Professional Documents
Culture Documents
Data Center Poster
Data Center Poster
Service Provider 1
Service Provider 2
INTERNET
VPN
Consider the storage network design and available storage connectivity options: FC, iSCSI and NAS. Plan the data replication process from the branch to headquarters based on latency and transaction rates requirements. Consider QoS classification to ensure the different types of traffic match the loss and latency requirements of the applications.
CAMPUS NETWORK
CAMPUS CORE
The Campus core provides connectivity between the major areas of an Enterprise network including the data center, extranet, Internet edge, Campus, Wide Area Network (WAN), and Metropolitan Area Network (MAN). Use a fully-meshed Campus core to provide high-speed redundant Layer 3 connectivity between the different network areas. Use dual-stack IPv6-IPv4 in all Layer 3 devices and desktop services.
PSTN
SMALL OFFICE
Consider an integrated services design for a full service branch environment. Services include voice, video, security and wireless. Voice services include IP phones, local call processing, local voice mail, and VoIP gateways to the PSTN. Security services include integrated firewall, intrusion protection, IPsec and admission control. Connect small office networks to headquarters through VPN, and ensure QoS classification and enforcement provides adequate service levels to the different traffic types. Configure multicast for applications that require concurrent recipients of the same traffic. Consider a dual-stack IPv4-IPv6 router to support IPv6 traffic. Ensure IPv6 firewall rules and filtering capabilities are enabled on the router.
Integrate wireless controllers at the distribution layer and wireless access points at the access layer. Use Etherchannel between the distribution switches to provide redundancy and scalability. Dual-home access switches to the distribution layer to increase redundancy by providing alternate paths. Consider the use of dual-stack IPv4-IPv6 services at the access, distribution and core Layer 3 and/or Layer 2 devices.
PRIMARY SITE
SECONDARY SITE
Building Z
Use 10GbE throughout the infrastructure (between distribution switches and between access and distribution) when high throughput is required. Use Layer 3 access switches when shared VLANs are not needed in more than one access switch at a time, and very low convergence is required.
Use the WAN as the primary path for user traffic destined for the intranet server farm. Through the use of DNS and RHI control the granularity of applications being independently advertised, and state of distributed application environments. Ensure the proper QoS classification is used for voice, data and video traffic. Use dual-stack IPv6-IPv4 in all Layer 3 devices.
Building X
MAN INTERCONNECT
METRO ETHERNET
Place all network-based service devices (modules or appliances) at the aggregation layer to centralise the configuration and management tasks and to leverage service intelligence applied to the entire server farm. Consider blade server direct attachment and network fabric options; Pass-through modules or integrated switches, and Fibre Channel, Ethernet and Infiniband. In an integrated Ethernet switch fabric, set up half the blades active on switch1 and half active on switch2. Dual-home each Ethernet switch to Layer 3 switches through GbE-channels. Use RPVST+ for fast STP convergence. Use link-state tracking to detect uplink failure and allow the blades standby NIC to take over. Attach integrated Infiniband switches to Server Fabric Switches acting as gateways to the Ethernet network. Connect the gateway switches to the aggregation switches to reach the IP network. When using pass-through modules dual-home servers to access/edge layer switches. Pass-through modules allow Fibre Channel environments to avoid interoperability issues while allowing access to the advance SAN fabric features.
Blade Servers
Blade Servers
Use a high-speed (10GbE) metro optical network for packet-based and transparent LAN services between distributed Campus and Data Centre environments.
Group servers providing like-functions in the same VLANs to apply consistent and manageable set of security, SSL, load balancing, and monitoring policies. Dual-home critical servers to different access switches, and stagger primary physical connections between available access switches. Use PortChannels and trunks to aggregate multiple physical inter-switch links (ISL) into a logical link. Use VSANs to segregate multiple distinct SANs in a physical fabric to consolidate isolated SANs and SAN fabrics. Use core-edge topologies to connect multiple workgroup fabric switches when tolerable over-subcription is a design objective. Use storage virtualisation to further increase the effective storage utilization and centralise management of storage arrays. Arrays form a single pool of virtual storage which are presented as virtual disks to applications.
Infiniband Network
Consolidate application and security services (service modules or appliances) at the aggregation layer switches. Ensure the access layer design (whether L2 or L3) provides a predictable and deterministic behavior and allows the server farm to scale up the expected number of nodes. Use VLANs in conjunction with instances of application and security services applied to each application environment independently.
B
Use a SONET/SDH transport network for FCIP, in addition to voice, video, and additional IP traffic between distributed locations in a metro or long-haul environments. Consider the use of RPR/802.17 technology to create a highly available MAN core for distributed locations.
Use VSANs to create separate SANs over a shared physical infrastructure. Use two distinct SAN fabrics to mainain a highly available SAN environment. Use port channel to increase path redundancy and fast recovery from link failure. Use FSPF for equal cost load-balancing through redundant paths. Use storage virtualisation to pool distinct physical storage arrays as one, hiding physical details (arrays, spindles, LUNs).
The core layer is required when the cluster needs to connect to an existing IP network environment. The modular access layer switches provide access functions to groups of racks at a time. Design is aimed at reducing hop count between any two nodes in the cluster.
Connect access switches used in application and back-end segments to each other across application tier function boundary through EtherChannel links. Use VLANs to separate groups of servers by function or application service type. Use VSANs to group isolated fabrics into a shared infastructure while keeping their dedicated fabric services, security, and stability integral per group. Dual-home hosts to each of the SAN fabrics using Fibre Channel Host Bus Adapters (HBAs). NOC VLAN/VSAN Use a dual-fabric (fabrics A and B) topology to achieve high resiliency in SAN environments. A common management VSAN is recommended to allow the fabric manager to manage and monitor the entire network environment.
To achieve additional redundancy on an HA server cluster, distribute a portion of the servers in the HA cluster to a data center. This distribution of HA clusters across distributed data centers, referred to as geo-clusters or stretched clusters, often times requires Layer 2 adjacency between distributed nodes. Adjacency means the same VLAN (IP subnet) and VSAN have to be extended over the shared transport infrastructure, between the distributed data centers. The HA cluster spans multiple geographically distant data center hosting facilities.
PUBLIC VLANs
HIGH AVAILABILITY SERVER CLUSTER
The nodes in HA clusters are linked to multiple networks using existing network infrastructure. Use the private network for heartbeats and the public network for inter-cluster communication and client access. Nodes in distributed data centers may need to be in the same subnet, requiring Layer 2 adjacency. VSAN P VSAN Q
VLAN Y
PRIVATE NETWORK
Use a NOC VLAN to house critical management tools and to isolate management traffic from client/server traffic. Use NTP, SSH-2, SNMPv3, CDP and Radius/TACACS+ as part of the management infrastructure. Use CiscoWorks LMS to manage the network infrastructure and monitor IPv4-IPv6 traffic, and the Cisco Security Manager to control, configure and deploy firewall, VPN and IPS security policies. Use on the Performance Visibility Manager to measure end-to-end application performance. Use the Monitoring, Analysis, and Response System to correlate traffic for anomaly detection purposes. Use the Network Planning Solution to build network topology models, for failure scenario analysis and other what-if scenarios based on device configuration, routing tables, NAM and NetFlow data. Use the MDS Fabric Manager to manage the storage network. Use NetFlow and the Network Analysis Module for capacity planning and traffic profiling.
End-user Workstation
Wireless Connection
GbE
10 GbE
Part #: 910300406R01