Transcription
Cisco Data Center Architectures forCloud ComputingBRKDCT-2222Carlos Pereira - Distinguished Systems Engineer II @ Latin AmericaBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential1
Data Center and Virtualization (DC/V) & Cloudmarket trendsDC Architectural and Solutions UpdateUnified FabricUnified Network ServicesCisco Unified Computing (UCS)Integrated Computing Stacks & VMDCCisco Cloud Computing OrchestrationQ&ABRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential2
Key Trends Impacting IT & Data CentersThe need to reducecosts and/or maximizeprofitsServer Virtualization —higher performanceBRKDCT-2222IT as businessenablerApplicationsavailabilityDrive for Green—power, cooling andspaceLAN and oning 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential3
Virtualization touches half (at least )The need to reducecosts and/or maximizeprofitsServer Virtualization —higher performanceBRKDCT-2222IT as businessenablerApplicationsavailabilityDrive for Green—power, cooling andspaceLAN and oning 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential4
The Evolving Data Center ArchitectureTechnology Disruptor – Server SOSOS1 Application TransitionApp OSMany Apps,or “VMs” cTraditional.1 Server,or “Host”.1 Server20,000,00017,500,000Tipping tualizedSource: IDC, Nov 2010BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential5
Wire Once and Walk AwayManagement& LegacyUnifiedServer ApplicationServer ResourceBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential6
Ethernet Adapters & Switchesand X86 serversBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential7
This is bad!BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential8
A larger picture IEEE 802Evolution of Ethernet10 GE, 40 GE, 100 GE, copper and fiberEvolution of switchingDCB: Data Center Bridging INCITS/T11Evolution of Fibre ChannelFCoE (Fibre Channel over Ethernet) IBTA (Infiniband Trade Association)RoCE (RDMA over converged Ethernet), aka IBoE or RoE IETFLayer 2 Multi-PathTRILL (Transparent Interconnection of Lots of Links)BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential9
The Data Center is In TransitionChallengesTransformation Technology advances Scalability Energy efficiency Managementintegration Economic efficiency Dynamic businessenvironment Application migrationVirtualizationComputeBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved. Coherent policiesand securityNetworkand StorageAccessCisco Confidential10
Unleashing the Data Center’s Full PotentialSolutionBenefits Cohesive systemthat unites compute,network, storageaccess, andvirtualization Managementsimplification Reduced TCO Increased businessagility Improved energyefficiencyVirtualizationComputeBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Networkand StorageAccessCisco Confidential11
How about a fully VirtualizedData Center architecture ?Is that what “cloud computing” andthe “data center fabric” are all about ?BRKSPM-2604 c1 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential12
The Cloud Computing JourneyConsumption models for IT,applications and services are changingdramatically and will be ahybrid mix – available bothon-premises and from the cloudHybridCloudInterCloudPrivateCloudCisco helps their customer takeadvantage of this shift and ensure asmooth onsolidationBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential13
ConsolidateAssetsStandardizeOperationsVirtualize theEnvironmentAutomateService DeliveryIncreased Agility, Efficiency and SimplicityIncreased Cloud ReadinessBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential14
New ServiceCreation rofitabilityAgilityEfficiencySimplificationNew Bus.Models,Governanceand RiskPartner plicationNetworkingStandardizeOperationsVirtualize theEnvironmentUnified NetworkServicesSecurityStorageAutomateService ctural FrameworkBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential15
Data Center and Virtualization (DC/V) & Cloudmarket trendsDC Architectural and Solutions UpdateUnified FabricUnified Network ServicesCisco Unified Computing (UCS)Integrated Computing Stacks & VMDCCisco Cloud Computing OrchestrationQ&ABRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential16
Virtualized Network Infrastructure OverviewNeed to know concepts nsAS / Area BoundaryMPLS EdgeRoute SummarizationDefault route injectionStateful Services Connectivity PointAccess Layer Connectivity PointL2 Services: root, loop-free featuresL3 Services: default GW, DCHP Relay, ACLsHosts Connectivity PointMapping from virtual to physicalL3 Services: Access layer functionsL2 Services: Edge protocolsVirtual Host Connectivity PointVirtual Extension of access servicesNetwork policy enforcement pointConsiderations Functions are well defined – Tiers can be collapsed or expanded based on scaleL2/L3 Boundary is highly dependent on application environment and redundancy modelAccess-edge: provide FC/10GE/FCoE connectivity connection to the LAN & SAN cloudsBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential17
Virtualized Network Infrastructure OverviewNeed to know concepts 2Pod: Repeatable physical, compute andnetwork infrastructure including L2/L3boundary equipment. The pod is the L2failure domain – fate-sharing domainAccess Pod: Collection of compute nodes andnetwork ports behind a pair of access switchesCompute Pod: Collection of compute nodesbehind a single management domain or HA domainConsiderations Each pod type is expecting and providing higher scalabilityTraditional pod-to-pod connectivity has been through L3DC efficiency and virtualization demand more flexibilityGreenfield pods in brownfield Data CentersBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential18
Network Planes of OperationPolicy PlaneThe business glue of the network. Rules execution, decision making, Service Manager andall the other components to make a productize service.Services PlaneOverlay “Layer 7” application flow built on the foundation of the other layers. Dependenton the other layers.ManagementPlaneThe management plane is the logical path of all traffic related to the system managementof the platform.Control PlaneIt’s the brain of any networking platform and the technical glue of the network. Thecontrol plane is where all routing, switching, other protocols and control information areexchangedData PlaneThe data plane receives, processes, and transmits network data between networkelements, and represents the bulk of network traffic that passes to and through the gear.BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential19
Cisco Fabric Extender ConceptPort Extender (was Pre-standard 802.1Qbh, now 802.1BR)Legacy multi-tier architectureFEX architectureLANLANSwitch port extended overFabric ExtenderSwitchSwitchSwitchFEXCollapse networking tiers, reduce networkmanagement points.BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential20
Cisco FEXlink: Virtualized Access SwitchNexus 2000 Fabric ExtenderCisco Nexus 7000Cisco Nexus 5500 Distributed High DensityEdge Switching System(up to 4096 virtual Ethernetinterfaces)Cisco Nexus 2000 FEXCisco Nexus 2000 FEXBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential21
Cisco Virtual Port Channel (vPC)FLEXIBILITYConfigure all servers for network redundancy inthe same way using standards based LACPNexus 5000, 5500 or 7000 with orwithout Fabric ExtenderVirtual Port Channel (vPC)- Enables LACP between a deviceand two upstream switches- Supported with all Nexus portfolio- Can be used for redundant linkstowards Linux, Windows or ESXservers- More bandwidth to every serverLACP basedEtherchannelAny server – Blade or RackBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential22
Virtual Port Channel (vPC)Simple Networking Building Block Introduces some changes to the data planeProvides active/active redundancyDoes not rely on STP (STP kept as safeguard)Limited to pair of switches (enough for most cases)VPCdomainData planebased looppreventionBlockedport (STP)Redundancyhandled by STPBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Redundancyhandled by vPCCisco Confidential23
To2R Example: Nexus 2000 DeploymentNexus 7000Nexus 7000Distribution LayervPCNexus 2000RackRack11x4x4Rack22RackBRKDCT-2222Access LayervPCNexus 5000x4Rack 1x4RackRack122 2011 Cisco and/or its affiliates. All rights reserved.Nexus 5000x4x4x4Rack11RackCisco ConfidentialNexus 2000x4Rack22RackRack 1Rack122Rack24
That’s nice, but how about the upstreamDC networking layers scalability ?BRKSPM-2604 c1 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential25
Branches of trees neverinterconnect (no loop)L2 Requires a Tree11 Physical Links5 Logical LinksS2S1S3 Spanning Tree Protocol (STP) typically used to buildthis tree Tree topology implies: Wasted bandwidth increased oversubscription Sub-optimal paths Conservative convergence (timer-based) failurecatastrophic (fails open)BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential26
Cisco STP ImplementationFeature Rich - - - - BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential27
Data Center Design Based on STPFocused on Stability FeaturesNE-Data CenterCoreBRLFHSRPHSRPACTIVEAggregationNetwork port (Bridge Assurance)Edge portNormal port typeBPDUguardRootguardLoopguardGlobal BPDU filterLayer 3STANDBYNNBackupRootRootN N N R R R RLayer 2 (STP Bridge Assurance)N N N R R R RLayer 2 (STP BA Rootguard)NNE FBBRKDCT-2222NNAccessE FBNNLE FB 2011 Cisco and/or its affiliates. All rights reserved.E FBCisco ConfidentialE FBLLayer 2 (STP BPDUguard)28
Data Center Design Based on vPCFocused on Scalability FeaturesNE-Data ayer 3ACTIVENRoot- - - R R R RNetwork port (Bridge Assurance)Edge portNormal port typeBPDUguardRootguardLoopguardGlobal BPDU filterRLayer 2 (STP Bridge Assurance)Root- - R R RLayer 2 (STP Rootguard)-Access-EFBBRKDCT-2222EFBLEFB 2011 Cisco and/or its affiliates. All rights reserved.EFBCisco ConfidentialEFBLayer 2 (STP BPDUguard)29
Virtual Access Switch PODNexus end-to-end loop free Layer 2 Logical TopologyVPC pair Cisco Nexus 2248T / 2232Fabric Extender (N2K) andNexus 5500 (N5K) Pod Each VirtualizedAccess Switch Podconfigured to supportup to 768 1GE serverports N2K N5K Pod representsnetworking Access layer Nexus 7000 at AggregationLayerNO blockingportsNexus 5000/2000Virtualized AccessSwitch PodsBRKDCT-2222. 2011 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialNOSTP30
Logical View: Star Topology without L2 loopsNexus 7000vPCUnified Computing System(UCS)Nexus 5000 / 5500 2000Virtual AccessSwitch PODVirtual Blade Switching(VBS)BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Nexus 7000 2000Virtual AccessSwitch PODCisco Confidential31
What if I need more than two (2)aggregation switches ?How do I scale MAC Addresseswith L2 bridging ?BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential32
MAC Address Scaling & L2 Bridging MAC addresses encode no location or network hierarchy Default forwarding behavior in bridged network is flood MAC filtering database limits scope of flooding Ultimately, may not scale well as every switch learns everyMACMAC TableMAC TableAALayer 2DomainMAC TableAMAC TableMAC TableMAC TableAAABRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential33
Network Addressing SchemeMAC v.s. IPNetwork Address10.0.0.0/2410.0.0.10 1111Host 1110.0.0.100011.1111.1111L2 Forwarding (Bridging) Data-plane learning Flat address space and forwardingtable (MAC everywhere !!!) Flooding required for unknown unicastdestination Destination MACs need to be knownfor all switches in the same network toavoid floodingBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.20.0.0.20L3 Forwarding (Routing) Control-plane learning Hierarchical address space andforwarding Only forwarding to destinationaddresses with matching routes in thetable Flooding is isolated within subnets No dependence on data-plane formaintaining forwarding tableCisco Confidential34
Eternal Debates on Network Design for CloudLayer 2 or Layer 3?Both Layer 2 and Layer 3 are required for any network designLayer 3NetworkL3Core Subnet provide fault isolation Scalable control planes with inherentprovision of multi-pathing and multi-topology HA with fast convergence Additional loop-mitigation mechanism in thedata plane (e.g. TTL, RPF check, etc.)Cisco has solutions for bothLayer 2 and Layer 3 to satisfyCustomers’ requirementsLayer 3?Layer LAN Simplicity (no planning/configurationrequired for either addressing or controlplane) Single control plane protocol for unicast,broadcast, and multicast Easy application development 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential35
The Next Era of Layer 2 NetworkWhat Can Be Improved? Network Address Scheme: Flat HierarchicalAdditional header is required to allow L2 “Routing”instead of “Bridging”. “Switch ID” comes to the picture.Provide additional loop-prevention mechanism like TTL Address Learning: Data Plane Control PlaneEliminate the needs to program all MACs on everyswitches to avoid flooding Control Plane: Distance-Vector Link-StateImprove scalability, minimize convergence time, and allowmultipathing inherentlyThe ultimate solution needs to take both controland data plane into consideration this time!!!BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential36
Cisco FabricPath OverviewCisco FabricPathData Plane InnovationControl Plane Innovation FabricPath encapsulation Plug-n-Play Layer 2 IS-IS Conversation Learning Support unicast and multicast Routing, not bridging Fast, efficient, and scalable Built-in loop-mitigationTime-to-Live (TTL) Equal Cost Multipathing(ECMP)RPF Check VLAN and Multicast PruningCisco NX-OSCisco Nexus PlatformBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential37
FabricPath – Simplicity to the Server teamMulti-Domain – SilosFabricPath – Any App, Anywhere!FabricWeb ServersApp ServersWeb ServersNew AppsApp ServersSilo 1Silo 2Silo 3New Apps Benefits server team by providing a network Fabric that looks like asingle switch Breaks down silos, permits workload mobility, providesmaximum flexibility Lowers OPEX by simplifying server team operation Reducesdependency on/interaction with network teamBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential38
What is a Fabric? Externally, a Fabric looks like a single switch Internally, a protocol adds Fabric-wide intelligence and ties theelements together.This protocol provides in a plug-and-play fashion: Optimal, low latency connectivity any to any High bandwidth, high resiliency Open management and troubleshooting Cisco FabricPath provides additional capabilities in term ofscalability and L3 integrationFabricPathBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.FabricPathCisco Confidential39
FabricPath: an Ethernet FabricEnabling Network FabricsFabricPath Connect a group of switches using an arbitrary topology With a simple CLI, aggregate them into a Fabric:N7K(config)# interface ethernet 1/1N7K(config-if)# switchport mode fabricpath An open protocol based on L3 technology provides Fabricwide intelligence and ties the elements togetherBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential40
Example 1: Classical POD MigrationQ: Why migrate traditional Access/Aggregation building block toFabricPath?A: No STP – No STP sync, notopology changes, no blockedports, no risk of loops Simple configuration Total flexibility in design andcabling Enables organic bandwidthgrowth – Grow where andwhenever needed with minimalimpactBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential41
Example 2: POD Interconnect / VLAN AnywhereQ: How to interconnect DC PODs in order to have VLANs anywhere?A: Provide server/host connection to any edge port in network, regardless ofphysical location Physical/rack/distribution pair location of host irrelevant with respect to IPsubnet and Layer 2 adjacency with other hosts Gateway placement options include GLBP, MHSRP and “leaf-attached”gateways, so far.POD 1POD 2POD 3PODS 1-3VLANs 100-199VLANs 200-299VLANs 300-399VLANs 100-399BRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential42
Data Center Networking Architecture Flexibility:Cisco leDual16 WayUp to 10 TbpsUp to 20 TbpsUp to 160 TbpsActive PathsPodBandwidthLayer 2 ScalabilityInfrastructure Virtualization and CapacityBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential43
Data Center and Virtualization (DC/V) & Cloudmarket trendsDC Architectural and Solutions UpdateUnified FabricUnified Network ServicesCisco Unified Computing (UCS)Integrated Computing Stacks & VMDCCisco Cloud Computing OrchestrationQ&ABRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential44
Cisco Unified Network SERVICE .ANYConsistentPolicyDedicated(Hardware �DELIVERY MECHANISMANYFORM VirtualANYENVIRONMENTNetworkComputeCloudOffers flexibility and choice for any deployment modelBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential45
Data Center Virtualized ServicesCombination ExampleVRFVRFv5VRFv6v71v83v107v1052“Front-End” VRFs (MSFC)VRF4Firewall Module Contextsv10834ACE Module Back-End” VRFs (MSFC)BU-4v2081v2082v2083Server Side VLANs.* vX VLAN X**BU Business UnitBRKDCT-2222 2011 Cisco and/or its affiliates. All rights reserved.Cisco Confidential47
Physical to Virtual Services Transition Provide a common framework for Physical and Virtual services Extend customer investments in Physical, while addressing cloud requirementsPhysical NWServicesPrivate CloudPublic CloudAppAppAppOSOSOSWAN OptFirewallSLB/ADC Application-specificservice nodesVDC-1VDC-2 Virtual appliance form factor Elastic Instantiation/Provisioning Service transparent to VM mobility Form f
BRKDCT-2222 1 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Cis
