MCT+Design+Options+and+Best+Practices+Guide+for+NetIron+
advertisement
MCT Design Options & Best Practices © 2012 Brocade Communications Systems, Inc 1 Single Level MCT • Active-active load balance in between servers and access switches • High Availability in link-level and switch-level redundancy • Fast failover in sub-second without Spanning tree protocol • Work with existing LACP and server trunk • Coexist with existing Spanning Tree based network for migration •© 2012 Dual-homed default gateway Brocade Communications Systems, Inc 2 Multi-tier MCT – Full Mesh MCT • Active-active load balance in between access and aggregation/core switches. • Full protection against failures in both upstream and downstream direction • Remove Spanning Tree Protocol from aggregation/core layer • Work with existing LACP © 2012 Brocade Communications Systems, Inc 3 Best Practice of Single Level MCT and Multi-tier MCT • ICL ports must be tagged member of session VLANs • ICL is preferably a LAG for link redundancy and higher bandwidth for packets cross ICL • If CCEP is 1GbE, ICL is preferably a 10G LAG. • If CCEP is 10GbE, ICL is preferably a 100G LAG • All member VLANs including MCT client must be running on ICL • Non-MCT VLAN from CEP can co-exist with client VLANs on ICL in MLXe • Slow failover mode is to prevent the port flapping on ICL • Topology is preferably in symmetry to avoid single point of failures • Number of clients, ports and VLANs must conform scalability formula • Exceeding the supported scalability may cause cluster in unstable forwarding • More clients can be added later without interrupting the traffic from existing clients with scalability enhancement © 2012 Brocade Communications Systems, Inc. 4 Best Practice of Single Level MCT and Multi-tier MCT • Fiber ports is preferable in low latency requirement in data center • Fiber ports converge faster than copper ports when link failure occurs. • Copper interfaces need more time to initialize • Port Loop Detection (PLD) is strongly recommended when the first time configuring MCT • Prevent the loops caused by mis-configuration • It is recommended to configure loop-detection shutdown-disble on ICL port if PLD is still enabled after deployment • The configuration will prevent ICL be shut down by PLD • CPU protection and VLAN hardware flooding is recommended if MCT is only in L2 domain • MCT control protocol and FDB synchronization requires CPU power intensively © 2012 Brocade Communications Systems, Inc. 5 Best Practice of Single Level MCT and Multi-tier MCT • Hitless failover and upgrade are not supported but compatible • During failover/upgrade, the MCT peer will be responsible for forwarding • After failover/upgrade, the MCT peer will synchronize the FDB database and reestablish MCT • PB and PBB are not supported on CCEP ports • It is recommended to configure the keep-alive VLAN in between two MCT nodes only and configure the VLAN for this purpose only • Only one VLAN can be configured as the keep-alive VLAN • If the cost of extra ports in two MCT nodes for keep-alive VLAN is a consideration, it is suggested to configure the keep-alive VLAN through one of uplinks to the L3 network • MCT control plane is capable of crossing continents • CCP is running by connection-oriented TCP protocol • Keep-alive timer: 300ms as hello timer, 900ms as down timer by default, routed packets from San Francisco and Tokyo is about 73 ms each way © 2012 Brocade Communications Systems, Inc. 6 Best Practice of Single Level MCT and Multi-tier MCT Client Isolation Mode MCT Master VRRP Master MCT ICL MCT Slave VRRP Backup SPF Keep Alive VLAN Routed Layer 3 Network MCT Master VRRP Master loop ICL MCT Slave VRRP Backup SPF Routed Layer 3 Network • Loose Client Isolation Mode is recommended to keep traffic forwarding when ICL fails • With keep alive VLAN in loose client isolation mode, MCT slave will block its client ports • Keep-alive VLAN is recommended with loose client isolation mode for preventing an unexpected l2 loop © 2012 Brocade Communications Systems, Inc. 7 Best Practice of Single Level MCT and Multi-tier MCT Client Isolation Mode (cont’) VRRP Master MCT ICL Routed Layer 3 Network VRRP Backup SPF • Strict Client Isolation Mode will isolate the client network when ICL fails • Regardless keep-alive VLAN, both MCT peers blocks client ports • Prevent the packets from a problem client network to populate into the whole network © 2012 Brocade Communications Systems, Inc. 8 Best Practice of MCT with VRRP/VRRP-E VRRP Master VRRP Master MCT MCT ICL VRRP Backup Routed Layer 3 Network ICL VRRP Backup SPF Routed Layer 3 Network • VRRP/VRRP-E is recommended as a default gateway of clients • IPv4 and IPv6 VRRP/VRRP-E (no SPF) are both supported with MCT • VRRP-E Short Path Forwarding (SPF) is recommended to prevent overloading ICL for layer 3 uplink • VRRP-e backup with SPF acts as a hidden VRRP-e master in terms of default gateway • IPv6 VRRP-E Short Path Forwarding is not supported © 2012 Brocade Communications Systems, Inc 9 Best Practice of MCT with VRRP/VRRP-E VRRP-E Master SPF enabled Back Hole MCT ICL VRRP-E Backup SPF enabled VRRP-E Backup SPF enabled L3 Uplink MCT L3 Uplink Routed Layer 3 Network ICL VRRP-E Master SPF enabled Routed Layer 3 L3 Uplink Network • When a Layer 3 uplink fails and routes to Layer 3 network are all learned from one uplink, the routed traffic may hit a black-hole situation routing regardless SPF is enabled or not • Configuring the Layer 3 uplink as VRRP/VRRP-E track port and track port priority can force VRRP/VRRP-E master failover, the MCT node without L3 uplink will forward traffic to the new VRRP/VRRP-E master with routes • The track port priority should be configured large enough to force VRRP/VRRP-E master failover when the Layer 3 uplink fails. • Adding IP interfaces to propagate the route from VRRP/VRRP-E backup to master is an alternative to solve the black-hole situation. © 2012 Brocade Communications Systems, Inc. 10 Best Practice of Routing with MCT IP subnet 3 IP subnet 4 IP subnet 2 VRRP Master MCT IP subnet 1 VRRP Backup SPF Routed Layer 3 Network • Before R5.4, routing occurs above default gateway • Routing with MCT is not supported on CCEP and ICL ports before R5.4 • Requires virtual router as default gateway, add another layer of routers for routing purpose • Packets can not route across ICL as shortest path routing • Support only IPv4 routing if VRRP-E short path forwarding is configured © 2012 Brocade Communications Systems, Inc 11 Best Practice of Routing with MCT IP subnet 3 IP subnet 4 IP subnet 2 MCT IP subnet 1 Routed Layer 3 Network • With R5.4, layer 3 routing can occurs on CCEP and ICL • Routing with MCT supports IPv4 and v6 passive interface on CCEP • Routing at level of MCT peers without virtual router • Routed packets can route across ICL as shortest path routing • Connect IP-based VMs in different subnets in a data center with less latency • Connect routed customer networks in WAN © 2012 Brocade Communications Systems, Inc. 12 Best Practice of MCT with L2 Metro Ring Metro Ring Protocol Customer A Network PBB endpoints or L2VPN endpoints MCT Provider Network ICL Metro Ring MRP Master Customer B Network • Dual-homing to Metro Ring to build large resilient Layer 2 domains • Sub-second re-convergence for any failure from access switches to border routers © 2012 Brocade Communications Systems, Inc. 13 Best Practice of MCT with L2 Metro Ring Metro Ring Protocol • The secondary port of MRP master must not be configured on ICL • ICL must not be in blocking state • The convergence time requires to balance the preforwarding time and the number of MRP instances • With MRP default preforwarding timer, topology group is recommended for reducing the number of MRP instance • G.8032 (ERP) is not recommended © 2012 Brocade Communications Systems, Inc. 14 Best Practice of MCT For VPLS MCT Active CE LAG MCT PE CE PE SPOKE-PW LAG MPLS Network MCT MCT Active SPOKE-PWPE Point-to-multipoint VPLS PE PE CE MCT PE MPLS network PE PW Standby LAG CE CE MCT cluster client edge ports MCT cluster Active-Active data path Active-Standby data path PW Active PE PE PE CE MCT LAG CE CE • High availability in between point-to-multipoint clients • Active-active path to customer edge router • Active-standby path to remote end-points • Multiple standby path in between local and remote end-points • Provide cloud service across MPLS network in between data centers • Do not require remote PEs be aware of MCT © 2012 Brocade Communications Systems, Inc. 15 Best Practice of MCT For VLL CE MCT Active CE LAG MCT PE LAG PE SPOKE-PW MPLS Network SPOKE-PW Point-to-point VLL PE PE MCT MCT Active PE PE MPLS network PW Standby MCT LAG CE MCT cluster client edge ports MCT cluster Active-Active data path Active-Standby data path PW Active PE PE MCT LAG CE • High availability in between point-to-point clients • Active-active path to customer edge router • Active-standby path to remote end-point • Multiple standby path in between local and remote end-points • Provide cloud service across MPLS network in between data centers • Do not require remote PEs be aware of MCT © 2012 Brocade Communications Systems, Inc. 16 Best Practice of MCT for VPLS/VLL • Two MCT PE peers must configure same VC-mode, have same size of VPLS MAC table, and have same set of remote peers • Tagged and raw mode are supported in MCT for VPLS/VLL • MCT will not form if these configurations are not identical • It is preferable to use MCT spoke-PW in between MCT PE nodes • In a MPLS network, a direct ICL with L2 session VLANs may not be achievable • As long as there is a routed path in between two MCT PEs, MCT spoke PW never fails • L2 ICL and session and MCT for VPLS/VLL can be support simultaneously • MCT for VPLS/VLL always requires to configure L2VPN peer in the cluster • Most IT admin who are familiar with L2 MCT forget to configure l2VPN peers • Cluster will not form without L2VPN peer • If node faulure it will take more than 10 (30sec) © 2012 Brocade Communications Systems, Inc. 17 Best Practice of MCT for VPLS/VLL • MCT for VPLS/VLL requires keep-alive timer for confirming CCP down • CCP can run in layer 3 domain without direct-link ICL • Adjustable keep alive timer to accommodate the time of layer 3 path reroute • MAC address withdrawal is recommended in MCT for VPLS to avoid black holing of packets from remote PE’s • VE over VPLS does not support Routing over MCT for VPLS/VLL © 2012 Brocade Communications Systems, Inc. 18 New R5.4 Introduction of Multicast Routing with MCT PIM-SM over MCT as Last Hop • PIM and IGMP run natively on the MCT VLAN (VE) • PIM sets up peering across the MCT chassis via ICL • IGMP query message sent natively on CCEP • IGMP membership synched across ICL to MCT peer when IGMP join message is received on CCEP. • IGMP membership is installed in PIM mcache on both MCT peers • Hashing algorithm determines if the actual forwarding port is local or remote if the source is on uplink and receiver on CCEP. For other combinations of source and receivers, MCT multicast uses shortest path • Both MCT peers use PIM to join RPF towards RP • Multicast traffic arrives on both MCT peers, but the peer with local forwarding port forwards traffic to client •© 2012 Adding the process of registry and remove the picture Brocade Communications Systems, Inc. 19 Introduction of Multicast Routing with MCT Synchronize IGMP State On CCEPs Routed L3 network IGMP report CCEP CEP MDUP sync New R5.4 (G1) (G2) MDUP Sync CCEP1 (G1) (G2) CCEP2 (*,G2) (*,G1) MCT Client Receiver • Receiver sends IGMP report for (*, G1) (*, G2) • MCT client forwards (*,G1) to CCEP1 and forwards (*, G2) to CCEP2 • MCT switches synchronize the IGMP report received locally to the peer CCEPs via MDUP © 2012 Brocade Communications Systems, Inc. 20 Introduction of Multicast Routing with MCT Receivers Behind MCT Client S1 S2 Multicast Streams New R5.4 Routed L3 network CCEP CEP S3 (G1) (G3) (G2) (G4) ICL (G1) (G3) (G2) (G4) S4 CCEP2 CCEP1 MCT Client Receiver • Streams requested by Receiver are added to the CCEP in both MCT Peers • Streams requested by Receiver are pulled to both MCT peers • Only one MCT switch forwards a stream to its CCEP and the MCT peer drops the stream • Streams ingress from CEP (S3, S4), the MCT switch connecting to the source forwards to CCEP. If the local CCEP goes down, the peer will forward to its CCEP • A stream ingress from ICL (S3, S4), it is dropped until the remote CCEP goes down • A stream ingress from Uplink (S1, S2), MCT hash function decides which MCT switch forwards a steam © 2012 Brocade Communications Systems, Inc. 21 Introduction of Multicast Routing with MCT Receivers on CEP S2 Multicast Streams CCEP CEP Multicast Streams dropped by peer New R5.4 Routed L3 network CEP1 ICL (G1) (G3) (G2) (G4) (G1) (G3) (G2) (G4) CEP2 S4 CCEP2 CCEP1 Receiver MCT Client S1 S3 • Streams requested by Receiver are added to CEP1 • A stream from Routed L3 network (S2) is pulled by Receiver side MCT switch via the Uplink and forwarded to CEP1 • A stream sourced from CEP2 (S4) is pulled by Receiver side MCT via the ICL and forwarded to CEP1 • Streams sourced from MCT Client (S1,S3) are load balancing on the LAG to one of MCT switches • A stream load balancing to Receiver side MCT switch (S1) is natively forwarded to CEP1 • A stream load balancing to the remote side of MCT (S3) switch will be forwarded to CEP1 via the ICL © 2012 Brocade Communications Systems, Inc. 22 Introduction of Multicast Routing with MCT Sources Behind MCT Client R1 Multicast Streams CCEP CEP Multicast Streams dropped by peer Remote Receiver R3 Receiver R2 Remote Receiver Routed L3 network (G1) (G3) (G2) (G4) CCEP1 (G1) (G3) (G2) (G4) CCEP2 New R5.4 R4 Receiver MCT Client S1 S2 S3 S4 Source R5 Receiver • Streams sourced behind MCT client are load balancing on the LAG to MCT switches • Streams load balancing to the MCT switch which has the OIF (S2, S3) are forwarded to the OIFs locally regardless the OIF is Uplink, CEP, or other CCEP • Streams load balancing to the MCT switch that the OIFs are on MCT Peer (S1 to R1, S4 to R4) will be forwarded to the OIF via the ICL regardless the OIF is Uplink or CEP • From the above rule, the stream (S4 to R4) will not be forward to remote CCEP since the ingress is the ICL and both CCEPs are up • MCT Client forwards the stream (S4) to the local receiver (R5) in normal VLAN Flooding. •© 2012 Brocade Communications Systems, Inc. 23 Introduction of Multicast Routing with MCT Sources on CEP R1 Multicast Streams CCEP CEP Multicast Streams dropped by peer Remote Receiver CEP1 Source S1 S2 S3 S4 R2 Remote Receiver Routed L3 network ICL (G1) (G3) (G2) (G4) (G1) (G3) (G2) (G4) CEP2 CCEP2 CCEP1 New R5.4 R4 Receiver MCT Client R5 R3 Receiver • Streams with OIFs on local Uplink are forwarded locally by MCT switch (S1 to R1) • Streams with OIFs on local CCEP are forwarded locally by MCT switch (S1 to R5) • Streams with OIFs on remote CCEP are forwarded to MCT peer via ICL then forward to MCT client (S3 to R3) • From the above rule, steams are also forwarded to MCT peer via ICL but dropped until the local CCEP is down (S1 to MCT peer) • Streams with OIFs on remote Uplink (R2) and remote CEP (R4) are forwarded to OIFs via the ICL (S2 to R2, S4 to R4) © 2012 Brocade Communications Systems, Inc. 24 Best Practice of Multicast for MCT Routed L3 network Source Routed L3 network Source Keep-Alive VLAN ICL CEP1 CEP2 CCEP2 Forwarding state CCEP1 Forwarding state ICL CEP1 CCEP2 Forwarding state CCEP1 shutdown MCT Client R Receiver CEP2 MCT Client R Receiver • In the case of source is from L3 uplink and receiver is on the MCT client. Without keepalive VLAN, ICL failure results in the client interface in both MCT nodes to be in forwarding state • The client interface in both MCT nodes are in forwarding state, multicast traffic is duplicated in the receiver. • Keep-alive VLAN is strongly recommended for multicast for MCT © 2012 Brocade Communications Systems, Inc 25 Best Practice of Multicast for MCT Routed L3 network Source Routed L3 network Source Keep-Alive VLAN Keep-Alive VLAN ICL CEP1 CEP2 CCEP2 CCEP1 Designated Forwarder ICL CEP1 CCEP2 CCEP1 Designated Forwarder Extra IP interface MCT Client R CEP2 Receiver MCT Client R Receiver © 2012 Brocade Communications Systems, Inc. C • Following the previous scenario. If the uplink of designated forwarder fails, it does not cause the designated forwarder to change to peer MCT node. Only the peer MCT node now can pull the traffic from source. • Only CCEP failure triggers designated forwarder to change to peer MCT node • An extra L3 interface in between both MCT nodes should be configured to be the next hop of routed multicast traffic in order to prevents black-hole from uplink failure. • The IP interface can be either configured on ICL or on an extra link • It is required to have an extra L3 interface in between both MCT nodes for multicast for MCT if the source and receivers are in the same position as the topology © 2012 Brocade Communications Systems, Inc 26 Best Practice of Multicast for MCT • The (S, G) registry is synchronized to both MCT nodes. But only one MCT node in the pair forwards the multicast traffic to clients or uplink, not both. • Double amount of data traffic flows through ICL, ICL requires more bandwidth in the deployment of multicast for MCT • Multicast for MCT is recommended only for single-tier MCT © 2012 Brocade Communications Systems, Inc 27 Summary Key takeaways • High-Availability: Sub-second failover in the event of a Link, Module, Switch Fabric, Control Plane, or Node failure • Active-Active links : No idle Ethernet links in the network. • Optimal Forwarding; Layer 2 and Layer 3 forwarding regardless of VRRP-E state • Traffic Load-Balancing: Flow base load balancing rather than VLANs sharing across network links • Simple Deployment & Operation: Minimal configuration and easy troubleshooting. • No Rip and Replace: Ability to provide the resiliency regardless of the type/vendor of edge device • Flexibility: Ability to provide this resiliency, regardless of the traffic type layer 2, layer 3 or non-IP • Scalable for VMotion: Interaction with MRP to build larger resilient Layer 2 domains © 2012 Brocade Communications Systems, Inc 28
