BRKDCT 3060 DC Interconnect

2012 Cisco and/or its affiliates. All rights reserved.
BRKDCT-3060 Cisco Public

Deployment Considerations
with Interconnecting Data Centers
BRKDCT-3060
Hernan Vukovic - Consulting Systems Engineer
2
2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-3060 Cisco Public
The main goals of this session are:
! Highlighting the main business requirements driving
Data Center Interconnect (DCI) deployments
! Understand the functional components of the holistic
Cisco DCI solutions
! Get a knowledge of Cisco LAN and SAN extension
technologies and associated deployment
considerations

Session Objectives

Agenda
! Distributed Data Center & Cloud evolution overview
! Data Center Interconnect Design Considerations
! Storage Extension
! LAN Extension
Ethernet Based
IP Based
! Network Services and Applications
! Conclusions
DCI
Drivers Business Solution Constraints IT Technology
Business
Continuity
" Disaster Recovery
" HA Framework
" Stateless
" Network Service Sync
" Process Sync
" GSLB
" Geo-clusters
" HA Cluster
Operation Cost
Containment
" Data Center Maintenance /
Migration / Consolidation
" Host Mobility " Distributed Virtual
Data Center
Business
Resource
Optimization
" Disaster Avoidance
" Workload Mobility
" VLAN Extension
" Statefulness
" Bandwidth & Latency
" VM Mobility
Cloud Services
" Inter-Cloud Networking
" XaaS
" Flexibility
" Application mobility
" VM Mobility
" Automation
! Data Centers are extending beyond traditional
boundaries
! Virtualization applications are driving DCI across PODs
(aggregation blocks) and Data Centers
Data Center Interconnect
Business Drivers
DCI Function Purpose
Storage Extensions Providing applications access to storage locally, as well as remotely with desirable storage attributes
LAN Extensions Extend same VLAN across Data Centers, to virtualize servers and applications
Inter-DC Routing Provide routed connectivity between data centers (used for L3 segmentation/virtualization, etc.)
Path Optimization Routing users to the data center where the application resides while keeping symmetrical routing in
consideration for IP services (e.g. Firewall)
!"#" %&'#&( )'#&(*+''&*# ,!%)-
Soluuon ComponenLs
.
/
(
#
0
"
1
/
2
"
3
+
'
4
5
5
1
/
*
"
3
+
'
6

7
4
8

9
:
#
&
'
6
/
+
'
6
;
#
+
(
"
<
&

9
:
#
&
'
6
/
+
'
6
)
=

>
+
0
3
'
<

"
'
?

)
=

;
&
(
@
/
*
&

%
+
'
6
/
?
&
(
"
3
+
'
6

MPLS
IP Core
DC 1
DC 2
ESX-A source ESX-B target
!"#" %&'#&( )'#&(*+''&*#
SAn LxLenslon
! Synchronous lmplles sLrlcL dlsLance llmlLauon
! Locallzauon of Acuve SLorage ls key
# ulsLance can be lmproved uslng lC acceleraLor or cachlng
# vlrLual Lun ls allowlng Acuve/Acuve
2012 Cisco and/or its affiliates. All rights reserved. BRKDCT-3060 Cisco Public 8
uC1 uC2 uC3
S1
domaln
S1
domaln
S1
domaln
Si Si Si Si Si Si Si Si
ALT GW ALT ALT GW GW
aLh Cpumlzauon
uual-Pomlng
SLorage exLenslon
Any Lype of llnks
S1 uomaln lsolauon + SLorm-conLrol
LAN Extension Model
Ethernet
MPLS
IP
Over dark fiber or protected D-WDM
$ VSS & vPC
! Dual site interconnection
$ FabricPath (TRILL)
MPLS Transport
$ EoMPLS
! Transparent point to point
$ A-VPLS
! Enterprise style MPLS
$ H-VPLS
! Large scale & Multi-tenants

IP Transport
$ OTV
! Enterprise style Inter-site MAC Routing
$ VXLAN
! Intra-site MAC bridging in total virtualized context
LAN Extension for DCI
Technology Selection Criteria
DC 1
DC 2
!"#" %&'#&( )'#&(*+''&*#
aLh Cpumlzauon
A53+'6
! Lgress
# Addressed by lP8 lllLerlng
! lngress:
1. unS redlrecuon wlLh ACL/CSS
2. 8ouLe PealLh ln[ecuon (8Pl)
3. LlS

! 1yplcally Acuve/SLandby ClusLer fallover, lallure Lransfers SLorage ownershlp
! lnLer-server hearLbeaLs, sLaLus & conLrol synchronlzed Lhrough prlvaLe neLwork as well as vl clusLer Lhrough Lhe publlc neLworks
8equlres Layer 2 paLh beLween hosLs
! CllenL reconnecuon LransparenL - shared l address % Layer 2 musL be exLended"
Cluster Application such as
! Microsoft MSCS
! VMware Cluster
! Veritas Cluster
! Oracle RAC
! .
!(/@&( B C06/'&66 %+'3'0"'*&
Plgh AvallablllLy ClusLers - Local
Heartbeat 1
SAN A
SAN B
Cluster VIP
Enterprise
Core
Active Standby
Heartbeat 2
Extended LAN
Extended SAN
! vMachlne process mlgrauon lncreases appllcauon avallablllLy
! LAn & SAn requlre Layer 2 paLh Lo malnLaln user sesslons durlng mlgrauon
DC 1
DC/POD
ESXi-A source
ESXi-B target
D+(E1+"? F+G/1/#H I+( !/6"6#&( 4@+/?"'*&
uynamlc MovemenL of vlrLual Machlnes/vMs
Agenda
! Storage Extension
! LAN Extension
Ethernet Based
IP Based
! Conclusions
Business Continuity / Disaster Recovery Options
! Offsite tape vaulting
! Backup tapes transported to offsite
location by truck
! Electronic vaulting
! Transmission of backup data to offsite
location
! Remote disk replication
! Continuous copying of data to offsite
location
! Cold site
! Transfer data from offsite location to
new data center
! Duplicated hot site
! Replicate data remotely, ready for
operational resumption
! Application sensitivity to delay
! Synchronous vs. asynchronous
! Distance requirements
! Propagation delays , at least 5 s
per Km.
! Service availability at a customer
site
! Tag onto existing facilities or new
install
! Bandwidth requirements
! Total cost of ownership
! Equipment Cost v/s Cost of
downtime
ueslgn 1echnology Soluuons 1haL 8alance:
Appllcauon / rocess 8ecovery Cb[ecuves (8C and 81C)
ulsLance - WhaL ls your 1reaL 8adlus"?
uaLa/SLorage CapaclLy and 8andwldLh requlremenLs
Appllcauon erformance vs 8lsk vs CosL
rlmary
uaLa CenLer
(PC)
Secondary
uaLa CenLer
u8 laclllLy
(Cwned/Leased)
locol
<5km
Metto
< 200km
keqloool
> 200km
Data Resilience
Balancing the requirements
RTO / RPO
! Synchronous Data replication: The Application receives the acknowledgement for I/O complete when both
primary and remote disks are updated. This is also known as Zero data loss data replication method (or Zero
RPO)
! Metro Distances (depending on the Application can be 50-300kms max)
! Asynchronous Data replication: The Application receives the acknowledgement for I/O complete as soon as
the primary disk is updated while the copy continues to the remote disk.
! Unlimited distances

J

K

L

M

J

L

K
Synchronous
Data Replication
Asynchronous
Data Replication
;48 9:#&'6/+'
Synchronous vs. Asynchronous uaLa 8epllcauon
7/N/#&? GH A53*6 ,=+O&( C0?<&#-
SAN Extension Technology Options
!"(E P/G&(
%D!F
!D!F
;A89QR;!S
!"#" %&'#&(
%"N506 F&#(+ >&</+'"1 8"3+'"1
)'*(&"6/'< !/6#"'*&
;H'*
;H'* ,JTKTMUG56-
;H'* ,JTKUG56 V 60G("#&-
46H'* ,D48TJUG56- F!;WXXX P%)=
7/N/#&? GH A53*6 ,=+O&( C0?<&#-
7/N/#&? GH CCY%(&?/#6
A
5
3
*
"
1
)
=

;H'* ,JTKTMTJXUG56 5&( !-
;H'* ,F&#(+ 9#Z-
46H'*
U1+G"1
! Speed of Light is about 300000 Km/s
! Speed is reduced to 200000 Km/s # 5 s per Km
! That gives us an average of 1ms for the light to cross 200 Kms of fiber
! Synchronous Replication: SCSI protocol (FC) takes a four round trips
! For each Write cmd a two round trips is about 10 s per kilometer
# 20s/km for 4 round trips for Synch data replication
1
2
1
2
Local SLorage Array 8emoLe SLorage Array
230 s : 8ec_8eady ?
230 s : WalL for response?
230 s : Send daLa
230 s : WalL for Ack?
50 Kilometers 1ms
;H'*Z(+'+06 !"#" >&51/*"3+'
neLwork LaLency
Extending Optical SAN Extension
FibreChannel Frame Buffering
Buffer to buffer credits (BB_Credit) are negotiated between each device in a
FC fabric; no concept of end to end buffering
One buffer used per FC frame, irregardless of frame size; small FC frame uses same
buffer as large FC frame
FC frames buffered and queued in intermediate switches
Hop-by-hop traffic flow paced by return of Receiver Ready (R_RDY) frames; can only
transmit up to the number of BB_Credits before traffic is throttled
P% >&*&/@&
C0[&(6
Q("\* P1+O
CCY%(&?/#
P1+O %+'#(+1
P% >&*&/@&
C0[&(6
K]^ CCY%(&?/# J_]K`` CCY%(&?/# K]^ CCY%(&?/#
CCY%(&?/#
P1+O %+'#(+1
CCY%(&?/#
P1+O %+'#(+1
J_ aN
J UG56 P%
M UG56 P%
bc EN 5&( P("N&
bK EN 5&( P("N&
Extending Optical SAN Extension
BB_Credits and Distance
K UG56 P%
bJ EN 5&( P("N&
^ UG56 P%
bd EN 5&( P("N&
! BB_Credits are used to ensure enough FC frames in flight
! A full (2112 byte) FC frame is approx 2 km long @ 1 Gbps, 1 km long
@ 2 Gbps and ! km long at 4 Gbps
! As distance increases, the number of available BB_Credits need to increase as well
! Insufficient BB_Credits will throttle performanceno data will be transmitted until R_RDY is
returned
DC 1
DC 2
Core Network
Virtual Center
L2 extension for VMotion Network
Target
Volumes
Initiator
;#+("<& !&51+HN&'# /' !%)
Cpuon 1 - Shared SLorage
Core Network
DC 1
DC 2
Virtual Center
L2 extension for VMotion Network

Improve Latency using Cisco Write Acceleration
feature on MDS Fabric
;#+("<& !&51+HN&'# /' !%)
Shared SLorage lmprovemenL uslng Clsco lCA
Synchronous replcation Latency requirements
bup.//www.clsco.com/eo/u5/solouoos/collotetol/osJ40/os517/os224/os8J6/wblte_popet_c11-557822.pJf
Agenda
! Storage Extension
! LAN Extension
Ethernet Based
IP Based
! Conclusions
WAN
L
3
L
3
Server Cabinet Pair 1 Server Cabinet Pair N Server Cabinet Pair 1 Server Cabinet Pair N
L
2
L
2
Si Si Si Si
Primary Root
Primary Root
On DCI Etherchannel:
! STP Isolation (BPDU Filtering)
! Broadcast Storm Control
! FHRP Isolation
! Link utilization with Multi-
Chassis EtherChannel
! DCI port-channel
- 2 or 4 links
! Requires protected
DWDM or Direct fibers
! vPC does not support L3 peering:
Use dedicated L3 Links for Inter-DC routing!
! Validated design:
200 Layer 2 VLANs + 100 VLAN SVIs
1000 VLAN + 1000 SVI (static routing)
interface port-channel10
desc DCI point to point connection
switchport
switchport mode trunk
vpc 10
switchport trunk allowed vlan 100-600
spanning-tree port type edge trunk
spanning-tree bpdufilter enable
storm-control broadcast level 1
storm-control multicast level x
Dual Site Interconnection
Leveraging EtherChannel between Sites
!0"1 ;/#&6 e6& %"6& ;0NN"(H
Clsco valldaLed ueslgn on Clsco.com

Test Case
Hardware
failure
Ucast
Hardware
failure
Mcast
Hardware
restore
Ucast
Hardware
restore
Mcast
Link
Failure
Ucast
Link
failure
Mcast
Link
Restore
Ucast
Link
Restore
Mcast
VSS-VSS <1.7 <2.3 <1.1 <2.8 <1.3 <1.2 <1.7 <1.2
VSS-vPC <1.3 <1.7 <2.0 <2.6 <1.2 <1.6 <1.5 <1.4
vPC-vPC <1.5 <1.6 <2.8 <2.5 <1.2 <0.2 <0.2 <0.2
FabricPath Simplicity to the Server team
! Benefits server team by providing a network Fabric that looks like a single switch " Breaks down silos,
permits workload mobility, provides maximum flexibility
! Lowers OPEX by simplifying server team operation " Reduces dependency on/interaction with network
team
Web Servers App Servers New Apps
Silo 1 Silo 2 Silo 3
Web Servers
App Servers
New Apps
labrlcaLh - Any App, Anywhere! Mulu-uomaln - Sllos
Fabric
! Ingress FabricPath switch determines destination Switch ID and imposes FabricPath header
! Destination Switch ID used to make routing decisions through FabricPath core
! No MAC learning or lookups required inside core
! Egress FabricPath switch removes FabricPath header and forwards to CE
STP
FabricPath Core
" FabricPath interface

" CE interface
STP
MAC A MAC B
S10 S20
DMAC"B
SMAC"A
Payload
Ingress FabricPath
Switch
Egress FabricPath
Switch
DMAC"B
SMAC"A
Payload
DSID"20
SSID"10
DMAC"B
SMAC"A
Payload
ISIS
FabricPath
Data Plane Operation
MAC C
FabricPath Core
MAC A
MAC B
FabricPath
MAC Table on S100
MAC IF/SID
A e1/1 (local)
B S200 (remote)
S100
S200
S300
FabricPath
MAC Table on S200
MAC IF/SID
A S100 (remote)
B e12/1(local)
C S300 (remote)
FabricPath
MAC Table on S300
MAC IF/SID
B S200 (remote)
C e7/10 (local)
FabricPath
Conversational MAC Learning
Site C
vPC+
! F1/F2 End to End for
optimal design
! Required point to point
connections
! Relies on Flooding for
Unknown Unicast traffic
! No current Broadcast
suppression
! L2 Multipath only for equal
cost path can be leveraged
(i.e. A&B or C&D)
! Conversational Mac
Learning
! Offer a full HA DCI solution
with Native STP Isolation
! Provides easy integration
with Brownfield DC
! Optimized using vPC+
Site A
Site B
vPC+
Classical
Ethernet
Cloud
Site D
vPC+
STP VSS
CE
Core FabricPath
FabricPath for DCI
Partial-Meshed Topology for different models of DC
Agenda
! Storage Extension
! LAN Extension
Ethernet Based
IP Based
! Conclusions
OTV is a MAC in IP technique to
extend Layer 2 domains
OVER ANY TRANSPORT
Protocol Learning
Built-in Loop Prevention
Preserve Failure Boundary
Site Independence
Automated Multi-homing
Dynamic Encapsulation
No Pseudo-Wire State
Maintenance
Optimal Multicast
Replication
Multipoint Connectivity
Point-to-Cloud Model
First platform to support OTV
(since 5.0 NXOS Release)
Nexus 7000
Now also supporting OTV
(since 3.5 XE Release)
ASR 1000
32
Overlay Transport Virtualization
Technology Pillars
OTV Control Plane

! Edge Device (ED): connects the site to the (WAN/MAN) core and responsible for
performing all the OTV functions
! Internal Interfaces: L2 interfaces (usually 802.1q trunks) of the ED that face the site
! Join Interface: L3 interface of the ED that faces the core
! Overlay Interface: logical multi-access multicast-capable interface. It encapsulates
Layer 2 frames in IP unicast or multicast headers
"#$
lnLernal
lnLerfaces
Core
7K 7L
!oln
lnLerface
Cverlay
lnLerface
#%&'()*%+
,'-%&(+%./+.%0
OTV OTV OTV OTV
MAC TABLE
VLAN MAC IF
100 MAC 1 Eth 2
100 MAC 2 Eth 1
100 MAC 3 IP B
100 MAC 4 IP B
MAC 1 # MAC 3
MAC TABLE
VLAN MAC IF
100 MAC 1 IP A
100 MAC 2 IP A
100 MAC 3 Eth 3
100 MAC 4 Eth 4
Layer 2
Lookup
6
IP A # IP B MAC 1 # MAC 3 MAC 1 # MAC 3
1'/&)
3
20/&)
3
MAC 1 # MAC 3
West
Site
30%40% 5
30%40% 6
East
Site
4
7
,7 8 ,7 9
1
IP A #IP B MAC 1 # MAC 3
OTV Data Plane
Inter-Site Packet Flow

34
IP A
IP
B

West
East
3 New MACs are
learned on VLAN 100
Vlan 100 MAC A
Vlan 100 MAC B
Vlan 100 MAC C
IP
C

South
VLAN MAC IF
100 MAC A IP A
100 MAC B IP A
100 MAC C IP A
4
OTV updates exchanged via
the L3 core
O
T
V

U
p
d
a
t
e

3
O
T
V

U
p
d
a
t
e

3
2
VLAN MAC IF
100 MAC A IP A
100 MAC B IP A
100 MAC C IP A
4
3 New MACs are
learned on VLAN 100
1
OTV Control Plane

! Neighbor discovery and adjacency over
Multicast (Nexus 7000 and ASR 1000)
Unicast (Adjacency Server Mode currently available with Nexus 7000 from 5.2 release)
! OTV proactively advertises/withdraws MAC reachability (control-plane learning)
! IS-IS is the OTV Control Protocol - No specific configuration required
33
OTV Failure Domain Isolation
Spanning-Tree Site Independence

! Site transparency: no changes to the STP topology
! Total isolation of the STP domain
! Default behavior: no configuration is required
! BPDUs sent and received ONLY on Internal Interfaces
7K
7L
OTV OTV
QZ& C=!e6
6#+5 Z&(&
QZ& C=!e6
6#+5 Z&(&
36
OTV Failure Domain Isolation
Preventing Unknown Unicast Storms

! No requirements to forward unknown unicast frames
! Assumption: end-host are not silent or uni-directional
! Default behavior: no configuration is required
7K
7L
OTV OTV
MAC TABLE
VLAN MAC IF
100 MAC 1 Eth1
100 MAC 2 IP B
- - -
MAC 1 # MAC 3
8+ F4% L /' #Z&
F4% Q"G1&
37
Remote OTV Device MAC
Table
VLAN MAC IF
100 MAC 1 IP A
101 MAC 2 IP B
! Automated and deterministic algorithm (not
configurable)
! In a dual-homed site:
Lower IS-IS System-ID (Ordinal 0) = EVEN VLANs
Higher IS-IS System-ID (Ordinal 1) = ODD VLANs
! Future functionality will allow to tune the behavior
OTV OTV
lnLernal peerlng for ALu
elecuon
49!
A!! .7486
49!
9.98 .7486
l 8 l A
SlLe Ad[acency*
Cverlay Ad[acency
OTV-a# show otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

VLAN Auth. Edge Device Vlan State Overlay
---- ------------------ ---------- -------
100 East-b inactive(Non AED) Overlay100
101* East-a active Overlay100
102 East-b inactive(Non AED) Overlay100
OTV-b# show otv vlan

OTV Extended VLANs and Edge Device State Information (* - AED)

VLAN Auth. Edge Device Vlan State Overlay
---- ------------------ ---------- -------
100* East-b active Overlay100
101 East-a inactive(Non AED) Overlay100
102* East-b active Overlay100
C1v-a C1v-b
38
OTV Multi-homing
VLANs Split Across AEDs

*Supported from 5.2 NX-OS release
OTV and MAC Mobility
OTV
49!
49!
OTV
OTV
OTV
F4% f
F4% f
F4% f
VM Moves
F4% f
OTV
F4% f
F4% f
49!
OTV
D&6#
D&6#
9"6#
OTV
OTV 9"6#
1
Server originates a
Gratuitous ARP (GARP)
frame
AED advertises MAC X with a
metric of zero F4% f
Au Jetects MAc \ ls
oow locol
F4% f
F4% f
F4% f
LSx
MAC X
LSx
LSx
LSx
MAC X
F4% f
2
2.3
2.2 2.1
OTV
49!
OTV
D&6#
49!
F4% f
49!
OTV
OTV 9"6#
F4% f
Au lo slte ost fotwotJs tbe
CAkl btooJcost ftome octoss
tbe ovetloy
49!
F4% f
F4% f
F4% f
LSx
Au lo slte west fotwotJs tbe
CAkl loto tbe slte ooJ tbe l2
swltcbes opJote tbelt cAM tobles
LSx
MAC X
F4% f
OTV and MAC Mobility
F4% f
49!
OTV
OTV
D&6#
49!
OTV
OTV
F4% f
F4% f
9"6#
F4% f
F4% f
LSx
LSx
MAC X
F4% f
us lo slte west see MAc \ oJvetusemeot wltb o beuet mettlc ftom slte ost ooJ
cbooqe tbem to temote MAc oJJtess.
2.4
2
3
3.1
3.2
F4% f
! Easy deployment for Brownfield
! L2-L3 boundary remains at aggregation
! DC Core devices performs L3 and OTV
functionalities
May use a pair of dedicated Nexus 7000
! VLANs extended from aggregation layer
L2 Octopus design
Recommended to use separate physical links for
L2 & L3 traffic
STP and L2 broadcast domains not isolated
between PODs (Aggregation Blocks)
vSS vC
vC
vC
vC
vSS
;.)6 ;.)6 ;.)6 ;.)6
;.)6 ;.)6 ;.)6 ;.)6
vC
vC
Placement of the OTV Edge Device
Option 1 - OTV in the DC Core with L3 Boundary at Aggregation

41
! The Firewalls host the Default Gateway
! No SVIs at the Aggregation Layer
! Requires at least a routed link between
Aggregation and Core (OTV Join
Interface)
No SVI supported as Join Interface

Aggregauon
Core
!&I
UDg
llrewall llrewall
"#$ "#$
!&I
UDg
7K
7L
Option 2 - OTV at the Aggregation with L2-L3 Boundary on External Firewalls

42
OTV and SVI Routing
Introducing the OTV VDC

! Guideline: The current OTV implementation on the Nexus 7000 enforces the
separation between SVI routing and OTV encapsulation for any extended VLAN
! This separation can be achieved with having two separate devices to perform
these two functions
! An alternative cleaner and less intrusive solution is the use of Virtual Device
Contexts (VDCs) available with Nexus 7000 platform:
A dedicated OTV VDC to perform the OTV functionalities
The Aggregation-VDC used to provide SVI routing support
Aggregation OTV
$2:
OTV
$2:
7K
7L
43
! L2-L3 boundary at aggregation
! DC Core performs only L3 role
! STP and L2 broadcast Domains
isolated between PODs
! Intra-DC and Inter-DCs LAN extension
provided by OTV
Requires the deployment of dedicated
OTV VDCs
! Ideal for single aggregation block
topologies
! Recommended for Green Field
deployments
Nexus 7000 required in aggregation
vC vC
;.)6 ;.)6 ;.)6 ;.)6
Option 3OTV in the DC Aggregation

44
"#$
$2:
"#$
$2:
7/'E]J 7/'E]K
=+J
8ha]4
8ha]C
7/'E]J
7/'E]L 7/'E]M
7/'E]K =+J
lbyslcol vlew
loqlcol vlew
AQ. .!% AQ. .!%
8ha]4
8ha]C
>+03'< .!%
7
/'
E
]L

>+03'< .!%
7
/'
E
]M

7"H&( L
7"H&( K
! May use a single physical link for Join and
Internal interfaces
Minimizes the number of ports required to
interconnect the VDCs
! Single link or physical node (or VDC)
failures lead to AED re-election
50% of the extended VLANs affected
! Failure of the routed link to the core is not
OTV related
Recovery is based on IP convergence
Single Homed OTV VDC
Simple Model

43
! Logical Port-channels used for the Join
and the Internal interfaces
Increases the number of physical interfaces
required to interconnect the VDCs
! Traffic recovery after single link failure
event based on port-channel re-hashing
No need for AED re-election
! Physical node (or VDC) failure still
requires AED re-election
In the current implementation may cause few
seconds of outage (for 50% of the extended
VLANs)

"#$
$2:
"#$
$2:
=+J
8ha]4
8ha]C
7/'E ` 7/'E h
=+J
lbyslcol vlew
loqlcol vlew
AQ. .!% AQ. .!%
8ha]4
8ha]C
7/'E6 J]K
7"H&( L
7"H&( K
7/'E6 L]M
>+03'< .!% >+03'< .!%
7
/'
E
`

7
/'
E
h

7/'E _
7/'E ^
7/'E6 J]K 7/'E6 L]M
7/'E ^
7/'E _
Dual Homed OTV VDC
Improving the Design Resiliency

46
** Could use sLauc defaulL rouLe or ospf sLub
Routing VDC
OTV VDC
hostname routing-vdc
!
interface Ethernet1/1
switchport
switchport trunk allowed vlan 100,600-700
!
ip address 3.3.3.1/24
ip router ospf 1 area 0.0.0.0
ip ospf passive-interface
ip pim sparse-mode
ip igmp version 3
!
ip pim rp-address 33.33.33.33 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
hostname otv-vdc
feature otv
!
otv site-vlan 100
!
description Internal Interface
switchport
!
description Join Interface
ip igmp version 3
!
interface Overlay100
otv join-interface Ethernet2/2
otv control-group 239.1.1.2
otv data-group 232.1.1.0/24
otv extend-vlan 600-700
!
ip route 0.0.0.0 0.0.0.0 3.3.3.1
N7K-Agg1 N7K-Agg2
&JRJ &JRK
&KRK &KRJ
L3 Link
L2 Link
Routing VDC Routing VDC
"#$
$2:
"#$
$2:
Establish L3 peering
on a dedicated VLAN
PIM enabled interfaces
OTV in the DC Aggregation
Configuration (Multicast Transport)

47
Routing VDC
OTV VDC
hostname routing-vdc
!
switchport
!
ip router ospf 1 area 0.0.0.0
ip ospf passive-interface
hostname otv-vdc
feature otv
!
otv site-vlan 100
!
description Internal Interface
switchport
!
description Join Interface
!
interface Overlay100
otv join-interface Ethernet2/2
otv adjacency-server*
otv use-adjacency-server 10.1.1.1 11.1.1.1
otv extend-vlan 600-700
!
ip route 0.0.0.0 0.0.0.0 3.3.3.1
N7K-Agg1 N7K-Agg2
e1/1 e1/2
e2/2 e2/1
L3 Link
L2 Link
Routing VDC Routing VDC
OTV
VDC
OTV
VDC
Establish L3 peering
on a dedicated VLAN
* needed only on Lhe Ad[acency Server
OTV in the DC Aggregation
Configuration (Unicast Transport)

48
Agenda
! Storage Extension
! LAN Extension
Ethernet Based
IP Based
! Conclusions
L2 Links (GE or 10GE)
Layer 3 Core
ISP A
ISP B
Access
Agg
Access
Agg
DC A DC B
VLAN A
Public Network
Data-Base Front-End
DB
144.254.100.0/25 & 144.254.100.128/25
EEM or RHI can be used to get very granular
" Move the whole application tier
" Optimize the whole path:
! Client to Server
! Server to Server
! Server to Client
Server-Server
Path Optimization
Egress Path Optimization: Server-Client
Egress Path Optimization: Server-Client
Ingress Path Optimization:
Clients-Server
Path Optimization and DCI
Avoid Suboptimal Traffic Path After Workload Motion
30
V10 V20
HSRP
Active
HSRP
Standby
ARP for
HSRP VIP
ARP
reply
Filter HSRP
! Filter FHRP with combination of VACL or PACL
! Result: Still have one HSRP group with one VIP, but now have active router at each
site for optimal first-hop routing
Outbound Path Optimization
FHRP Filtering
HSRP
Active
HSRP
Standby
HSRP Hellos
HSRP Hellos
31
Ingress Routing Localization
Challenge
! Subnets are spread across locations
! Subnet information in the routing tables is not specific
enough
! Routing doesnt know if a server has moved between
locations
! Traffic may be sent to the location where the application is
not available

D&6#
9"6#
)'<(&66 Q("\* 7+*"1/2"3+'i
%1/&'# #+ ;&(@&( Q("\*
DCI LAN Extension
Hypervisor Hypervisor
A53+'6
! unS 8ased
1. unS redlrecuon wlLh ACL/CSS
! 8ouung 8ased
2. 8ouLe PealLh ln[ecuon (8Pl) / LLM+lSLA
3. LlS
VMotion - Primary Service in Left DC
GSS and ACE KAL-AP
7"H&( L %+(&
)'#("'&#
);= 4
);= C
4**&66
4<<
4**&66
VM= 10.1.1.100
Default GW = 10.1.1.1
!% 4 !% C
.748 4
144.254.1.100
KAL-AP Change IP
144.254.200.100
144.254.200.100
144.254.1.100
GSS
SNAT SNAT
k
A
L
-
A

o
n

v
l

1
k
A
L
-A
o
n
v
l

7"H&( L %+(&
)'#("'&#
);= 4
);= C
4**&66
4<<
4**&66
4<<
!% 4 !% C
.748 4
=0G1/* 8&#O+(E
Probe to
10.1.1.100
Failed
lS 10.1.1.100 Ck?
Detection of Movement of VM using ACE Probes Ingress Path Optimization
144.254.100.0/24
Backup for Data Center A
144.254.100.0/25 & 144.254.100.128/25
App VM = 10.1.1.100
2a
7"H&( L %+(&
)'#("'&#
);= 4
);= C
4**&66
4<<
4<<
!% 4 !% C
.748 4
=0G1/* 8&#O+(E
Probe to
10.1.1.100 is
OK
lS 10.1.1.100 Ck?
RHI
10.1.1.1 HSRP
Group 1
144.254.100.0/24
Backup for Data Centre A
144.254.100.0/25 & 144.254.100.128/25
App VM= 10.1.1.100
144.254.100.100/32 is advertised into L3 using RHI
10.1.1.1 HSRP
Group 1
2a
Detection of Movement of VM using ACE Probes Ingress Path Optimization
7"H&( L %+(&
)'#("'&#
);= 4
);= C
4**&66
4<<
4**&66
4<<
!% 4 !% C
.748 4
=0G1/* 8&#O+(E
IPSLA echo
to 10.1.1.100
Failed
lS 10.1.1.100 Ck?
Detection of Movement of VM using IPSLA + EEM Ingress Path Optimization
144.254.100.0/24
Backup for Data Center A
144.254.100.0/25 & 144.254.100.128/25
App VM = 10.1.1.100
2b
7"H&( L %+(&
)'#("'&#
);= 4
);= C
4**&66
4<<
4<<
!% 4 !% C
.748 4
=0G1/* 8&#O+(E
IPSLA echo
to 10.1.1.100
is OK
lS 10.1.1.100 Ck?
10.1.1.1 HSRP
Group 1
144.254.100.0/24
Backup for Data Centre A
144.254.100.0/25 & 144.254.100.128/25
App VM= 10.1.1.100
144.254.100.100/32 is advertised into L3 using EEM
10.1.1.1 HSRP
Group 1
2b
Detection of Movement of VM using IPSLA + EEM Ingress Path Optimization
VM= 10.10.10.1
Default GW = 10.10.10.100
VMotion
Ingress Routing Optimization with LISP
7"H&( L %+(&
)'#("'&#
);= 4
);= C
4**&66
4<<
4**&66
4<<
!% 4 !% C
.748 4
=0G1/* 8&#O+(E
Prefix Route Locator
10.10.10.1 A, B
10.10.10.2 A, B

10.10.10.5 C, D
10.10.10.6 C, D
loqtess 1oooel
IP_DA= A IP_DA = 10.10.10.1
C, D
A B
Decap
3
D C
Encap
2
IP_DA = 10.10.10.1
IP_DA 10.10.10.1
1
IP_DA= D IP_DA = 10.10.10.1
Decap
3
IP_DA = 10.10.10.1
3
Agenda
! Storage Extension
! LAN Extension
Ethernet Based
IP Based
! Conclusions
Data Center Interconnect - DCI Model
Connecting Virtualized Data Centers
L2 Domain Elasticity
- 748 9:#&'6/+'
V
M
-
M
o
b
ilit
y

VN-link
notifications
Path Optimization
- Optimal Routing
- Route Portability
Storage Elasticity
- SAN Extensions
L
A
N
E
x
te
n
s
io
n
s

OTV
OTV
OTV
OTV
! Sync or Async replication modes are driven by the applications, hence the
distance/latency is a key component to select the choice
! Localization of Active Storage is key
# Distance can be improved using IO accelerator or caching
# Virtual LUN is allowing Active/Active
! S1 lsolauon ls Lhe key elemenL
! MulupolnL
! Loop avoldance + SLorm-ConLrol
unknown unlcasL & 8roadcasL conLrol
! Llnk sLurdlness
! Scale & Convergence
Conslderauons
! neLwork and SecurlLy servlces deploymenL
! Server-CllenL llows
! Server-Server llows
aLh Cpumlzauon Cpuons
! Lgress
# Addressed by lP8 lllLerlng
! lngress:
# Addressed by CSS+ACL or 8Pl or LLM+lSLA or LlS
60
Where to Go for More Information
http://www.cisco.com/go/dci
http://www.cisco.com/en/US/netsol/ns749/networking_solutions_sub_program_home.html

61
Complete Your Online
Session Evaluation
! Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
! Receive 20 Passport points for each
session evaluation you complete.
! Complete your session evaluation
online now (open a browser through
our wireless network to access our
portal) or visit one of the Internet
stations throughout the Convention
Center.

Dont forget to activate your
Cisco Live Virtual account for access to
all session material, communities, and
on-demand and live activities throughout
the year. Activate your account at the
Cisco booth in the World of Solutions or visit
www.ciscolive.com.

62

BRKDCT 3060 DC Interconnect

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKDCT 3060 DC Interconnect

Uploaded by

Copyright:

Available Formats

2012 Cisco and/or its affiliates. All rights reserved.

BRKDCT-3060 Cisco Public

You might also like