Documente Academic
Documente Profesional
Documente Cultură
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1
BRKDCT-1870
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4
“By 2008, 50% of Today’s Data Centers Will Have Insufficient Power
and Cooling Capacity to Meet the Demands of High-Density Equipment”
Source: Gartner, 2008
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7
No Isolation
Applications compete
Device 1
for resources
Application 1
One Physical Changes to one application
Device Application 2 can impact others
Application 3 Security and compliance
can be complex
Or Inefficient Isolation
Device 1
Application 1
Device sprawl
Underutilized resources
Many Physical Device 2
Devices Application 2 Complex to upgrade
Device 3 Complex service chaining
Application 3
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8
Virtual Device n
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9
OS OS OS OS
Consolidation of physical servers OS
Hypervisor
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Virtualization: Many-to-one
One network consolidates many physical networks
Security Network
Guest/Partner Network
Backup Network
Hypervisor Model
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13
VRF
VRF
Global
Logical or Logical or
Physical Int Physical Int
(Layer 3) (Layer 3)
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14
802.1q trunks
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Virtual LANs
The Basics
Primary VLAN
Community VLAN
.11 .12 .13 .14 .15 .16 .17 .18
Community VLAN
Community Community Isolated
Isolated VLAN
‘A’ ‘B’ Ports
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17
Hosting environments
Multiple hosts can share a single .1
subnet while maintaining separation
Conserves IP addresses
Provides traffic separation, i.e. gold
.11 .12 .13 .14 .15 .16
customer cannot affect green
Security
Segmentation of DMZ attached or .1
public-facing servers
Remember to use ACLs on the
router
.11 .12 .13 .14 .15 .16
Can be used for worm mitigation
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19
VRF Overview
What Is a VRF (Virtual Routing and Forwarding)?
VRFs allow dividing up your routing table into multiple virtual tables
Routing protocol extensions allow binding a process/address
family to a VRF
Interfaces are bound to a VRF using eigrp 1
Routes 10.2.1.0
ip vrf forwarding <vrf-name> 10.5.3.0
ospf 1
10.4.6.0
10.5.1.0
router eigrp 1
network 10.1.1.0 255.255.0.0
!
router ospf 1 vrf orange
network 10.2.1.0 0.7.255.255 area 0 …
eigrp 1
10.6.7.0
Show ip route Show ip route vrf orange 10.1.8.0
10.2.1.0 10.4.6.0 Routes
10.5.3.0 10.5.1.0 ospf 1
10.6.7.0 10.9.2.0 10.9.2.0
10.1.8.0 10.7.5.0 10.7.5.0
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21
Enhancing Application
Availability with VRF
troubleshooting
Predictable traffic flows
Improved availability VRF VRF
VRF VRF
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23
L2/L3 Distribution
Single Active Uplink
per VLAN, L2
Reconvergence,
Excessive BPDUs
L2 Access
Single Active Uplink
per VLAN, L2
Reconvergence
Servers
Dual-Homed
Active/Standby,
Limited VM Mobility
Due to L3 Constraints
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25
L3 Core
Single L2/L3 Node, Fast
Convergence, Scalable, VLAN
Extension Without Spanning Tree
L2/L3 Distribution
Fast L2 Convergence, Minimized
L2 Control Plane, Scalable,
No Spanning Tree
L2 Access
Multichassis EtherChannel,
Fast L2 Convergence,
No Spanning Tree
Servers
Dual-Homed Active/Active,
Multichassis EtherChannel
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Root
Active Active
Stdby Stdby
Active Active
10.1.1.12
10.1.1.11 Routed
IP Network
10.1.1.13
L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols
VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP
VLAN
VLAN Mgr
LACP
LACP
Mgr UDLD
UDLD
CTS
CTS
BGP
BGP
EIGRP
EIGRP
HSRP
HSRP
VRRP
VRRP
VLAN
VLAN Mgr
LACP
LACP
Mgr UDLD
UDLD
CTS
CTS
BGP
BGP
EIGRP
EIGRP
HSRP
HSRP
VRRP
VRRP
… VLAN
VLAN Mgr
LACP
LACP
Mgr UDLD
UDLD
CTS
CTS
BGP
BGP
EIGRP
EIGRP
HSRP
HSRP
VRRP
VRRP
IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP
L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB RIB
RIB RIB
RIB
Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2)
VDC1 VDC2 VDCn
Infrastructure
NX-OS Kernel
Hardware
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30
L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2Protocols
Protocols L3
L3 Protocols
Protocols L2
L2 Protocols
Protocols L3
L3 Protocols
Protocols
VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP VLAN
VLAN Mgr
Mgr UDLD
UDLD OSPF
OSPF GLBP
GLBP
VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP VLAN
VLAN Mgr
Mgr UDLD
UDLD BGP
BGP HSRP
HSRP
LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EIGRP
EIGRP VRRP
VRRP LACP
LACP CTS
CTS EI GRP
EIGRP VRRP
VRRP
IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PI
PIMM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PI
PIMM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PI
PIMM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP IGMP
IGMP 802.1x
802.1x PIM
PIM SNMP
SNMP
L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB RIB
RIB RIB
RIB L2
L2 Table
Table RIB
RIB L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB L2
L2 Table
Table RIB
RIB RIB
RIB RIB
RIB RIB
RIB RIB
RIB L2
L2 Table
Table RIB
RIB
Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2) Protocol
Protocol Stack
Stack (IPv4/IPv6/L2)
(IPv4/IPv6/L2)
VDC1 VDC2 VDCn VDC4 VDC1 VDC2 VDC4 VDC2 VDCn VDC4
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31
Application
Infrastructure
“Virtualization”
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32
10.1.1.1
10.1.2.1
10.1.2.2
10.1.2.3
10.1.1.2
GSS
Fully Integrated DNS
Server with Intelligent
Site Selection Data Center #2
Per application
SLB/SSL/firewalls
C1 C2 C3
Underutilized devices
Inefficient space,
power, cooling …
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40
E-Mail
VSAN_2
Overlay Isolated Virtual IVR
IVR
Tape
OLTP VSAN_4
Back-Up E-Mail IVR
(Access
via IVR)
E-Mail Back-Up
VSAN_2 VSAN_3
Attribute
More Number of SAN Switches Fewer
No Share Disk/Tape Yes
No Share DR Facilities Yes
Complex SAN Management Simple
Very Hard Virtualization and Mobility Easy
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41
VSAN Technology
The Virtual SANs Feature
Consists of Two Primary
Functions Fiber Channel
Services for
Hardware-based isolation of tagged VSAN Header Is
Blue VSAN
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42
IVR
services such as tape IVR
HR
VSAN_3
interconnection of VSANs
HR
without a predefined VSAN_3
addressing schema
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43
Replication
Replication
VSAN_4
VSAN_1 EISL#1 in
Port Channel
Metro DWDM
CWDM
SONET/SDH
FCIP
IVR IVR
Transit EISL#2 in
VSAN_3 (IVR) Port Channel
Local Local
VSAN_2 VSAN_5
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44
Initiator Target
Initiator Target
SAN
Fabric
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48
E_Port
Efficient use of HBA and E_Port
SAN resources
Add new applications
without adding hardware E-Mail
VSAN_3
Web
VSAN_2
File and Print
VSAN_1
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49
Blade Switch/Top-of-Rack
Domain ID Explosion
Domain ID used for
addressing, routing, and
access control
Blade Switch
One domain ID per
SAN switch
Theoretically 239 domain
ID, practically much less
supported
Limits SAN fabric scalability Blade Switches
Increase Domain MDS
Theoretical
Maximum: 239
IDs, Increase 9500 Domain IDs
BRKSAN-2000
Tier 1 Tier 2 Tape Farm
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57
Physical Virtual
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59
HR Marketing Engineering
BRKDCT-1870 VSAN_3 VSAN_2 VSAN_1
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61
Orchestrating
Virtual IT
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62
FC
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64
FC
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69
Recommended Reading
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71
BRKDCT-1870
14484_04_2008_c2 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72