four NICs per server
OOB
are common Management
Front end or public interface Backup Network
Storage HBA or
Storage interface (GE, FC) GE NIC
Backup interface
Back end or private interface
Back End Interface
integrated Lights Out (iLO)
for OOB mgmt
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 64
Density and Scalability Implications
Hybrid Example with Separate OOB
Aggregation
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 65
Density and Scalability Implications
Oversubscription and Uplinks
What is the oversubscription ratio
per uplink?
Develop an oversubscription
reference model
Identify by application, tier, or other means
Considerations
Future- true server capacity
(PCI-X, PCI- Express)
Server platform upgrade cycle will increase
levels of outbound traffic
Uplink choices available
Gigabit EtherChannel 10GE
10Gig EtherChannel
Flexibility in adjusting oversubscription ratio
Can I upgrade to 10GE easily? 10G
EtherChannel?
Upgrade CPU and switch fabric? (sup1-2-720-?)
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66
Density and Scalability Implications
Spanning Tree
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67
67
Scaling
Bandwidth
and Density
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68
Scaling B/W with GEC and 10GE
Optimising EtherChannel Utilisation
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 69
Scaling B/W with GEC and 10GE
Using EtherChannel Min-Links
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 70
Scaling B/W with GEC and 10GE
Migrating Access Layer Uplinks to 10GE
DC Core
Aggregation
Access Pair 1 … …
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71
Scaling B/W with GEC and 10GE
Service Layer Switch
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72
Scaling B/W with GEC and 10GE
Consolidate to ACE
DC Core
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 73
Spanning Tree
Scalability
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 74
Spanning Tree Scalability
Common Questions
Access Pair 1 … …
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 75
Spanning Tree Scalability
Spanning Tree Protocols Used in the DC
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 76
Spanning Tree Scalability
Spanning Tree Protocol Scaling
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Number of Total STP Active
Logical Interfaces= DC Core
Trunks on the switch * active
VLANs on the trunks + number
of non-trunking interfaces on the switch 30 VLANs
In this example, aggregation 1 will have: Te7/1
Te7/4
AGG1#sh spann summ tot
Switch is in rapid-pvst mode Te7/3
Root bridge for: VLAN0010, VLAN0020, VLAN0030
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is enabled
UplinkFast is disabled 10 VLANs 20 VLANs
BackboneFast is disabled
Pathcost method used is long
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 78
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Number of Virtual Ports per
Line Card= DC Core
For line card x: sum of all trunks * VLANs *
(the number of ports in a port-channel if used)
10 + 20 + (30*2) 30 VLANs
=90 Virtual Port’s on line card 7 Te7/1
Te7/2
Te7/4
AGG1#sh vlan virtual-port slot 7
Slot 7 Te7/3
Port Virtual-ports
-------------------------
Te7/1 30 EtherChannel
Te7/2 30 10 VLANs 20 VLANs
Te7/3 10
Te7/4 20
Total virtual ports:90
AGG1#
NOTE: VPs Are Calculated per Port in Channel Groups
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 79
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Example: Calculating Total Active
Logical Ports
120 VLANs system wide
Core
No manual pruning performed on
trunks
1RU access layer environment Layer 3
Layer 2
45 access switches each Aggregation 1 Aggregation 2
Primary Root Loop Secondary Root
connected with 4GEC
Dual homed, loop topology
(120 * 45 access links)+120
instances on link to
agg2=5400+120=5520 Access 1 ..… Access 45
This is under the maximum
recommendation of 10,000 when
using Rapid PVST+
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 80
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Example: Calculating Virtual Ports per
Line Card
120 VLANs system wide
Core
no manual pruning performed on
trunks
12 access switches, each Layer 3
connected with 4GEC across Layer 2
Acc1Acc2 …. Acc12
Access 1 ..… Access 12
EtherChannels to Acces Layer
(120 * 48 access links) ~10 VLANs Used on Each Access Switch
=5,760 virtual ports Maximum Number of Supported
This is above the recommended VLANs in This Design Would Be
1800/48=37.5
watermark
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 81
Spanning Tree Scalability
Why STP Watermarks Are Important
Watermarks Are Not Hard Limits But─
If exceeded, performance is unpredictable
Larger impact when interface flaps, or shut/no_shut
Small networks may not see a problem
Large networks will usually see problems
Convergence time will be affected
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 82
Spanning Tree Scalability
Design Guidelines
Access
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 83
Increasing HA in
the Data Centre
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 84
Increasing HA in the Data Centre
Server High Availability
Common Points of Failure
1. Server network adapter
2. Port on a multi-port
server adapter
L3
L2 3. Network media
(server access)
4. Network media (uplink)
5. Access switch port
6. Access switch module
7. Access switch
Heartbeats
Heartbeats
Heartbeats
Eth0: Active Eth1: Standby Eth0: Active Eth1: Standby Eth0: Active Eth1-X: Active
IP=10.2.1.14 IP=10.2.1.14
IP=10.2.1.14 IP=10.2.1.14
MAC =0007.e910.ce0f MAC =0007.e910.ce0e
MAC =0007.e910.ce0f MAC =0007.e910.ce0f
One Port Receives, All Ports Transmit
On Failover, Src MAC Eth1 = Src MAC Eth0 On Failover, Src MAC Eth1 = Src MAC Eth0
Incorporates Fault Tolerance
IP Address Eth1 = IP Address Eth0 IP Address Eth1 = IP Address Eth0
One IP Address and Multiple MAC Addresses
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 86
Increasing HA in the Data Centre
Server Attachment: Multiple NICs
You Can Bundle Multiple Links to Allow
Generating Higher Throughputs Between
Servers and Clients
L3
L2
EtherChannel Hash May
Not Permit Full Utilisation
for Certain Applications
(Backup Example)
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 87
Increasing HA in the Data Centre
Failover: What Is the Time to Beat?
L4 Convergence Tolerance
~ 5s ~ 9s
L2 Convergence L3 Convergence
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 88
Increasing HA in the Data Centre
Failover Time Comparison
STP-802.1w—One sec
OSPF-EIGRP—One sec
ACE Module with Autostate
HSRP—Three sec (using 1/3)
FWSM Module—Three sec
CSM Module—Five sec
WinXP/2003 ServerTCP Stack—Nine sec
Failover Time
TCP Stack
Tolerance
Content ~ 9s
Service
Module
HSRP FireWall ~ 5s
~ 3s Service
(may be tuned Module
Spanning Tree ACE to less) ~ 3s
OSPF/EIGRP
Sub-second ~1sec ~ 1s
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 89
Increasing HA in the Data Centre
Non-Stop Forwarding/Stateful Switch-Over
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 90
Increasing HA in the Data Centre
NSF/SSO in the Data Centre
SSO in the access layer:
Improves availability for single
attached servers
Possible implications
HSRP state between Agg switches is
not tracked and will show switchover until control
plane recovers
IGP Timers cannot be aggressive (tradeoff)
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 91
Increasing HA in the Data Centre
Best Practices: STP, HSRP, Other
Rapid PVST+
UDLD Global
Spanning Tree Pathcost Method=Long
Rootguard
LoopGuard Blade Chassis
Portfast + with Integrated
Switch
BPDUguard
Rapid PVST+: Maximum Number of STP Active Logical
Ports- 8000 and Virtual Ports Per Linecard-1500
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 92
A look at the
Future…
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 93
Traffic Differentiation in Ethernet
Networks
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 94
Traffic Types and Requirements
LAN
Large number of flows, not very sensitive to latency
E.g. dominant traffic type in Front End Servers
SAN
Large packet sizes, sensitive to packet drops
IPC
Mix of large & small messages, small messages latency sensitive
E.g. HPC Applications
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 95
Challenges in Traffic Differentiation
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 96
IEEE Higher Speed Study Group
Objectives
Support full-duplex operation only
Preserve the 802.3/Ethernet frame format at the MAC Client
service interface
Preserve minimum and maximum FrameSize of current
802.3 Std
Support a speed of 100 Gb/s at the MAC/PLS service
interface
Support at least 10km on SMF.
Support at least 100 meters on OM3 MMF
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 97
Meet the Experts
Data Centre
Victor Moreno
Technical Leader
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 98
Recommended Reading
BRKDCT -2001
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 100
Complete Your Online Session
Evaluation
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 101
BRKDCT-2001 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 102