Академический Документы
Профессиональный Документы
Культура Документы
BRKDCT-1927
Overview
Transparent bridging in the data center Spanning Tree Protocol
How it works, how it fails Stability features Application to data center design
BRKDCT-1044
Cisco Confidential
BRKDCT-1044
Cisco Confidential
172.28.192.1/24
172.28.192.2
.3
.4
.5
BRKDCT-1044
Cisco Confidential
172.28.192.3
BRKDCT-1044
.4
.2
.5
Cisco Confidential
.6
.7
.8
5
L3
stateless host Mobility/flexibility No multipathing
Nic teaming
L3
BRKDCT-1044
L2 (with STP)
Cisco Confidential
Those limitations are caused by historic constraints in the data plane (not by STP, the spanning tree protocol)
BRKDCT-1044
Cisco Confidential
BRKDCT-1044
Cisco Confidential
STP Goals
Enforce a tree (at all time) Spanning eventually In a plug and play fashion Notify learning function of topology changes
BRKDCT-1044
Cisco Confidential
STP Information
Bridges exchange information using Bridge Protocol Data Units (BPDUs) The content of BPDUs is equivalent to a long integer Two different BPDUs can always be compared: the lower value is better Root Bridge ID
Root Path Cost Sender Bridge ID Sender Port ID 1011 2021
P1
B1
P1
B2
BRKDCT-1044
Cisco Confidential
10
STP Terminology
Root bridge: bridge sending the best information (unique in the network) Designated port: the port sending the best information on a LAN (unique on a LAN) Root port: the port receiving the best information (unique on a non-root bridge) A port that is not root or designated is discarding: alternate or backup Designated port: best information LAN A Root bridge: best information in the network
Root port Alternate port Designated port
BRKDCT-1044
FW BLK
1011
P1
B1
P2
1012
LAN B 1122
P2
B2
A port that fails to receive BPDUs goes designated (forwarding) Most STP failures are related to BPDUs being lost or not acted upon
BRKDCT-1044
Cisco Confidential
12
loop
P1
B1
Root port Alternate port Designated port
P1
P2
1012
LAN B 1122
P2
B2
P2 does not receive any BPDU: it thinks it is designated and open a loop
BRKDCT-1044
Cisco Confidential
13
Dispute Mechanism
Protects Against Unidirectional Link There can only be a one designated port on a LAN RSTP (Rapid Spanning Tree) and MST (Multiple Spanning Trees) advertise a role in their BPDUs A designated port with worse information is a problem LAN A
P1
No loop!
P1 P2
B1
P2
loop
P1
B1
Root port Alternate port Designated port
P2
LAN B
1012
P2
B2
?!
BRKDCT-1044
Cisco Confidential
15
Bridge Assurance
Identify and configure network ports vs. edge ports On p2p network ports:
Send periodic BPDUs, regardless of role Expect periodic BPDUs, regardless of role If no BPDU is received, the port goes inconsistent (blocking) Root network port sends periodic BPDUs
Designated 1011
B1 p1
Root 1121
p1
B2
Worse root BPDU: does not trigger dispute Designated network port expects BPDUs
Cisco Confidential
BRKDCT-1044
16
Bridge Assurance
The Ultimate Brain Dead Detection Mechanism Introduce a behavior closer to L3: A network port with no peer does not transmit traffic
LAN A
loop
P1 P1
B1
P2
LAN B
1012
P2
B2
?!
BRKDCT-1044
Cisco Confidential
17
B R L
Network port Edge port Normal port type BPDUguard Rootguard Loopguard
HSRP
HSRP
STANDBY
Aggregation
ACTIVE
Backup
Root
N N N R R R R
Root
N N N R R R R
Access
N N
N N N
N L L
E B
E B
E B
E B
E B
BRKDCT-1044
Cisco Confidential
18
BRKDCT-1044
Cisco Confidential
19
Blocked port
Redundancy handled by STP
BRKDCT-1044 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
A Primary Peer
B Secondary Peer
C Physical topology
BRKDCT-1044
Cisco Confidential
21
BRKDCT-1044
Cisco Confidential
22
vPC Operation
Port Channel
VPC domain
Traffic can use either side (depending on channel hashing) No traffic on peer link (ideally, all devices are dual attached)
BRKDCT-1044 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
23
B A C
Link failure or single attached device Traffic going through peer link must not be flooded to dual attached devices
BRKDCT-1044 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
24
BRKDCT-1044
Cisco Confidential
25
Possibility of a dual active scenario The vPC domain cannot operate as a single switch How do we differentiate this failure from the previous one?
BRKDCT-1044 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
26
Primary Peer
vPC Peer Keepalive Link is a hello mechanism that tests the peer without using the Peer Link The secondary peer block its ports when Peer Link down
BRKDCT-1044 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
27
The Peer Keepalive Link must not use the peer link. Use instead a separate cable/mgmt interface/L3 infrastructure Use LACP to form channels to the vPC pair
BRKDCT-1044
Cisco Confidential
28
L3
L2 with STP
Failure domain = bridging domain stateless host Mobility/flexibility Multipathing Failure domain = bridging domain
L2 with vPC L3
BRKDCT-1044
Ether Channels
as STP sees it
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
29
R L X
Network port Edge port Normal port type BPDUguard Rootguard Loopguard Network or Normal port: safety/availability tradeoff
HSRP
Aggregation
ACTIVE
VPC domain
N N
HSRP
STANDBY Backup
Root
X X X X R R R R
Root
X X X X R R R R
Access
X
X X
E B
E B
E B
E B
E B
BRKDCT-1044
Cisco Confidential
30
BRKDCT-1044
Cisco Confidential
31
Routers: 3 summary routes per devices Bridges: 4 billion host routes per devices
BRKDCT-1044 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
32
To A A
To B B
R1
R2
BRKDCT-1044
Cisco Confidential
33
A X B Y
Backbone Bridge AB XY AB
Provider Bridge
AB
User space
BRKDCT-1044
Cisco Confidential
34
Mac-in-Mac Scalability
Backbone Edge Bridges (BEB) are able to:
map mac addresses between user and backbone spaces encapsulate/decapsulate frames
BEBs only need to learn a subset of the mac addresses Backbone Bridges are regular bridges They only see backbone space addresses Now, lets assume that the backbone bridges are not bridges but new special devices
BRKDCT-1044
Cisco Confidential
35
To X To Y A
User space X W Y
B
User space
36
Adding a TTL
Frames are encapsulated unchanged in a new frame format in the backbone
The encapsulation can carry a TTL A Link state protocol allows determining the exact hop count
To X To Y A
User space X W Y
A X, TTL 2
B
User space
Backbone space
AB
XY 1 AB XY 2 AB
AB
BRKDCT-1044
Cisco Confidential
37
Upcoming Technologies
By introducing a new data plane in the backbone, the advantages of Layer 3 can be added to Layer 2 The backbone addresses are not seen by L2 users, they represent a location, aggregating several devices
Global PC A address = X.A
Backbone Address (location) Mac Address (ID) PCA
User space X
Backbone space
BRKDCT-1044
Cisco Confidential
38
TRILL (Transparent Interconnection of Lots of Links) and Cisco L2MP (Layer 2 Multi Pathing)
Intra-Data Center Solutions
BRKDCT-1044
Cisco Confidential
39
BRKDCT-1044
Cisco Confidential
40
TRILL/Cisco L2MP
Common use in the Data Center backbone = DC L2 Network (typically between Access and Aggregation)
3 Aggregation switches: no design restriction ECMP+Channels for higher bandwidth
Core
Aggregation
Access
Access encapsulates
BRKDCT-1044
Cisco Confidential
41
TRILL
Specific details Can create adjacencies on shared links at the price of a larger encapsulation
Core
Aggregation
Access
BRKDCT-1044
Cisco Confidential
42
Cisco L2MP
Specific details
Assumes p2p connectivity to neighbor supporting L2MP Compact header (for low latency) Emulated bridge
P2p links
Core
Aggregation
Access
vPC+ ( vPC)
BRKDCT-1044
Cisco Confidential
43
A X
X Step 1: C is unknown to Y, flood Y
B Y
CB B
A CB
flood,Y C B
Step 2: X receives the frame but does not know C: Y is not learnt.
BRKDCT-1044
Cisco Confidential
44
B Y A X (4)
AB B
A AB BA
flood,Y A B
Step 2: X receives and knows A as a local address. B is learnt. Step 3: X knows B, the frame is unicast to Y
Y ,X
BA
BA
45
BRKDCT-1044
Cisco Confidential
L2 with vPC L3
as STP sees it
Ether Channels
L3
BRKDCT-1044
L2MP
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
46
BRKDCT-1044
Cisco Confidential
47
DC1
L2
L2
DC2
Core
Aggregation Access
DC3
BRKDCT-1044 Cisco Confidential
48
DC2 (root2)
macB
BRKDCT-1044
Cisco Confidential
49
DC1
E1/1 Arp for MacB Reply
DG2, HSRPmac
DG2, HSRPmac
DC2
E1/2 macB
IP X
BRKDCT-1044
Cisco Confidential
50
Conclusion
L2 desirable for its flexibility (as a complement to L3) Transparent bridging has some scalability issues Several stability features have been developed in the control plane they will never be enough to match L3 The final solution will be injecting L3 elements in the L2 data plane The Nexus family of switches provide the HW support for those technologies
BRKDCT-1044
Cisco Confidential
51
BRKDCT-1927
Recommended Reading
BRKDCT-1044
Cisco Confidential
52
53