Virtual Enterprise Network
Architecture
Johnny Hermansen, Avaya
Võrguvara Kevad Summit 2011
Challenges and Drivers
Reduce Cost & Improve Time-to-Service
Making IT more efficient
Effectively supporting business initiatives
Application team & network team coordination
Allow IT the ability to simply say “yes”
Future-proof infrastructure
Eliminating network re-designs
IT as the enabler and not the inhibitor
Consolidation & explosion of content brings heightened visibility & risk
Bigger Data Centers demand improved operational efficiency
More application and added complexity drives cost up
There is an obvious need to simplify without compromising
© 2010 Avaya Inc. All rights reserved.
2
Is your network ready..?
The Private Cloud
Better time-to-service with less complexity
Virtual
Enterprise
Network
Architecture
Virtualized Data Center Backbone
Operational efficiencies and flexibility
Campus Network Virtualization
Best effort moving to real-time ready
© 2010 Avaya Inc. All rights reserved.
3
Avaya VENA Components
Virtual Service Networks
• Mapping of Services to unique virtual networks
• Supports L2 VLANs, plus L3 Routing & VRFs
• Simplifies provisioning & incorporates policy
Virtual Services Fabric
• Built on enhanced IEEE Shortest Path Bridging
• Resiliency, simplicity & consistent interconnect
• Transparently co-existing Services
Products &Tools
• New Data Center Modular & Fixed platforms
• Also integrates existing platforms
• Enhanced tools for virtualization management
© 2010 Avaya Inc. All rights reserved.
4
Functional Model
Business
Applications
Next-Generation
Collaboration
Disruptive
Technologies
Virtual Service Network
Virtual Service Network
Virtual Service Network
Configuration, Orchestration, Performance, & Flow Management
Access Control
Virtual Services
Platforms
Virtual Service Networks
Virtualization
Provisioning
Service
Ethernet Routing
Switches
Unified
Communications
Compute
Storage
Virtual Service Network
Virtual Service Network
© 2010 Avaya Inc. All rights reserved.
5
VENA for the Data Center
© 2010 Avaya Inc. All rights reserved.
6
Avaya VENA for the Data Center
Virtual Services Fabric deployed
within and between Data
Centers creating the Private
Cloud infrastructure
 Data Center Consolidation
DC1
VSN
DC2
 Workload Mobility
 Bandwidth of 10 Gigabit and Beyond
 Simple & Efficient Provisioning
Servers are dual-homed
for active/active
connectivity
© 2010 Avaya Inc. All rights reserved.
Virtual Service Networks
provide secure connectivity
with one touch provisioning
7
Avaya’s Proven Data Center Solution
Dual Horizontal
Stacks of ToR
Switches
DC1
DC2
Network Core
Layer
Compute
Access Layer
Compute
Infrastructure
© 2010 Avaya Inc. All rights reserved.
Dual-homed Server
connections
Extending the Virtual Services Fabric
Virtual Services
Fabric extends to
ToR Switches
Dual-homed
connections
remain
9
© 2010 Avaya Inc. All rights reserved.
Empowering Virtual Service Networks
Virtual Service Network
Virtual Service Network
UNMATCHED
SIMPLICITY
10
© 2010 Avaya Inc. All rights reserved.
Extending the Virtual Services Fabric
© 2010 Avaya Inc. All rights reserved.
11
Virtualization Services
Layer 2 Virtual Services Network
Virtual Services Network
Mapping of a Layer 2 VLAN into a Virtual Service Network
delivering seamless Layer 2 extensions
Layer 3 Virtual Services Network
Virtual Services Network
Mapping of a Layer 3 VRF into a Virtual Service Network
delivering seamless Layer 3 extensions
Inter-VSN Routing
Virtual Services Network
Enhancing 802.1aq by offering a policy-based Layer 3
internetworking capability of multiple Virtual Service Networks
Virtual Services Network
IP Shortcuts
Native IP routing across the Virtual Services Fabric without
the need for Virtual Services Networks or any additional IGP
© 2010 Avaya Inc. All rights reserved.
VLAN
VLAN
12
Avaya VENA for the Campus
Campus
Core
Distribution
(optional)
Server
DC1
DC2
Server
 Extending the Private Cloud
 Secure Traffic Separation
 Authentication for Access Control
 Delivering the Network-as-a-Service
© 2010 Avaya Inc. All rights reserved.
13
Why extend VENA into the Campus..?
Simplify Configuration & Management
Efficient service activation – free of error & delay
Optimized Traffic Separation
Ensure regulatory compliance & multi-tenant partitioning
Delivering Network-as-a-Service
Creating the only optimized end-to-end Cloud architecture
© 2010 Avaya Inc. All rights reserved.
14
Existing Network Architectures
 Avaya: Switch Clustering using Split Multi-Link Trunking
 Competitors: Spanning Tree and/or Layer 3
Server
Access
Data Center
Core
Campus
Core
Distribution
Edge
Server
Today’s networks are not optimized for
virtualized content delivery (VDI,
Cloud)…
© 2010 Avaya Inc. All rights reserved.
 VENA streamlines service delivery,
provides traffic separation, and
virtualizes network delivery
15
Extending Virtualization to the Campus
Layer 2 Edge VLANs map
into the Virtual Service
Networks at the Fabric
edge
Server
Access
Data Center
Core
Campus
Core
Distribution
Edge
Server
Virtual Service Fabric
extended from the Data
Center into the Campus
© 2010 Avaya Inc. All rights reserved.
Layer 2 SMLT from the
Edge provides
active/active connectivity
16
Extending Virtualization to the Campus
Default VLAN/VSN provides initial Network Access control assigns User to
Mapping of VLANs to VSNs
connectivity for network allocation the appropriate Departmental VLAN
Server
Access
VLAN
Data Center
Core
Application VSN
VLAN
Campus
Core
Departmental VSN
Surveillance
Default VSN
VSN
Distribution
Edge
VLAN
VLAN
Server
VLAN
Application VSN
Departmental VSN
VLAN
Controlling access between UserExample
and
of a sole-use end-to-end
Application VSNs
Application VSN
© 2010 Avaya Inc. All rights reserved.
17
Example: Multi-tenant Networks
Layer 3 Virtual Services Network
Mapping of a Layer 3 VRF into a Virtual Services Network
delivering seamless Layer 3 extensions
Virtual Services Network
Business Requirement
 Provide campus infrastructure to
support multiple different customers
(airport, education, government, etc.)
 Maintain traffic separation between
customers for data integrity and security
 Offer dynamic network to accommodate
geographic location changes for
network connectivity
 Share common resources where
applicable (i.e. unified communications)
© 2010 Avaya Inc. All rights reserved.
18
Example: Multi-tenant Networks
The complexities we have to deal with today...
Application VLAN with IGP
configured for routing
capabilities
Compute
Access
VLAN
VLAN
Dual Core IGP VLANs and RSMLT for best
resiliency and fast failover/recovery
Data Center
Core
Campus
Core
Distribution
Layer
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
User VLANs with IGP
configured for routing
capabilities
Access
Layer
VRF Configuration
IGP Configuration
iBGP Peering
MPBGP
Route Targets
Route Distinguishers
© 2010 Avaya Inc. All rights reserved.
19
Example: Multi-tenant Networks
 VRFs create traffic separation which is maintained through VSN
 Layer 3 VRF extension across the Virtual Services Fabric
 Use of shared services becomes simple and efficient
Blue Departmental Virtual
Services Network
Green Departmental
Virtual Services Network
VRF Configuration
VRF to VSN Mapping
© 2010 Avaya Inc. All rights reserved.
20
Unified Fabric / Storage Networks
© 2010 Avaya Inc. All rights reserved.
21
Trend: Ethernet wins
iSCSI
Ethernet 100M
1G
10G
40G/100G
FCoE
FC
1G
1996
2G
1998
2000
4G
2002
2004
2006
8G
2008
16G
2010
2012
32G?
2014
2016
 Infrastructure will migrate to Ethernet – irrespective of iSCIC and FCoE
Source: iSCSI Primer – Ethernet Alliance
© 2010 Avaya Inc. All rights reserved.
22
VENA - Storage Transport
 Existing solutions for:
– Internet Small Computer System
Interface (iSCSI)
– Network Attached Storage (NAS)
– ATA over Ethernet (AoE)
 Simple, scalable, ubiquitous, and
– crucially – available today
Virtual
Service
Network
 Segregation of Storage traffic to
unique Virtual Service Networks
Virtual Data Center
© 2010 Avaya Inc. All rights reserved.
23
Fibre Channel over Ethernet (FCoE)
simplified view
VN_port
VF_port
10GE
Host
Lossless
Ethernet
Network
10GE
Fiber Channel
Forwarder
 Lossless transport is required
© 2010 Avaya Inc. All rights reserved.
24
iSCSI
simplified view
10GE
10GE
TCP/IP
Disk array
Host
Network
 Will benefit from lossless Ethernet
 But no requirement!
© 2010 Avaya Inc. All rights reserved.
25
ATA over Ethernet (AoE)
simplified view
1G/10GE
Ethernet
1G/10GE
Disk array
Host
Network
 Will benefit from lossless Ethernet
 But no requirement!
© 2010 Avaya Inc. All rights reserved.
26
Data Center Bridging / Lossless
Ethernet
Lossless
Ethernet
Fiber Channel
Forwarder
Host
Network
 Priority based Flow Control - PFC (802.1Qbb) - Draft
 Enhanced Transmission Selection - ETC (802.1Qaz) - Draft
 Congestion Notification – CN (802.1Qau) – Approved standard
© 2010 Avaya Inc. All rights reserved.
27
Congestion Notification
© 2010 Avaya Inc. All rights reserved.
28
Priority based Flow Control
© 2010 Avaya Inc. All rights reserved.
29
Bridging) environment. Using priority-based processing and bandwid
traffic classes within different traffic types such as LAN, SAN, IPC, an
configured to provide bandwidth allocation, low-latency, or
characteristics.
Enhanced Transmission Selection
© 2010 Avaya Inc. All rights reserved.
30
FC vs FCoE vs iSCSI
 Protocol efficiency:
 When using jumbo frames iSCSI has
the best protocol efficiency
 Throughput:
 10GbE iSCSI, FCoE, and 4 Gb FC
 Application throughput limited to 4 Gb
 10GbE NIC with iSCSI offload for
iSCSI traffic
 10GbE CNA for FCoE traffic
 4 Gbps FC HBA for Fibre Channel
traffic
© 2010 Avaya Inc. All rights reserved.
Source: Dell 31
FC vs FCoE vs iSCSI
© 2010 Avaya Inc. All rights reserved.
Source: iSCSI Primer – Ethernet Alliance 32
Technology
Brief overview
© 2010 Avaya Inc. All rights reserved.
33
IEEE 802.1ah PBB & SPBm Frame Format
Ethernet frame encapsulated in
SPB Ethernet frame
Ethernet frame
PC1 to S1
Ethernet frame
PC1 to S1
PC1
No end-user MAC learning
© 2010 Avaya Inc. All rights reserved.
DMAC
SMAC
VLAN TAG
Payload
B-DA
B-SA
B-VID
I-SID
DMAC
SMAC
VLAN TAG
C-Payload
DMAC
SMAC
VLAN TAG
Payload
payload
S1
End-user MACs are hidden behind Backbone MAC header, thus
Core network does not see any “edge” MAC addresses
Transport framing
SPB & TRILL Lookup Compared
TRILL
Host X
X
Host Y
MAC Z
Rbridge A
TRILL Nickname
TA
FCS
Payload
MAC C
MAC B
Router B
X | Y
TA | TE
Z | B
Inner-Eth
TRILL
Outer-Eth
FCS’
Payload
MAC N
MAC D
Payload
X | Y
TA | TE
Inner-Eth
TRILL
C | D
Outer-Eth
MAC I
Router D
Router C
FCS’’
MAC H
MAC F
Rbridge E
TRILL Nickname
TE
X | Y
TA | TE
N | F
Inner-Eth
TRILL
Outer-Eth
FCS’’’
Payload
X | Y
TA | TE
Inner-Eth
TRILL
Y
Eth
H | I
Outer-Eth
Shortes Path
Bridging / Avaya
Route Lookup
Host X
Host Y
X
SPB A
PLSB C
PLSB B
FCS
X | Y
Payload
PLSB D
SPB E
A | E
Eth
SPB is much simpler, lower cost, OAM transparent Solution
35All rights reserved.
© 2010 Avaya Inc.
Y
The Current State of Affairs with STP
A
root
In distributed
manner, decide
X who is root and
what shortest
path to root is.
X
X
D
The STP protocol distributes bridge PDUs (BPDUs) to compute
a single spanning tree. Ports not on the tree are blocked and not used
for multicast traffic. Unknown destinations are broadcast, and
reverse learning used to build forwarding tables.
© 2010 Avaya Inc. All rights reserved.
Results in Inefficient forwarding
•Traffic often not on shortest path (its on tree).
Eg (A=>D) traffic.
A
root
A->
A->
X
X
A
<-A
X
D
•Many links go unused or underutilized
•Result is that physical networks tend to resemble trees
© 2010 Avaya Inc. All rights reserved.
SPB’s approach (As a replacement to STP)
Use shortest path first tree rooted at each node as its own private
multicast tree.
A
B
R
G
D
•For example. R,G,B now have individual trees.
•Interior nodes now must know who originated packet to know what tree
it should be placed
•Interior nodes therefore see one tree per bridge in network.
© 2010 Avaya Inc. All rights reserved.
The Basics of How SPBm Works
1. Discover network topology
•
•
IS-IS natural L2 routing protocol
Hierarchy built in for scaling
2. IS-IS nodes automatically build
trees from themselves to all nodes:
Important properties:
•
Shortest path tree based on link metrics
•
No blocked links
•
RPFC to eliminate loops
•
Symmetric datapath between any two
nodes provides closed OAM system
•
unicast path now exists from every
node to every other node
3. Use IS-IS to advertise new services
communities of interest
•
Floods topology, MAC and ISID
information to network
ISIS
ISIS
CREATE
ISID=100
Vlan 20
ISIS
ISIS
100
100
100ISIS
100ISIS
100
100
100
ISIS
100
100
ISIS
ISIS
Vlan 33
100
ISIS
ISIS
Vlan 20
4. When nodes receive notice of a
new service AND they are on the
shortest path, update FDB
•
ISID/Service specific entries
© 2010 Avaya Inc. All rights reserved.
39
The Basics of How SPBm Works
1. Discover network topology
•
•
IS-IS natural L2 routing protocol
Hierarchy built in for scaling
2. IS-IS nodes automatically build
trees from themselves to all nodes:
Important properties:
•
Shortest path tree based on link metrics
•
No blocked links
•
RPFC to eliminate loops
•
Symmetric datapath between any two
nodes provides closed OAM system
•
Unicast path now exists from every
node to every other node
ISIS
ISIS
ISIS
ISIS
CREATE
ISID=100
Vlan 20
ISIS
ISIS
ISIS
ISIS
ISIS
3. Use IS-IS to advertise new services
communities of interest
•
Floods topology, MAC and ISID
information to network
Vlan 33
ISIS
ISIS
Vlan 20
4. When nodes receive notice of a
new service AND they are on the
shortest path, update FDB
•
ISID/Service specific entries
© 2010 Avaya Inc. All rights reserved.
40
The Basics of How SPBm Works
1. Discover network topology
•
•
IS-IS natural L2 routing protocol
Hierarchy built in for scaling
2. IS-IS nodes automatically build
trees from themselves to all nodes:
Important properties:
•
Shortest path tree based on link metrics
•
No blocked links
•
RPFC to eliminate loops
•
Symmetric datapath between any two nodes
provides closed OAM system
•
Unicast path now exists from every node to
every other node
ISIS
ISIS
ISIS
ISIS
CREATE
ISID=100
Vlan 20
ISIS
ISIS
ISIS
3. Use IS-IS to advertise new
services communities of interest
•
Floods topology, MAC and ISID
information to network
ISIS
ISIS
Vlan 33
ISIS
ISIS
Vlan 20
4. When nodes receive notice of a
new service AND they are on the
shortest path, update FDB
•
ISID/Service specific entries
© 2010 Avaya Inc. All rights reserved.
41
Summary of VENA Services
8600C
8600G
8600D
Tester
Native IP
Shortcut
Tester
vlan 13
10.0.13.0/24
GRT (over native IS-IS)
vlan 14
10.0.14.0/24
L2VSN
vlan 10
I-SID 12990010
vlan 10
L2VSN
vlan 9
I-SID 12990009
vlan 19
Inter-VSN
vlan 11
10.100.11.0/24
I-SID 12990011
vlan 11
I-SID 12990012
vlan 12
vlan 12
10.100.12.0/24
L3VSN
vlan 101
10.1.101.0/24
I-SID 13990001
vlan 102
10.1.102.0/24
L3VSN
vlan 201
10.2.201.0/24
I-SID 13990002
vlan 202
10.2.202.0/24
L2VSN +
L3VSN
vlan 51
10.5.51.0/24
IPVPN-Lite vlan 401
10.4.41.0/24
over© SPB
2010 Avaya Inc. All rights reserved.
I-SID 12990051
vlan 51
I-SID 13990005
BGP IPVPN-Lite
vlan 52
10.5.52.0/24
vlan 402
10.4.42.0/24
The Products
© 2010 Avaya Inc. All rights reserved.
43
Resilient Architecture
 Dual Active/Active Switch
Fabric/CPU design
– Maximises switching capacity
– CPUs operate in Online/Standby
Interface Module
connections load-shared
across Switch Fabric
Modules
All resources are actively
utilised, maximising return
on investment
mode with optional High Availability
 Stateful sub-second fail-over
– Layer 2 MAC Tables, VLANs, SMLT,
802.1X, L2 Multicast
– Layer 3 RSMLT, RIP, OSPF, VRRP,
IP Filters
 Hitless downtime during Software
upgrades
Hot-swappable
components for simplified
maintenance
44
© 2010 Avaya Inc. All rights reserved.
Virtual Services Platform 9000
Fully redundant hardware with
no single point-of-failure
– Hardened Data Center
operating system
– Instantaneous re-route
Efficient Layer 2 & 3 network
virtualization
Delivers very high-density
10GbE today
– Future-ready for a seamless
evolution to 40/100 Gigabit
& Lossless
– 8.4 Tbps architecture that
scales up to 27 Tbps
© 2010 Avaya Inc. All rights reserved.
Versatile & futureready platform
that scales to
support 40/100G
Mid-Plane design
optimizes Data
and Control plane
utilization
Virtual
Enterprise
Network
Architecture
Data Center
hardware &
operating system
High-density I/O
Modules,
independent
Processors & Fabrics
45
Virtual Services Platform 7000
 Versatile fixed-format platforms
– 24 port and 48 port versions
Virtual
Enterprise
Network
Architecture
Versatile & futureready platform
that scales to
support 40/100G
Data Center
hardware &
operating system
Flexible MDA
options: 10G, 40G,
100G, Fibre
Channel
Integrated multiTerabit Stacking,
field-replaceable
PSU & Fans
 Data Center-grade hardware
– Reversible front/back or back/front
cooling
– Fiber-based Stacking for unrivalled
deployment flexibility
 Data Center-grade operating
system with extensible
functionality
–
–
–
–
DCB/CEE “FCoE-ready”
Shortest Path Bridging
Edge Virtual Bridging
IEEE-based OA&M
© 2010 Avaya Inc. All rights reserved.
46
Configuration & Orchestration
 Enhancement to existing
offering with addition of Virtual
Services Manager
 Centralized provisioning of the
Virtual Service Fabric & Virtual
Service Networks
Virtual
Enterprise
Network
Architecture
Virtual Services
Fabric
Virtual Service Network
 Simplifies configuration of
Shortest Path Bridging
infrastructure
 Wizards to guide Users step-bystep, streamlining provisioning
& reducing the human error
factor
Integrated into the Unified
Management Environment
© 2010 Avaya Inc. All rights reserved.
47
Simplification & Automation
Virtual
Enterprise
Network
Architecture
 Empowering network
orchestration through integrated
and automated workflows
Virtual Service Network
 Automating rule-based
adds/moves/changes of network
virtualization based upon server
provisioning
 Default Gateway Mobility, via
VPS (especially relevant to/for
Workload Mobility)
© 2010 Avaya Inc. All rights reserved.
Open API
 Unifying the provisioning of
network virtualization with
server virtualization, for
simplified adds/moves/changes
48
© 2010 Avaya Inc. All rights reserved.
49