Professional Documents
Culture Documents
for
Setup of
Next Gen. Data Center Network
in
NDCSP
Purpose of RFP?
◦ To procure new Switches to connect servers with 10G/25G
support. Simultaneously upgrade backbone of network
infrastructure in NDCSP.
Distributed service methodology for better scale: All layer-2 and Layer-3
services will be provided through Leaf switches only. Spines will remain dumb
and provide only transport service. It is analogical to MPLS P-PE design.
Use of Open standards: like VXLAN, EVPN, Open APIs, Netconf, Telemetry, etc,
to avoid vendor lock-in , for better interoperability. For better agility,
Physical topology
Physical topology Highlights
Multi-stage CLOS topology. (hierarchal leaf-
spine)
A pair of Core Switch for North-South
connectivity and services
Each DC hall have 2xSuper-Spines and multiple
PODs
Each POD contains 2xSpines and can have upto
50xLeafs connected in leaf-spine topology
Dedicated inter-hall connectivity through
super-spines @3200Gbps.
Inter-Pod Bandwidth @1600Gbps
All inter-switch links are multiple of 100Gbps
Network Management View
Orchestrator
installation work
RFP highlights
All devices must be from single OEM.
Devices types:
◦ 1. Fabric Controller
◦ 2. Leaf Switch type-1 and type-2
◦ 3. Spine Switch
◦ 4. Super Spine Switch
◦ 5. Core Switch
◦ 6. 12 types of transceivers and cables
Includes fabric specs also. i.e. expected
functionality of the network fabric as a whole.
Suggested logical Design
DDoS
Flow gen.
Usr_Ext_Pri_VRF
Shrd_Ext_VRF WAF
LB
VPN
Nw mon
FW+IPS
NAS Usr_int_VRF
Route_Leak
Backup
Object Str
Shrd_Srv_VRF
Missing pieces
Requirement of Orchestrator for ease of management
VRF aware physical firewall OR virtual firewall per
tenant with IPS inbuilt. this is specifically for self
managed automated model by reducing firewall rules
management complexity.
Automation capability on service appliance like
firewall, LB and WAF. No need of virtual appliances
for LB and WAF functions, in this topology.
Few requirements related to traffic forwarding from
service appliance. Like 1) One-arm mode support
with NAT 2) feature compatibility with P2P connect
model instead of LAN connect model. 3) Dynamic
routing preferred.
Missing pieces
East-West access control.
◦ On switches
Only zone based basic access control
Scalability issues with large no. of customers in cloud
No micro-segmentation
◦ On virtual switch
– e.g. NSX distributed firewall
◦ On Host itself with centralized manager