- Types of Data Center Interconnections
- Layer 1 DCI
- Physical connection between Data Centers
- Dark Fiber ( MetroE)
- Fibrechannel
- Not as flexible
- Physical connection between Data Centers
- Layer 2 DCI
- Carrier appears as L2 Bridge
- MPLS options
- VPLS options
- IP Mobility
- Layer 3 DCI
- IP Based connection
- iSCSI
- Routing
- ATOMoGRE
- IP Based connection
- Layer 1 DCI
Datacenter Design VI ( SDN )
Software Defined Networking
- Advantages SDN
- Automatic Infrastructure Provisioning
- Multi-tenant enviornments
- Flexible Placement of servers ( Mobility )
- Health monitoring of applications
- Application to NET ( Southbound ) and NET to application ( Northbound ) communication
- Cisco’s SDN implementation: Application Centric Infrastructure ( ACI )
Three key ingredients for ACI
- Nexus 9000 series / 9300 / 9500.
- Aplication Policy Infrastructure Controller ( APIC ).
- Cisco recommends a minimum of three APIC servers.
- Policy Model ( “What talks to what and how” ).
Datacenter Design V ( TRILL, Fabric Path )
TRansparent Interconnection of Lots of Links
- https://en.wikipedia.org/wiki/TRILL_(computing)
- Often in datacenters a layer 2 design is implemented to span VLANs.
- First define your FabricPath domain, which disables Ethernet.
- IS-IS enabled Fabric Path Domain.
- Classic Switch data learned and IS-IS Level 2 ‘Routing Table’ Built.
- Opens L2 ECMP Capabilities.
- Leaf to servers with vPC / MEC
Datacenter Design IV ( VPC , MEC, Fabric Extenders )
What is a vPC (virtual Port Channel)
- Nexus series Network Virtualisation Technology.
- “Lightweight” VSS – Combine ports, not switches.
- Links on different switches to appear as the same device.
- Downstream device can be anything supoprting 802.3ad (LACP).
- Commonly called Multi Chassis Etherchannel ( MEC ).
(more…)
IS-IS Design Principles
IS-IS History
https://en.wikipedia.org/wiki/IS-IS
https://en.wikipedia.org/wiki/OSI_protocols
https://en.wikipedia.org/wiki/Type-length-value
- Created for the OSI Protocol Suite
- Integrated IS-IS: the mutation.
- IS-IS dictionary:
- IS = Intermediate System (Routers)
- ES = End System
- TLV = Type Length Value
- NSAP = Network Service Access Point
- (OSI protocols equivilent of the TCP/IP’s IP Address)
- IS-IS features:
- Link State Routing Protocol (Same as OSPF)
- NSAP address assigned per router
- Dijkstra SPF powered (Same as OSPF)
- PRC efficient
- Hellos Establisch neighbors at Layer 2 ( source MAC, Multicast Mac )
- Two routing levels ( Level 1 and Level 2 )
- Area Based Design ( Routers know their area )
- default link cost = 10
IS-IS High level Design
- Two routing databases
- Level1 and Level2
- Level 1 routers find closest Level2 Exit.
- Area defined by
- 49.0001 ( Area 1 )
- 49 private adressing , 0001 is area 1
- Level1 and Level2
- Three router types
IS-IS Neighbors and Area Design
Network Management (Tools, Netflow, NBAR, IP SLA)
Monitoring and Managing
- Know your network is doing well.
- Understand the trends in your network performance.
- Identify your bottlenecks and propose solutions.
- Proact – Don’t react.
Phases of optimizations and the tools
- Create a baseline – Netflow, NBAR, IP SLA
- Optimize Network – QoS, AutoQoS VoIP, AutoQoS Enterprise
- Measure / Adjust – Netflow, NBAR, IP SLA, Syslog
- Deploy Apps – Netflow, NBAR
Wireless Design Principles
- Wireless Signal Mesured in dBm ( Power referenced against one Milliwatt )
- Range is roughly -30dBm to -90dBm
- -30dBm = Max Achievable ( not desired ).
- -67dBm = Mininum for real-time Apps.
- -80dBm = Minimum for communication.
- Noise is always a challenge
- Signal to Noise Ratio ( SNR ) = ( Signal – Noise ) = Value
- Mininum SNR of 25 is needed for real-time apps.
Multicast and Multicast Routing
Unicast vs Multicast
- Routed via PIM ( Protocol Independent Multicast ).
- Always UDP-Based ( Video, Audiostreams, some kinds of data ).
- Typical network challenges ( QoS, Security, Bandwidth consumption).
- Began as a ‘speciality’ technology, becoming heavily adopted in modern times.
Multicast Addresses
- Multicast group members receive all data center to a group.
- Multicast IPv4 Range: [ 224.0.0.0 239.255.255.255 ]
- Filtering tip:
- Last 23 bits of IP mapped to MAC
- Can lead to overlapping addresses
- Last 23 bits of IP mapped to MAC
- Filtering tip:
VPN Design
Remote Access VPN design
- For a VPN you need a termination device (vpn concentrator / Firewall), a client and the connecting technology for tunneling.
- Cisco Easy VPN.
- Client options
- IPSEC VPN client
- SSLVPN Clientless Access
- SSLVPN Thin client
- SSLVPN Thick client
Placement of the VPN Termination Device:
E-Commerce Implementation
Core layer
- Cisco 6509.
- Static routing used to ISP ( or basic BGP ).
- FWSM or ACE module used as initial filter.
- Static route down to VIP of aggregation layer FHRP.
Aggregation Layer
- Cisco 6506 ( MSFC ).
- Traffic received from core routed to CSM
- CSM load balances to VLANs at the access layer
- Simple Design allows inter-vlan routering ( web, app, db )
- Inter-vlan routing without a FWSM can lead to access from the VLANs.
Access Layer
- Cisco 6509
- Servers typically devided into web, app, and database VLANS.
- Server gateways set to CSM, FWSM, or VIP of the FHRP on L3.
- Firewall restrictions between layers common.