Datacenter Design III (STP, High availability, Failover timers)

STP in the datacenter

STP logical interfaces maximum

  • RSTP / MST reach topology maximus. Switch specs logical / virtual interfaces.  (6500/ 6748)
    • Logical interfaces == ((trunk ports * vlans ) + non-trunk interfaces)
    • Virtual interfaces ( Per line card ) = (( trunk ports * vlans ))
    • verify with ‘show spantree sum total

Example logical interfaces:

6500 Chassis:

  • 120 VLANS
  • 49 Access layer switches
  • 2 connections to each switch ( double uplink but with etherchannel counts as 1 logical interface )
  • 1 Cross Connect to secondary Agg Switch.
  • 30 other devices connected
    • (( 120 * 50 ) + 30 ) = 6030 Logical interface (out of 10,000 max)

Example Virtual interfaces:

Cisco 6748 Linecard

  • 120 VLANS
  • 12 Access layer switches, 4 Etherchannel-bundled connections.
    • 12 x 4 = 48 ports  ( Virtual interfaces counts every interface )
      • ( 120 * 48 ) = 5760 Virtual Interfaces (out of 1800 max)

High Availability

Nic teaming options

  • Adapter fault tolerance (AFT):  active / standby  – Two nics  One switch
  • Switch fault tolerance (SFT):  active / standby  – Two nics Two switches
  • Adaptive Load Balancing (ALB):  active / active – One IP Two Macs
  • Etherchannel – LAG

Expectations and Failover Timers

OperationFailover time
OSPF / EIGRPSubsecond
RTSP1-2 Seconds
Etherchannel1 Second
HSRP Timers3 Seconds
Service Modules1-5 Seconds
Windows TCP Stack Tolerance9 Seconds

Datacenter Design II (Blades, Scaling, Bandwidth)

Blade Server design

  • Overleg with the server team connectivity.
  • Many blade servers enter de “enterprise switch” market with an integrated switch.
  • Pass-through cabling or integrated switches.
  • Significant impact on power – cooling – weight.

Connecting the blade to the network

  • If you use the integrated blade switch, use a layer3 access layer.
  • Avoid a double Layer 2 design:
    •  [Layer 2 on the access layer] connected to a [layer 2 domain within the bladeswitch].
  • If you use passthrough, use a layer2 or layer3 access layer.

Scaling the Datacenter Architecture

(more…)

Datacenter Design I (Core, Aggregation, Access Designs)

Core

  • Not all datacenter designs needs a core layer
  • Access to aggregation, aggregation to core : 10 or 40GBps
  • CEF load balancing tuning (L3 + L4)
  • Core should run L3 only, Aggregation acts as L3/L2 boundry to access
  • Core runs OSPF / EIGRP with aggregation

Aggregration

(more…)

Wan Services (Sonet, Metro, VPLS, MPLS)

SONET / SDH

Sonet ( Synchronous Optical Networking)

  • American National Standards Institute (ANSI)
  • Used in US / Canada
  • Synchronous transport signals (STS) used for speed

Synchronous Digital Hierarchy

  • International Telecommunications union (ITU)
  • Used everywhere expect US / Canada
  • Synchronoous transport Modules (STM) used for speed)

(more…)

IP Subnetting Template

LocationSubnetVLANDescriptionPrefix
10.1.0.0/16
Location0110.1.10.Y
10
Data
10.1.20.Y20Voice
10.1.30.Y30WiFi
10.1.40.Y40Servers Printers
10.1.50.y50Exit VLAN
10.1.98.Y98Public WiFI
10.1.99.Y99Management
10.2.0.0/16
Location0210.2.10.Y10Data
10.2.20.Y20Voice
10.2.30.Y30WiFi
10.2.40.Y40Servers Printers
10.2.50.y50Exit VLAN
10.2.98.Y98Public WiFI
10.2.99.Y99Management

 

 

Routing Design Principles (EIGRP, OSPF, BGP)

EIGRP design principles

  • EIGRP works for arbitrary topologies for small to medium networks.
  • A flat EIGRP network doesn’t really scale beyond 400 routers and will lead to performance issuse
    • How to solve this?
      • Stub areas, summerization, route filtering limits the query scope
  • If EIGRP doesn’t have a feasible successor it will query all it’s neighbours.
    • “I don’t have a route anymore, don’t route through me, give me a viable route”.
  • BFD to optimize convergence (100ms wtih 1000 routes).
  • 2 second hello timer, 6 second hold timer ( recommended )

Multiple EIGRP design principles

  • Used to merge two networks ( Acquisitions )
  • Different administrative groups in a company
  • a way to devide large networks ( and control queries )
  • Routes are distributed between AS ( don’t loop! )

(more…)

LAB I ( OSPF over GRE with and without IPsec )

Setup:

  • R1 functions as the internet.
  • R2 is the first location with Public IP 1.1.1.2/30
  • R3 is the second location with Public IP 1.1.2.2/30

There must be a GRE tunnel configured between R2 and R3 so that OSPF can be used between them. In the example we will use a tunnel with and without IPsec.

Configuration without IPsec:

ROUTER 2:

R2:

# WAN ADDRESS
interface FastEthernet0/0
 ip address 1.1.1.2 255.255.255.0
 duplex auto
 speed auto
!

# TUNNEL ADDRESS
interface Tunnel0
 ip address 10.10.10.1 255.255.255.252
 tunnel source 1.1.1.2
 tunnel destination 1.1.2.2
!

# LAN ADDRESS
interface Loopback0
 ip address 192.168.10.1 255.255.255.0
!

# OSPF CONFIG
router ospf 1
 log-adjacency-changes
 network 10.10.10.0 0.0.0.3 area 0
 network 192.168.10.0 0.0.0.255 area 0
!

# DEFAULT ROUTE (TRAFFIC TOWARDS R3)
ip route 0.0.0.0 0.0.0.0 1.1.1.1

(more…)

Advanced STP Features

PortFast

Allows a port running STP to go directly from blocking to forwarding mode.
This will bypass the 50 second timer (20 seconds max age, 15 seconds listening, 15 seconds learning).

sh spanning-tree interface fastEthernet 0/1
SW(config)#spanning-tree portfast ?
 bpdufilter Enable portfast bpdu filter on this switch
 bpduguard Enable portfast bpdu guard on this switch
 default Enable portfast by default on all access ports

SW(config-if)#spanning-tree portfast ?
 disable Disable portfast for this interface
 trunk Enable portfast on the interface even in trunk mode
 <cr>

UplinkFast

Switch01 has two paths to the root (sw0) where one is FWD and one is BLCK.
With UplinkFast the port that could potentially reach the rootswitch is collectivly refered as an uplinkgroup (includes FWD and BLCK ports). If the FWD port goes down, the other ports will transition to FWD immediately (between 1-3 seconds).
Not recommended on core and distribuition switches making it “PortFast on the access layer”.
UplinkFast is enabled globally and for all VLANs on the switch.

(more…)