Professional Documents
Culture Documents
Networking
Architecture
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Before We Get Started:
Put cell phones into silent mode
Intermediate level session focused on data center front end
architecture
This session is based upon the Data Center Infrastructure Design
Guide 2.5.
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns107/c649/cc
migration_09186a008073377d.pdf
Additional Cisco Validated Designs (CVD) can be found at;
http://www.cisco.com/go/cvd
Enterprise Data Center:
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns741/netw
orking_solutions_products_genericcontent0900aecd80601e1d.html#da
tacenter
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Agenda
Data Center Infrastructure
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Data Center Evolution
Consolidate
Virtualize
Automate
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Application Centric Architecture
Two Sides Of the Same Coin
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Data Center Architecture Overview
Layers of the Enterprise Multi-Tier Model
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Core Layer Design
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Core Layer Design Scaling
Requirements
Campus Access Layer
Campus
Distribution
Is a separate DC Core
Layer required?
Consider:
10GigE port density Campus Core
Administrative domains
Anticipate future
requirements
Key core characteristics DC Core
10GE scalability
Aggregation
Distributed forwarding
architecture
Advanced link load balancing
Scalable IP multicast support
Server Farm Access Layer
Scaling
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Core Layer Design
L2/L3 Characteristics
Layer 3 Core
Equal cost multi-path (ECMP) load
balancing Campus Core
EIGRP/OSPF for fast convergence
L2 extension through core is
not recommended
DC Core
CEF Hash
CEF* hashing algorithm Applied to
Default hash is on L3 IP Packets on
addresses only Equal Cost
L3 + L4 port hash will improve Routes
L3
load distribution
L2
CORE1(config)#mls ip cef load full simple
Aggregation
Leverages automatic source port
randomization in client TCP stack
Access
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Core Layer Design
Routing Protocol Design: EIGRP
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Aggregation Layer Design
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Aggregation Layer Design
Spanning Tree Design
Rapid-PVST+ (802.1w) or
MST (802.1s), Core
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Aggregation Layer Design
Integrated Services
Services: Firewall, Load Balancing, SSL
Encryption/Decryption
+
L4-L7 services integrated in Cisco Catalyst® 6500
Server load balancing, firewall and SSL services may be
deployed in:
Active-standby pairs (ACE, FWSM 2.X)
Active-active pairs (ACE, FWSM 3.1)
Integrated blades optimize rack space, cabling, mgmt,
providing flexibility and economies of scale
Influences many aspects of overall design
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Aggregation Layer Design
Active-Standby Service Design
Active-standby services
Application Control Engine
Core
Firewall Service Module
SSL Module Root Primary Root Secondary
HSRP Primary HSRP Secondary
Under utilizes: Active Context Standby Context
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Aggregation Layer Design
Active-Active Service Design
asymmetrical flows
Introduce route-map to
RHI injected route to set
vlan6 vlan6
desired metric
vlan5 vlan6 vlan6 vlan5
1. ACE Probes to
Real Servers in VIP
to Determine Health
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Aggregation Layer Design
Scaling the Aggregation Layer
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Aggregation Layer Design
Using Virtual Route Forwarding (VRF)
MPLS or
VRF-Green other Core
Enables virtualization/
partitioning of network VRF-Blue DC Core
resources (MSFC, VRF-Red
ACE, FWSM)
Agg1 Agg2
Permits use of application
services with multiple access
Alternate Primary
topologies Firewall and SLB Contexts on Agg1
Contexts for Green, and 2 to Achieve
Maps well to path isolation Blue, and Red Active-Active Design
MAN/WAN designs such as VLANs Isolate
with MPLS or Multi-VRF Contexts on Access
(VRF-Lite) 802.1Q
Trunks
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Access Layer Design
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Access Layer Design
Defining Layer 2 Access
nks
Loop-free - VLANs are not extended
T ru
across inter-switch link trunk
.1q
L3 routing is typically performed in
802
the aggregation layer
Stateful services at Agg can be
provided across the L2 access
(FW, SLB, SSL, etc.)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Access Layer Design
Establish a Deterministic Model
Align active components in traffic
path on common Agg switch:
DC Core
Primary STP root L3+L4 Hash
Agg-1(config)#spanning-tree vlan 1-10 root primary Path
Pref
nks
Def gwy
T ru
.1q
Use RHI & Route map
802
Route-map preferred-path
match ip address x.x.x.x
set metric -30
(also see slide 17)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Access Layer Design
Balancing VLANs on Uplinks: L2 Looped Access
Distributes load across uplinks
STP blocks uplink path for
VLANs to secondary root switch DC Core
L3+L4 Hash
If active/standby service modules
Agg1 Agg2
are used; consider inter-switch L3
link utilization L2
Multiple service modules may be Blue-Primary Root Red-Primary Root
Blue-Primary HSRP Red-Primary HSRP
distributed on both agg switches to Red-Sec Root Blue-Sec Root
achieve balance Red-Sec HSRP Def gwy Def gwy Blue-Sec HSRP
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Access Layer Design
Looped Design Model
VLANs are extended between Primary STP Root Secondary STP Root
aggregation switches, creating Primary HSRP Secondary HSRP
the looped topology Active Services Standby Services
Spanning Tree is used to L3 Inter-Switch Link
prevent actual loops (Rapid L2
PVST+, MST) F F
.1Q Trunk
Redundant path exists through a
F F F F F F F
second path that is blocking
Two looped topology designs:
Triangle and square
FB FB F F
VLANs may be load balanced B
across access layer uplinks
Inter-switch link utilization must
be considered as this may be
used to reach active services Looped Triangle Looped Square
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Access Layer Design
L2 Looped Topologies
L2 Triangle L2 Square
L3 L3
L2 L2
VLAN VLAN
10 10
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Access Layer Design
Loop-Free Design
Alternative to looped design
2 LoopFree Models:
U and Inverted U DC Core
L2
Benefit: less chance of loop condition
due to configuration errors or other
anomalies
L2-L3 boundary varies by
loop-free model used:
U or Inverted-U
Implication considerations with
service modules, L2 adjacency,
and single attached servers
LoopFree U LoopFree
Inverted U
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Access Layer Design
Drawbacks of Layer 2 Looped Design
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Access Layer Design
Loop-Free Topologies
L2 Loop-Free U L2 Loop-Free Inverted U
L3
L2
L3
L2
VLAN
10
MSFC on Agg1
VLAN 10 VLAN 11
VLAN 20, 21
If the uplink connecting access and aggregation goes down, the VLAN interface on the MSFC
goes down as well due to the way autostate works
CSM and FWSM has implications as autostate is not conveyed (leaving black hole)
Tracking and monitoring features may be used to allow failover of service modules based on
uplink failure but would you want a service module failover for one access switch uplink failure?
Not recommended to use loop-free L2 access with active-standby service module
implementations. (See slide on ACE next)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Access Layer Design
Loop-Free U Design and Service Modules (2)
ACE Context 1 ACE Context 1
HSRP
L3
L2 HSRP Secondary on Agg2
Takes over as def-gwy
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Virtual Switching System 1440
Network System Virtualization
Aggregation/Access Server Access
Si
Si Si
Si Si
Si Si
Si
Dual-Homed Servers,
Single active uplink per
VLAN (PVST), Fast L2
convergence L2 Access
Looped
Triangle
- + + + - (3) +
Looped
Square
+ + + + + -
(4)
Loop-Free U + - (4) - + + +
(1,2)
Loop-Free
Inverted U
+ + + (1,2) +/- + -
VSS (6) + + + + + +
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Access Layer Design:
L3 Design Model
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Access Layer Design
Defining Layer 3 Access
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Access Layer Design
Need L3 for Multicast Sources?
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Access Layer Design
Benefits of L3 Access
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
Access Layer Design
Drawbacks of Layer 3 Design
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
Access Layer Design
L2 or L3? What Are My Requirements?
Aggregation Aggregation
L3
OSPF, EIGRP
L2
Layer 2 Layer 3
The Choice of One Design Versus the Other:
Difficulties in managing loops Ability to extend VLANs
Staff skillset; time to resolution Specific application requirements
Broadcast domain sizing
Convergence properties
Oversubscription requirements
NIC teaming; adjacency
Link utilization on uplinks
HA clustering; L2 adjacency Service module support/placement
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Access Layer Design:
BladeServers
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Blade Server Requirements
Connectivity Options
Aggregation
Layer
External L2
Switches
Integrated L2
Switches
Interface 1
Interface 2
Blade Server Chassis Blade Server Chassis
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
Cisco Virtual Blade Switch (VBS)
Overview of Concept and Benefits
NEW
Management Simplification
– Operational simplification
• Single switch per rack to manage
• True Plug-n-Play of switches
– Design Simplification:
• Sharing Uplinks helps reduce cables
• Reduction in # of logical nodes in L2/L3
network helps improve network convergence
– Operational Consistency
• Familiar IOS CLI, MIBs and management tools
like CiscoWorks
• Consistent End-to-end features and functionality
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
Cisco Catalyst Virtual Blade Switch
Topology Highlighting Key Benefits
Access Layer (Virtual Blade Switch) Aggregation Layer
Mix-n-match
GE & 10GE
switches
Local Traffic
doesn’t go to
distribution
switch
Higher
Resiliency With Catalsyt
with 6500 VSS, all
Etherchannel links utilized
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
Density and Scalability Implications
Modular, Top of Rack, Blade Access Switching Models
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
49
Density and Scalability Implications
Server Farm Cabinet Layout
~30-40 1RU Servers per Rack
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
Density and Scalability Implications
Density: How Many NICs to Plan For?
Front End Interface
Three to four NICs per server
OOB
are common Management
Front end or public interface Backup Network
Storage HBA or
Storage interface (GE, FC) GE NIC
Backup interface
Back end or private interface Back End Interface
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
Density and Scalability Implications
Cabinet Design with Top of Rack Switching
Servers Connect to a Top of Rack (TOR) Switch
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
Density and Scalability Implications
Top of Rack (TOR) Switching Model
Aggregation
GEC or 10GE Uplinks?
Access
Cabinet 1 Cabinet 2
… Cabinet 25
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
Density and Scalability Implications
Cabinet Design with Modular Access Switches
Servers Connect Directly to a Modular Switch
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
Density and Scalability Implications
Access Network Topology w Modular Switches
Aggregation
Access
Aggregation
More Uplinks
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
Scaling Bandwidth and Density
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
Scaling B/W with GEC and 10GE
Optimizing EtherChannel Utilization
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 58
Scaling B/W with GEC and 10GE
Migrating Access Layer Uplinks to 10GE
DC Core
Aggregation
Access Pair 1 … …
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59
Scaling B/W with GEC and 10GE
Consolidate to ACE
DC Core
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60
Scaling B/W with GEC and 10GE
Service Layer Switch
Access
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61
Increasing Throughput with
Virtual Switching System 1440
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 62
Scaling with 10GE Density
Nexus 7000
Access
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 63
Spanning Tree Scalability
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 64
Spanning Tree Scalability
Common Questions
How many VLANs can I
support in a single
aggregation module? DC Core
Can a “VLAN Anywhere”
model be supported?
Aggregation
How many access switches
can I support in each
aggregation module?
What are the maximum
number of logical ports?
Are there STP hardware
restrictions?
Access Pair 1 … …
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 65
Spanning Tree Scalability
Spanning Tree Protocols Used in the DC
1 10 Mbps, 10/100 Mbps, and 100 Mbps Switching Modules Support a Maximum of 1,200
Logical Interfaces per Module
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm#wp26366
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Number of Total STP Active
Logical Interfaces= DC Core
Trunks on the switch * active
VLANs on the trunks + number
of non-trunking interfaces on the switch
30 VLANs
In this example, aggregation 1 will have:
10 + 20 + 30 = 60 STP active logical interfaces
Te7/4
AGG1#sh spann summ tot
Switch is in rapid-pvst mode Te7/3
Root bridge for: VLAN0010, VLAN0020, VLAN0030
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is enabled
UplinkFast is disabled 10 VLANs 20 VLANs
BackboneFast is disabled
Pathcost method used is long
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Example: Calculating Total Active
Logical Ports
120 VLANs system wide
No manual pruning performed on Core
trunks
1RU access layer environment Layer 3
Layer 2
45 access switches each Aggregation 1 Aggregation 2
connected with 4GEC Primary Root Loop Secondary Root
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 69
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Number of Virtual Ports per
Line Card= DC Core
For line card x: sum of all trunks * VLANs *
(the number of ports in a port-channel if used)
10 + 20 + (30*2) 30 VLANs
=90 Virtual Port’s on line card 7 Te7/1
Te7/2
Te7/4
AGG1#sh vlan virtual-port slot 7
Slot 7 Te7/3
Port Virtual-ports
-------------------------
Te7/1 30 EtherChannel
Te7/2 30 10 VLANs 20 VLANs
Te7/3 10
Te7/4 20
Total virtual ports:90
AGG1#
NOTE: VPs Are Calculated per Port in Channel Groups
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 70
Spanning Tree Scalability
Spanning Tree Protocol Scaling
Example: Calculating Virtual Ports per
Line Card
Core
Acc1Acc2 …. Acc12
Access 1 ..… Access 12
EtherChannels to Acces Layer
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71
Spanning Tree Scalability
Why STP Watermarks Are Important
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72
Spanning Tree Scalability
Design Guidelines
Access
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 73
Increasing HA in the Data Center
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 74
Increasing HA in the Data Center
Server High Availability
Common Points of Failure
1. Server network adapter
2. Port on a multi-port
server adapter
L3
L2 3. Network media
(server access)
4. Network media (uplink)
5. Access switch port
6. Access switch module
7. Access switch
Heartbeats
Heartbeats
Heartbeats
Eth0: Active Eth1: Standby Eth0: Active Eth1: Standby Eth0: Active Eth1-X: Active
IP=10.2.1.14 IP=10.2.1.14
IP=10.2.1.14 IP=10.2.1.14
MAC =0007.e910.ce0f MAC =0007.e910.ce0e
MAC =0007.e910.ce0f MAC =0007.e910.ce0f
One Port Receives, All Ports Transmit
On Failover, Src MAC Eth1 = Src MAC Eth0 On Failover, Src MAC Eth1 = Src MAC Eth0
Incorporates Fault Tolerance
IP Address Eth1 = IP Address Eth0 IP Address Eth1 = IP Address Eth0
One IP Address and Multiple MAC Addresses
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 76
Increasing HA in the Data Center
Server Attachment: Multiple NICs
You Can Bundle Multiple Links to Allow
Generating Higher Throughputs Between
Servers and Clients
L3
L2
EtherChannel Hash May
Not Permit Full Utilization
for Certain Applications
(Backup Example)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77
Increasing HA in the Data Center
Failover: What Is the Time to Beat?
L4 Convergence Tolerance
~ 5s ~ 9s
L3 Convergence L2 Convergence
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 78
Increasing HA in the Data Center
Failover Time Comparison
STP-802.1w—One sec
OSPF-EIGRP—Sub sec
ACE Module with Autostate
HSRP—Three sec (using 1/3)
FWSM Module—Three sec
CSM Module—Five sec
WinXP/2003 ServerTCP Stack—Nine sec
Failover Time
TCP Stack
Tolerance
Content ~ 9s
Service
Module
HSRP FireWall ~ 5s
~ 3s Service
(may be tuned Module
Spanning Tree ACE to less) ~ 3s
OSPF/EIGRP ~ 1s
~1sec
Sub-second
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 79
Increasing HA in the Data Center
Non-Stop Forwarding/Stateful Switch-Over
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 80
Increasing HA in the Data Center
NSF/SSO in the Data Center
Redundant Supervisors with SSO in the
access layer:
Improves availability for single attached
servers
Redundant Supervisors with SSO in the
aggregation layer:
Consider in primary agg layer switch
Prevents service module switchover
(up to ~5sec depending on module)
SSO switchover time less than two sec
12.2.18SXD3 or higher
Possible implications
HSRP state between Agg switches is
not tracked and will show switchover until
control plane recovers
IGP Timers cannot be aggressive (tradeoff)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 81
Increasing HA in the Data Center
Best Practices: STP, HSRP, Other
Rapid PVST+
UDLD Global
Spanning Tree Pathcost Method=Long
Rootguard
LoopGuard Blade Chassis
Portfast + with Integrated
BPDUguard Switch
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 82
Q and A
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 83
Recommended Reading
Continue your Networkers at
Cisco Live learning
experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books
Visit www.cisco.com/go/cvd
for Design Guides and
Whitepapers about all of
these subjects and more