Virtual Enterprise Network Architecture Johnny Hermansen, Avaya Võrguvara Kevad Summit 2011 Challenges and Drivers Reduce Cost & Improve Time-to-Service Making IT more efficient Effectively supporting business initiatives Application team & network team coordination Allow IT the ability to simply say “yes” Future-proof infrastructure Eliminating network re-designs IT as the enabler and not the inhibitor Consolidation & explosion of content brings heightened visibility & risk Bigger Data Centers demand improved operational efficiency More application and added complexity drives cost up There is an obvious need to simplify without compromising © 2010 Avaya Inc. All rights reserved. 2 Is your network ready..? The Private Cloud Better time-to-service with less complexity Virtual Enterprise Network Architecture Virtualized Data Center Backbone Operational efficiencies and flexibility Campus Network Virtualization Best effort moving to real-time ready © 2010 Avaya Inc. All rights reserved. 3 Avaya VENA Components Virtual Service Networks • Mapping of Services to unique virtual networks • Supports L2 VLANs, plus L3 Routing & VRFs • Simplifies provisioning & incorporates policy Virtual Services Fabric • Built on enhanced IEEE Shortest Path Bridging • Resiliency, simplicity & consistent interconnect • Transparently co-existing Services Products &Tools • New Data Center Modular & Fixed platforms • Also integrates existing platforms • Enhanced tools for virtualization management © 2010 Avaya Inc. All rights reserved. 4 Functional Model Business Applications Next-Generation Collaboration Disruptive Technologies Virtual Service Network Virtual Service Network Virtual Service Network Configuration, Orchestration, Performance, & Flow Management Access Control Virtual Services Platforms Virtual Service Networks Virtualization Provisioning Service Ethernet Routing Switches Unified Communications Compute Storage Virtual Service Network Virtual Service Network © 2010 Avaya Inc. All rights reserved. 5 VENA for the Data Center © 2010 Avaya Inc. All rights reserved. 6 Avaya VENA for the Data Center Virtual Services Fabric deployed within and between Data Centers creating the Private Cloud infrastructure Data Center Consolidation DC1 VSN DC2 Workload Mobility Bandwidth of 10 Gigabit and Beyond Simple & Efficient Provisioning Servers are dual-homed for active/active connectivity © 2010 Avaya Inc. All rights reserved. Virtual Service Networks provide secure connectivity with one touch provisioning 7 Avaya’s Proven Data Center Solution Dual Horizontal Stacks of ToR Switches DC1 DC2 Network Core Layer Compute Access Layer Compute Infrastructure © 2010 Avaya Inc. All rights reserved. Dual-homed Server connections Extending the Virtual Services Fabric Virtual Services Fabric extends to ToR Switches Dual-homed connections remain 9 © 2010 Avaya Inc. All rights reserved. Empowering Virtual Service Networks Virtual Service Network Virtual Service Network UNMATCHED SIMPLICITY 10 © 2010 Avaya Inc. All rights reserved. Extending the Virtual Services Fabric © 2010 Avaya Inc. All rights reserved. 11 Virtualization Services Layer 2 Virtual Services Network Virtual Services Network Mapping of a Layer 2 VLAN into a Virtual Service Network delivering seamless Layer 2 extensions Layer 3 Virtual Services Network Virtual Services Network Mapping of a Layer 3 VRF into a Virtual Service Network delivering seamless Layer 3 extensions Inter-VSN Routing Virtual Services Network Enhancing 802.1aq by offering a policy-based Layer 3 internetworking capability of multiple Virtual Service Networks Virtual Services Network IP Shortcuts Native IP routing across the Virtual Services Fabric without the need for Virtual Services Networks or any additional IGP © 2010 Avaya Inc. All rights reserved. VLAN VLAN 12 Avaya VENA for the Campus Campus Core Distribution (optional) Server DC1 DC2 Server Extending the Private Cloud Secure Traffic Separation Authentication for Access Control Delivering the Network-as-a-Service © 2010 Avaya Inc. All rights reserved. 13 Why extend VENA into the Campus..? Simplify Configuration & Management Efficient service activation – free of error & delay Optimized Traffic Separation Ensure regulatory compliance & multi-tenant partitioning Delivering Network-as-a-Service Creating the only optimized end-to-end Cloud architecture © 2010 Avaya Inc. All rights reserved. 14 Existing Network Architectures Avaya: Switch Clustering using Split Multi-Link Trunking Competitors: Spanning Tree and/or Layer 3 Server Access Data Center Core Campus Core Distribution Edge Server Today’s networks are not optimized for virtualized content delivery (VDI, Cloud)… © 2010 Avaya Inc. All rights reserved. VENA streamlines service delivery, provides traffic separation, and virtualizes network delivery 15 Extending Virtualization to the Campus Layer 2 Edge VLANs map into the Virtual Service Networks at the Fabric edge Server Access Data Center Core Campus Core Distribution Edge Server Virtual Service Fabric extended from the Data Center into the Campus © 2010 Avaya Inc. All rights reserved. Layer 2 SMLT from the Edge provides active/active connectivity 16 Extending Virtualization to the Campus Default VLAN/VSN provides initial Network Access control assigns User to Mapping of VLANs to VSNs connectivity for network allocation the appropriate Departmental VLAN Server Access VLAN Data Center Core Application VSN VLAN Campus Core Departmental VSN Surveillance Default VSN VSN Distribution Edge VLAN VLAN Server VLAN Application VSN Departmental VSN VLAN Controlling access between UserExample and of a sole-use end-to-end Application VSNs Application VSN © 2010 Avaya Inc. All rights reserved. 17 Example: Multi-tenant Networks Layer 3 Virtual Services Network Mapping of a Layer 3 VRF into a Virtual Services Network delivering seamless Layer 3 extensions Virtual Services Network Business Requirement Provide campus infrastructure to support multiple different customers (airport, education, government, etc.) Maintain traffic separation between customers for data integrity and security Offer dynamic network to accommodate geographic location changes for network connectivity Share common resources where applicable (i.e. unified communications) © 2010 Avaya Inc. All rights reserved. 18 Example: Multi-tenant Networks The complexities we have to deal with today... Application VLAN with IGP configured for routing capabilities Compute Access VLAN VLAN Dual Core IGP VLANs and RSMLT for best resiliency and fast failover/recovery Data Center Core Campus Core Distribution Layer VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN VLAN User VLANs with IGP configured for routing capabilities Access Layer VRF Configuration IGP Configuration iBGP Peering MPBGP Route Targets Route Distinguishers © 2010 Avaya Inc. All rights reserved. 19 Example: Multi-tenant Networks VRFs create traffic separation which is maintained through VSN Layer 3 VRF extension across the Virtual Services Fabric Use of shared services becomes simple and efficient Blue Departmental Virtual Services Network Green Departmental Virtual Services Network VRF Configuration VRF to VSN Mapping © 2010 Avaya Inc. All rights reserved. 20 Unified Fabric / Storage Networks © 2010 Avaya Inc. All rights reserved. 21 Trend: Ethernet wins iSCSI Ethernet 100M 1G 10G 40G/100G FCoE FC 1G 1996 2G 1998 2000 4G 2002 2004 2006 8G 2008 16G 2010 2012 32G? 2014 2016 Infrastructure will migrate to Ethernet – irrespective of iSCIC and FCoE Source: iSCSI Primer – Ethernet Alliance © 2010 Avaya Inc. All rights reserved. 22 VENA - Storage Transport Existing solutions for: – Internet Small Computer System Interface (iSCSI) – Network Attached Storage (NAS) – ATA over Ethernet (AoE) Simple, scalable, ubiquitous, and – crucially – available today Virtual Service Network Segregation of Storage traffic to unique Virtual Service Networks Virtual Data Center © 2010 Avaya Inc. All rights reserved. 23 Fibre Channel over Ethernet (FCoE) simplified view VN_port VF_port 10GE Host Lossless Ethernet Network 10GE Fiber Channel Forwarder Lossless transport is required © 2010 Avaya Inc. All rights reserved. 24 iSCSI simplified view 10GE 10GE TCP/IP Disk array Host Network Will benefit from lossless Ethernet But no requirement! © 2010 Avaya Inc. All rights reserved. 25 ATA over Ethernet (AoE) simplified view 1G/10GE Ethernet 1G/10GE Disk array Host Network Will benefit from lossless Ethernet But no requirement! © 2010 Avaya Inc. All rights reserved. 26 Data Center Bridging / Lossless Ethernet Lossless Ethernet Fiber Channel Forwarder Host Network Priority based Flow Control - PFC (802.1Qbb) - Draft Enhanced Transmission Selection - ETC (802.1Qaz) - Draft Congestion Notification – CN (802.1Qau) – Approved standard © 2010 Avaya Inc. All rights reserved. 27 Congestion Notification © 2010 Avaya Inc. All rights reserved. 28 Priority based Flow Control © 2010 Avaya Inc. All rights reserved. 29 Bridging) environment. Using priority-based processing and bandwid traffic classes within different traffic types such as LAN, SAN, IPC, an configured to provide bandwidth allocation, low-latency, or characteristics. Enhanced Transmission Selection © 2010 Avaya Inc. All rights reserved. 30 FC vs FCoE vs iSCSI Protocol efficiency: When using jumbo frames iSCSI has the best protocol efficiency Throughput: 10GbE iSCSI, FCoE, and 4 Gb FC Application throughput limited to 4 Gb 10GbE NIC with iSCSI offload for iSCSI traffic 10GbE CNA for FCoE traffic 4 Gbps FC HBA for Fibre Channel traffic © 2010 Avaya Inc. All rights reserved. Source: Dell 31 FC vs FCoE vs iSCSI © 2010 Avaya Inc. All rights reserved. Source: iSCSI Primer – Ethernet Alliance 32 Technology Brief overview © 2010 Avaya Inc. All rights reserved. 33 IEEE 802.1ah PBB & SPBm Frame Format Ethernet frame encapsulated in SPB Ethernet frame Ethernet frame PC1 to S1 Ethernet frame PC1 to S1 PC1 No end-user MAC learning © 2010 Avaya Inc. All rights reserved. DMAC SMAC VLAN TAG Payload B-DA B-SA B-VID I-SID DMAC SMAC VLAN TAG C-Payload DMAC SMAC VLAN TAG Payload payload S1 End-user MACs are hidden behind Backbone MAC header, thus Core network does not see any “edge” MAC addresses Transport framing SPB & TRILL Lookup Compared TRILL Host X X Host Y MAC Z Rbridge A TRILL Nickname TA FCS Payload MAC C MAC B Router B X | Y TA | TE Z | B Inner-Eth TRILL Outer-Eth FCS’ Payload MAC N MAC D Payload X | Y TA | TE Inner-Eth TRILL C | D Outer-Eth MAC I Router D Router C FCS’’ MAC H MAC F Rbridge E TRILL Nickname TE X | Y TA | TE N | F Inner-Eth TRILL Outer-Eth FCS’’’ Payload X | Y TA | TE Inner-Eth TRILL Y Eth H | I Outer-Eth Shortes Path Bridging / Avaya Route Lookup Host X Host Y X SPB A PLSB C PLSB B FCS X | Y Payload PLSB D SPB E A | E Eth SPB is much simpler, lower cost, OAM transparent Solution 35All rights reserved. © 2010 Avaya Inc. Y The Current State of Affairs with STP A root In distributed manner, decide X who is root and what shortest path to root is. X X D The STP protocol distributes bridge PDUs (BPDUs) to compute a single spanning tree. Ports not on the tree are blocked and not used for multicast traffic. Unknown destinations are broadcast, and reverse learning used to build forwarding tables. © 2010 Avaya Inc. All rights reserved. Results in Inefficient forwarding •Traffic often not on shortest path (its on tree). Eg (A=>D) traffic. A root A-> A-> X X A <-A X D •Many links go unused or underutilized •Result is that physical networks tend to resemble trees © 2010 Avaya Inc. All rights reserved. SPB’s approach (As a replacement to STP) Use shortest path first tree rooted at each node as its own private multicast tree. A B R G D •For example. R,G,B now have individual trees. •Interior nodes now must know who originated packet to know what tree it should be placed •Interior nodes therefore see one tree per bridge in network. © 2010 Avaya Inc. All rights reserved. The Basics of How SPBm Works 1. Discover network topology • • IS-IS natural L2 routing protocol Hierarchy built in for scaling 2. IS-IS nodes automatically build trees from themselves to all nodes: Important properties: • Shortest path tree based on link metrics • No blocked links • RPFC to eliminate loops • Symmetric datapath between any two nodes provides closed OAM system • unicast path now exists from every node to every other node 3. Use IS-IS to advertise new services communities of interest • Floods topology, MAC and ISID information to network ISIS ISIS CREATE ISID=100 Vlan 20 ISIS ISIS 100 100 100ISIS 100ISIS 100 100 100 ISIS 100 100 ISIS ISIS Vlan 33 100 ISIS ISIS Vlan 20 4. When nodes receive notice of a new service AND they are on the shortest path, update FDB • ISID/Service specific entries © 2010 Avaya Inc. All rights reserved. 39 The Basics of How SPBm Works 1. Discover network topology • • IS-IS natural L2 routing protocol Hierarchy built in for scaling 2. IS-IS nodes automatically build trees from themselves to all nodes: Important properties: • Shortest path tree based on link metrics • No blocked links • RPFC to eliminate loops • Symmetric datapath between any two nodes provides closed OAM system • Unicast path now exists from every node to every other node ISIS ISIS ISIS ISIS CREATE ISID=100 Vlan 20 ISIS ISIS ISIS ISIS ISIS 3. Use IS-IS to advertise new services communities of interest • Floods topology, MAC and ISID information to network Vlan 33 ISIS ISIS Vlan 20 4. When nodes receive notice of a new service AND they are on the shortest path, update FDB • ISID/Service specific entries © 2010 Avaya Inc. All rights reserved. 40 The Basics of How SPBm Works 1. Discover network topology • • IS-IS natural L2 routing protocol Hierarchy built in for scaling 2. IS-IS nodes automatically build trees from themselves to all nodes: Important properties: • Shortest path tree based on link metrics • No blocked links • RPFC to eliminate loops • Symmetric datapath between any two nodes provides closed OAM system • Unicast path now exists from every node to every other node ISIS ISIS ISIS ISIS CREATE ISID=100 Vlan 20 ISIS ISIS ISIS 3. Use IS-IS to advertise new services communities of interest • Floods topology, MAC and ISID information to network ISIS ISIS Vlan 33 ISIS ISIS Vlan 20 4. When nodes receive notice of a new service AND they are on the shortest path, update FDB • ISID/Service specific entries © 2010 Avaya Inc. All rights reserved. 41 Summary of VENA Services 8600C 8600G 8600D Tester Native IP Shortcut Tester vlan 13 10.0.13.0/24 GRT (over native IS-IS) vlan 14 10.0.14.0/24 L2VSN vlan 10 I-SID 12990010 vlan 10 L2VSN vlan 9 I-SID 12990009 vlan 19 Inter-VSN vlan 11 10.100.11.0/24 I-SID 12990011 vlan 11 I-SID 12990012 vlan 12 vlan 12 10.100.12.0/24 L3VSN vlan 101 10.1.101.0/24 I-SID 13990001 vlan 102 10.1.102.0/24 L3VSN vlan 201 10.2.201.0/24 I-SID 13990002 vlan 202 10.2.202.0/24 L2VSN + L3VSN vlan 51 10.5.51.0/24 IPVPN-Lite vlan 401 10.4.41.0/24 over© SPB 2010 Avaya Inc. All rights reserved. I-SID 12990051 vlan 51 I-SID 13990005 BGP IPVPN-Lite vlan 52 10.5.52.0/24 vlan 402 10.4.42.0/24 The Products © 2010 Avaya Inc. All rights reserved. 43 Resilient Architecture Dual Active/Active Switch Fabric/CPU design – Maximises switching capacity – CPUs operate in Online/Standby Interface Module connections load-shared across Switch Fabric Modules All resources are actively utilised, maximising return on investment mode with optional High Availability Stateful sub-second fail-over – Layer 2 MAC Tables, VLANs, SMLT, 802.1X, L2 Multicast – Layer 3 RSMLT, RIP, OSPF, VRRP, IP Filters Hitless downtime during Software upgrades Hot-swappable components for simplified maintenance 44 © 2010 Avaya Inc. All rights reserved. Virtual Services Platform 9000 Fully redundant hardware with no single point-of-failure – Hardened Data Center operating system – Instantaneous re-route Efficient Layer 2 & 3 network virtualization Delivers very high-density 10GbE today – Future-ready for a seamless evolution to 40/100 Gigabit & Lossless – 8.4 Tbps architecture that scales up to 27 Tbps © 2010 Avaya Inc. All rights reserved. Versatile & futureready platform that scales to support 40/100G Mid-Plane design optimizes Data and Control plane utilization Virtual Enterprise Network Architecture Data Center hardware & operating system High-density I/O Modules, independent Processors & Fabrics 45 Virtual Services Platform 7000 Versatile fixed-format platforms – 24 port and 48 port versions Virtual Enterprise Network Architecture Versatile & futureready platform that scales to support 40/100G Data Center hardware & operating system Flexible MDA options: 10G, 40G, 100G, Fibre Channel Integrated multiTerabit Stacking, field-replaceable PSU & Fans Data Center-grade hardware – Reversible front/back or back/front cooling – Fiber-based Stacking for unrivalled deployment flexibility Data Center-grade operating system with extensible functionality – – – – DCB/CEE “FCoE-ready” Shortest Path Bridging Edge Virtual Bridging IEEE-based OA&M © 2010 Avaya Inc. All rights reserved. 46 Configuration & Orchestration Enhancement to existing offering with addition of Virtual Services Manager Centralized provisioning of the Virtual Service Fabric & Virtual Service Networks Virtual Enterprise Network Architecture Virtual Services Fabric Virtual Service Network Simplifies configuration of Shortest Path Bridging infrastructure Wizards to guide Users step-bystep, streamlining provisioning & reducing the human error factor Integrated into the Unified Management Environment © 2010 Avaya Inc. All rights reserved. 47 Simplification & Automation Virtual Enterprise Network Architecture Empowering network orchestration through integrated and automated workflows Virtual Service Network Automating rule-based adds/moves/changes of network virtualization based upon server provisioning Default Gateway Mobility, via VPS (especially relevant to/for Workload Mobility) © 2010 Avaya Inc. All rights reserved. Open API Unifying the provisioning of network virtualization with server virtualization, for simplified adds/moves/changes 48 © 2010 Avaya Inc. All rights reserved. 49