BRKDCT-2840 Data Center Networking Taking Risk Away From Layer 2 Interconnects

Minimizing the Risks With Enterprise Multi-Site Data Center L2 Connectivity
BRKDCT-2840
David Jansen CCIE 5952 Technical Solutions Architect Data Center dajansen@cisco.com
Reference Sessions
BRKDCT-2011 - Design and Deployment of Data Center Interconnects using (Advanced) A-VPLS, Amit Singh. BRKDCT-2048 - Deploying Virtual Port Channel in NXOS, Francis Guillier.
BRKDCT-2049 - Introduction to Overlay Transport Virtualization: Extending the Data Center Layer 2 Connectivity, Natale Ruello.
BRKDCT-2081 - Cisco FabricPath Technology and Design, Tim Stevenson. BRKSAN-2704 - Storage Area Network Extension Design and Operation, Mark Allen. BRKDCT-3060 - Deployment Challenges with Interconnecting Data Centers, Max Ardica & Patrice Bellagamba. BRKDCT-3103 - Advanced OTV - Configure, Verify and Troubleshoot OTV in Your Network, Bhanu Vemula. BRKCRS-3045 LISP, Dino Farinacci, & Greg Schudel. BRKDCT-9131 - Mobility and Virtualization in the Data Center with LISP and OTV, Victor Moreno.
BRKDCT-2840 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public
Session BRKDCT-2840 Abstract

Data Center Networking: Taking Risk Away from Layer 2 Interconnects
This intermediate session details a solution for providing a means of Layer 2 communications adjacency to support operating system clustering, file system clustering, virtual machine mobility, symmetric traffic flows, and more in a highly resilient multisite data center infrastructure. Starting from the building blocks of spanning-tree implementations and considerations, the session continues with details on how to control the Layer 2 control and data planes to limit negative effects present today in geographically diverse Layer 2 domains. The emphasis is on multisite data center interconnect and specifics of service advertisement and site failover. Considerations are given for tying users to either site in an active/standby, active/active per application, and active/active within an application relationship. Transport mechanisms such as tag switching, Ethernet over MPLS, Virtual Private LAN Service, MPLSoGRE, OTV, Virtual Ethernet, ServerFarm to User First Hop Redundancy, User to ServerFarm redundancy with Route Health Injection, 802.1s and w, load sharing multisite traffic on intra-data center VLANs, global site load balancing, and others. This session compares alternatives with direct Layer 2 links on dedicated services or DWDM lambdas, point-to-point and multipoint scenarios, configurations using existing RPVST or MST deployments within a data center site, sharing Layer 2 and Layer 3 services, and operations and administration considerations.
Goals of This Session

Present alternatives for interconnecting multiple Data Center locations Present tested methods in production for minimizing the risks associated with meeting these connectivity requirements.
BRKDCT-2840
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Session Agenda
Data Center Interconnection Common Scenarios and Terms Dark Fiber / DWDM Solutions Label Based Solutions
IP Based Solutions
Encryption Recommended Designs for Optimizing Traffic Flows
Q&A
BRKDCT-2840
Cisco Public
Data Center Interconnection Common Scenarios and Terms
2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Data Center Interconnection Common Scenarios and Terms
BRKDCT-2840
Cisco Public
77
Layer 2 Use Cases

Extending Operating System / File System clusters Extending Database clusters
Virtual machine mobility

Physical machine mobility Physical to Virtual (PtoV) Migrations
Legacy devices/apps with embedded IP addressing

Time to deployment and operational reasons Extend DC to solve power/heat/space limitations
Data Center co-location

Layer 2 Risks
Flooding of packets between data centers
Spanning Tree (STP) is not easily scalable and risk grows as diameter grows STP has no domain isolation issue in single DC can propagate First hop resolution and inbound service selection can cause verbose inter-data center traffic
In general Cisco recommends L3 routing for geographically diverse locations

This session focuses on making limited L2 connectivity as stable as possible
BRKDCT-2840
Cisco Public
10
Layer 2 Solution Types

Light customer owned fiber to build an extended L2 network
No STP isolation between sites Virtual Switching System (VSS) / Virtual Port Channel (vPC) FabricPath (no STP)
Purchase multiple wavelengths from SP

Cost rises, still nothing to offer STP isolation
Redesign data center STP domain using Multiple Spanning Tree (MST) regions
STP domain concept Fundamental change requiring large time investment
Operational differences and MST database management
BRKDCT-2840
Cisco Public
11
Layer 2 Solution Types (Cont)

Implement a L2 solution to virtualize transport over L3
EoMPLS for point to point (possible STP isolation issues) Multipoint bridging using Virtual Private LAN Services (VPLS) MPLSoGRE Overlay Transport Virtualization (OTV) Advanced VPLS (A-VPLS)
BRKDCT-2840
Cisco Public
12
Session Agenda
IP Based Solutions
Q&A
BRKDCT-2840
Cisco Public
13
Dark Fiber / DWDM Solutions
Layer 2 Prerequisites for All Options

This session assumes a fairly detailed knowledge of Spanning Tree Protocol Items we leverage in this solution:
802.1w 802.1s Port Fast BPDU Filter
BPDU Guard
Root Guard Loop Guard Bridge Assurance (Catalyst 6500, Nexus 5000/5500 and 7000)
BRKDCT-2840
Cisco Public
15
Layer 2 Extension Without Tunnels/Tags (vPC/VSS)

6500 with Virtual Switching System cluster (Supported distances at 80km (ZR) Dark Fiber)
Nexus 7000 with Virtual Port-Channels (Supported distances at 80km (ZR-X2) Dark Fiber)
All traffic flows to a vPC/VSS member node Hub-and-spoke topology from a layer 2 perspective Dedicated links to vPC/VSS members from each data center aggregation switch Can consume lambda or fiber strands quickly
Data plane rate limiting in L2 still needs protection

STP domains are not isolated unless we BPDU-filter at all vPC/VSS aggregation switches
BRKDCT-2840
Cisco Public
16
vPC / VSS Design
L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber
Data Center #1
Data Center #2
vPC / VSS
vPC / VSS
BRKDCT-2840
Cisco Public
17
vPC / VSS L2 View

Data Center #1 Data Center #2
L2 LH Fiber/DWDM
L2 Local Fiber
BPDU-Filtering
BPDU-Filtering
vPC/VSS
vPC/VSS
vPC/VSS Domain ID for facing vPC/VSS layers should be different BPDU Filter on the edge devices to avoid BPDU propagation STP Edge Mode to provide fast failover times No Loop must exist outside the vPC/VSS domain No L3 peering between Nexus 7000 devices (i.e. pure layer 2)
BRKDCT-2840
Cisco Public
18
vPC / VSS Design

Data Center #3
12 Lambda/24 Strand Example 4 Additional Lambda/8 Strands per new DC L2 Service Only from Provider VSS L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber
Data Center #1
Data Center #2
VSS/vPC
vPC / VSS
vPC / VSS
BRKDCT-2840
Cisco Public
19
vPC / VSS L2 View

Data Center #3
VSS L2 LH Fiber/DWDM
All links are port channels to Central VSS
L2 Local Fiber
BPDU Filtering
Data Center #1
Data Center #2
BPDU Filtering
BPDU Filtering
VSS vPC/VSS
VSS
BRKDCT-2840
Cisco Public
20
vPC and Layer 3

P
L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber L3 Peer
Data Center #1
P
Data Center #2
P
vPC
vPC
Nexus 7000 configured for L2 Transport only SVI passive-interface (no IGP peering)
21
vPC and Layer 3

P
L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber L3 Peer
Data Center #1
P
Data Center #2
P
vPC
P
vPC
P
Peering over a vPC inter-connection on parallel routed interfaces SVI passive-interface (no IGP peering)
22
FabricPath Design (Partial/Full/Ring Topology)

FabricPath
Data Center #3
Leverage vPC+ Brownfield / Greenfield DC STP Integration
STP (CE)
Conversational MAC Learning

Native VLAN Pruning TTL / RPF ECMP for L2
Classic Ethernet
FabricPath Core FabricPath Data Center #1 Agg w/vPC+
BRKDCT-2840
Cisco Public
Data Center #2
23
Session Agenda
IP Based Solutions
Q&A
BRKDCT-2840
Cisco Public
24
MPLS Solutions
EoMPLS (Ethernet Over MPLS)

Encapsulates Ethernet frames inside MPLS packets to pass layer 3 network EoMPLS has routing separation from metro core devices providing connectivity CE flapping routes wont propagate inside MPLS Point to point links between locations Data plane rate limiting in L2 still needs protection
EoMPLS Is a Pseudo-Wire
CE
PE MPLS PE CE
BRKDCT-2840
Cisco Public
26
Virtual Private LAN Service (VPLS)

VPLS defines an architecture that allows MPLS networks to offer Layer 2 multipoint Ethernet Services Metro Core emulates an IEEE Ethernet bridge (virtual) Virtual Bridges linked with EoMPLS Pseudo Wires Data plane rate limiting in L2 still needs protection
VPLS Multipoint Services
CE PE
VFI
PE
VFI
CE
MPLS
VFI
CE
27
Virtual Forwarding Instance (VFI)

IOS Representation of Virtual Switch Interface Flooding / Forwarding
MAC table instances per customer (port/VLAN) for each PE VFI will participate in learning and forwarding process Associate ports to MAC, flood unknowns to all other ports
Address Learning / Aging

LDP enhanced with additional MAC List TLV (label withdrawal) MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per VPLS Uses split horizon concepts to prevent loops
28
Calculating Core MTU Requirements

Core MTU Edge MTU + Transport Header + (MPLS Label Stack * MPLS Header Size) Edge MTU is the MTU configured in the CE-facing PE interface Examples (all in Bytes):
Edge EoMPLS Port Mode EoMPLS VLAN Mode Transport MPLS Stack MPLS Header Total
1500 1500
14 18
2 2
4 4
1522 1526
BRKDCT-2840
Cisco Public
29
End to End VPLS and EoMPLS Design
Layer 3 Core Intranet

WCore1 WCore2 ECore1 ECore2
WMC1 DC Core Po1 WAgg1
EMC1 DC Core
EAgg2
VPLS / EoMPLS Domain

Agg WAgg2 Po1 WMC2 EMC2 EAgg1 Agg
Access L2 Links (GE or 10GE) L3 Links (GE or 10GE) Loss of Link/Node Server Farm Server Farm
Access
BRKDCT-2840
Cisco Public
30
Access to Aggregation Connections

Rapid-PVST is existing protocol, and no desire to force a change
Aggregation switches are root for all intra-DC VLANs Aggregation ARP and CAM Timers The peer aggregation switch is secondary root HSRP tested for first hop redundancy from server (more later)
Access
Agg
Server Farm
BRKDCT-2840
Cisco Public
31
Layer 3 Aggregation and Core Connections

Layer 3 connections from DC Core to Enterprise Core Aggregation switch L3 connected to DC Core Hanging L3 links in diagram, are to Metro Core switches which are Ethernet over MPLS links Hanging L3 links are for peering the DC Cores in each location in a point-topoint scenario
If dual supervisor modules, need non-stop forwarding (NSF) under routing process
Layer 3 Enterprise Core
DC Core
Agg
Bidirectional forwarding detection (BFD) interval 100 min_rx 100 multiplier 3

Cisco Public
BRKDCT-2840
32
EoMPLS / VPLS Infrastructure

Loopbacks chosen as peering points for EoMPLS and VPLS xconnects Horizontal links represent 10GE on DWDM service between data centers (alternate paths) Vertical links represent intra-DC 10GE connections MPLS LDP enabled globally (not a full P / PE MPLS implementation) LDP NSF/SSO mpls ldp graceful-restart Links to/from aggregation switches for Layer 2, are storm-control limited for broadcasts and multicasts to 1% (protect data plane) MTU increased to 1522 bytes on the L3 MPLS links for the MPLS tagging
Metro Core
Metro Core
33
Metro Switch Interconnectivity
- Link debounce timers - Aggressive-UDLD - Carrier-delay timers
IGP Routing Process connecting MPLS PEs
Metro Core
Metro Core
- Link debounce timers - Aggressive-UDLD - Carrier-delay timers
L3 Links (10GE)
BRKDCT-2840
Cisco Public
34
EoMPLS for Layer3
DC Core
METRO CORE
DC Core
PW Pseudo Wires
Agg Agg
EoMPLS
Metro Core
Metro Core
Access L2 Links (GE or 10GE) L3 Links (GE or 10GE) Server Farm Server Farm
Access
BRKDCT-2840
Cisco Public
35
VPLS for Layer2
METRO CORE
DC Core DC Core
VFI
Agg Agg
PW Pseudo Wires
Metro Core Metro Core
Access
BRKDCT-2840
Cisco Public
36
VPLS for Layer2

l2 vfi vlan3700 manual vpn id 3700 Layer 3 Core neighbor 192.168.255.251 encapsulation mpls Intranet neighbor 192.168.255.252 encapsulation mpls neighbor 192.168.255.253 encapsulation mpls
DC Core
l2 vfi vlan3700 manual vpn id 3700 neighbor 192.168.255.250 encapsulation mpls neighbor 192.168.255.251 encapsulation mpls neighbor 192.168.255.253 encapsulation mpls
DC Core
METRO CORE
Agg
Agg
PW Pseudo Wires
l2 vfi vlan3700 manual vpn Accessid 3700 neighbor 192.168.255.250 encapsulation mpls neighbor 192.168.255.252 encapsulation mpls neighbor 192.168.255.253 encapsulation mpls
Server Farm
l2 vfi vlan3700 manual Access vpn id 3700 neighbor 192.168.255.250 encapsulation mpls L2 Links (GE or 10GE) neighbor 192.168.255.251 encapsulation mpls L3 Links (GE or 10GE) neighbor 192.168.255.252 encapsulation mpls
Server Farm
BRKDCT-2840
Cisco Public
37
VPLS for Layer2

interface Vlan3700 no ip address load-interval 30 xconnect vfi vlan3700 interface Vlan3700 no ip address load-interval 30 xconnect vfi vlan3700
DC Core
METRO CORE
DC Core
Agg
VLAN 3700
PW Pseudo Wires
Agg
Access
interface Vlan3700 no ip address load-interval 30 xconnect vfi vlan3700
interface Vlan3700 no ip address load-interval 30 xconnect vfi vlan3700 L2 Links (GE or 10GE)
L3 Links (GE or 10GE)
Access
Server Farm
Server Farm
BRKDCT-2840
Cisco Public
38
Spanning Tree
Spanning-Tree BPDUs will NOT traverse between the Data Centers It isnt needed (and blocked) with VPLS We still need to control data plane layer 2 events (i.e., limit the traffic)
Since enterprises want dual N-PE devices, and VPLS blocks BPDUs, we require method to block within a local DC
BRKDCT-2840
Cisco Public
39
End-to-End L2 View
Broadcast, Multicast, Unknown Unicast
DC Core
DC Core

Agg
RSTP
X X
RSTP
X X
Agg
Access
Access
Without layer 2 link between Metro Switches there is a loop. Each side has a U shape with Metro and Agg switches, broadcast storms.
Server Farm L2 Links (GE or 10GE) L3 Links (GE or 10GE)
Server Farm
40
Spanning Tree Option: MSToNPE

Root Bridge in West DC for all VLANs that Go Between Data Centers Root Bridge in East DC for all VLANs that Go Between Data Centers
DC Core Single L2 MST Bridge Single L2 MST Bridge
DC Core
MST
Agg
MST
X
Agg
RSTP
RSTP
Access
BRKDCT-2840
Cisco Public
41
Spanning-Tree
MST (802.1s) represents Metro Cores as single bridge
Blue Layer 2 link is access port channel with a VLAN that represents the MST0 instance to make the MST group
MST bridge priority set to 0 (Metro Core will be root of Inter-DC VLANs) Spanning tree root-guard enabled on Metro Cores toward aggregation switches (protects in case the blue MST link fails) Only inter-DC VLANs allowed on trunks to/from aggregation switches Set spanning-tree VLAN cost to set the priorities on the agg switches links to metro core will allow us to put some VLANs on upper Metro Core, some on lower by default
Single L2 MST Bridge
BRKDCT-2840
Cisco Public
42
Spanning Tree Option: MSToNPE

interface Port-channel4 description Port Channel to WestMetroCore1 Layer 3 Core spanning-tree vlan 3702,3706,3710,3714,3718 cost 8
Intranet
DC Core Single L2 MST Bridge Single L2 MST Bridge
DC Core
X X
Agg
MST
MST
X X
Agg
RSTP X
Access
X
RSTP X
Access
interface Port-channel4 description Port Channel to WestMetroCore2 spanning-tree vlan 3700,3704,3712,3716 cost 8
Server Farm Server Farm
BRKDCT-2840
Cisco Public
43
STP Option: Multi-Chassis Link Aggregation Group (MC-LAG)

Root Bridge in West DC for all VLANs that Go Between Data Centers
Root Bridge in East DC for all VLANs that Go Between Data Centers
DC Core
DC Core
ICCP
vPC
ICCP
vPC
RSTP
Access
RSTP
BRKDCT-2840
Cisco Public
44
Advanced VPLS (A-VPLS)

Leverages VSS MEC for DCI L2/L3/L4 Flow Based Balancing
Simplified Edge Redundancy

Optimal Bandwidth Utilization PFC on SUP720 treats as a normal Ethernet port Flexibility to trunk VLANs over either an MPLS or IP transport easily A new interface type: interface virtual-ethernet x
Takes switchport commands just like a normal physical Ethernet port
BRKDCT-2840
Cisco Public
45

Integration with existing VPLS solutions MPLS Fast Re-Route (FRR) for very fast failover MPLS Traffic Engineering (TE)
Requires SIP-400 / ES40+ (12.2.33SXJ1) 10GE

IOS Version 12.2.33SXI4 Sub-1 second fail-over 4,000 VLANs 32 Sites Unified Control-Plane (Single nPE Per Location)
BRKDCT-2840
Cisco Public
46

VSS is recommended but not required. If VSS is used then the modules need to be compatible with VSS. Ie. 67xx modules.
Scalability is 32k VCs; the number of VCs equals the number of neighbors * number of VLANs The solution supports MPLS L3 VPNs at the same time; MPLS L3 VPNs can exist side by side on the same PEs to provide a complete solution.
BRKDCT-2840
Cisco Public
47
Leveraging VSS for Dual-Homing

Agg nPE nPE Agg
Agg
Agg
VSL
IP/MPLS Cloud
VSL
Agg
Agg
VSS system
VSS system
Leveraging VSS at the DCI edge provides nPE redundancy Use of VSS is transparent to the VPLS cloud Equivalent to having the sites single attached (single virtual PE)
BRKDCT-2840
Cisco Public
48
The Label Setup Example
Agg
One Tunnel Label Per ECMP Exit

nPE nPE
Agg
Agg
OSPF
VSL VSL
Agg
Agg
Agg
Loop0:1.1.1.1
Loop0:2.2.2.2
BRKDCT-2840
Cisco Public
49
The Label Setup Example

VLAN10 VLAN20 PW Lbl1 PW Lbl2 PW Lbl1
VLAN10
Targeted LDP Single tLDP per neighbor
PW Lbl2
VLAN20
Agg nPE nPE
Agg
Agg
Agg VSL VSL
Agg
Agg
Loop0:1.1.1.1
Loop0:2.2.2.2
BRKDCT-2840
Cisco Public
50
Multi-Pathing with A-VPLS

Agg
A-VPLS Pseudowire Single Virtual Ethernet Interface across Multiple Interfaces

nPE
LSP/GRE Tunnel
nPE
Agg
Agg
Agg VSL
IP/MPLS Cloud
VSL
Agg
Agg
VSS system
VSS system
Up to 8 equal cost paths between any two sites A label is assigned to each equal cost path based on routing reachability of neighbor
Simplified CLI: Virtual Ethernet interface Loadbalancing at L2/L3/L4
51
A-VPLS Solution
Agg nPE nPE Agg
Agg
Agg VSL
L2/L3/L4 LB between all sites
VSL
Agg
Agg
VSS system
VSL
VSS system
Split horizon between Want all neighbors for loop avoidance, multipoint support.
to add a 3rd site?
BRKDCT-2840
Cisco Public
52
Configuration A-VPLS
pseudowire-class cl1 encap mpls
! enable ML PW (ECMP LB)
PE1 (1.1.1.1)
load-balance flow flow-label enable
! enable FAT PW
interface virtual-ethernet 1
IP/MPLS
transport vpls mesh neighbor 2.2.2.2 pw-class cl1 neighbor 3.3.3.3 pw-class cl1 switchport switchport mode trunk switchport trunk allowed vlan 10, 20 PE2 (2.2.2.2)
PE3 (3.3.3.3)
Egress physical interface: interface TenGigabitEthernet1/1/3/0 ip address 10.1.1.1 255.255.255.0 mpls ip
BRKDCT-2840
Cisco Public
53
End to End VPLS and EoMPLS Design A-VPLS

WMC1 DC Core Po1 WAgg1
EMC1 DC Core
EAgg2

Agg WAgg2 Po1 WMC2 EMC2 EAgg1 Agg
Access L2 Links (GE or 10GE) L3 Links (GE or 10GE) Loss of Link/Node Server Farm Server Farm
Access
BRKDCT-2840
Cisco Public
54
A-VPLS Routed/IRB PW
MPLS Cloud
DC Core Po1 VSS
SIP-400 Ten3/0/0
or ES40+ Core Interfaces

Ten4/0/0 Ethernet Configuration VSL Ten4/0/0
DC Core VSS
Ten4/0/0 A-VPLS Virtual VSL Agg WAgg2
EAgg1
Agg
Access
A-VPLS with Integrated Routing and Bridging L2 Boundary does not extend beyond Aggregation layer
L2 Links (GE or 10GE) L3 Links (GE or 10GE) Server Farm Server Farm
Access
Loss of Link/Node
55
Storm Control
Traffic storms when packets flood the LAN Traffic storm control feature prevents LAN ports from being disrupted by broadcast or multicast flooding Rate limiting for unknown unicast (UU) must be handled at Data Center aggregation; unknown unicast flood ratelimiting (UUFRL):
mls rate-limit layer2 unknown rate-in-pps [burst-size]
Storm Control is configured as a percentage of the link that storm traffic is allowed to use.
storm-control broadcast level 1.00 (% of b/w may vary need to baseline) storm-control multicast level 1.00 (% of b/w may vary need to baseline)
BRKDCT-2840
Cisco Public
56
3 or More Data Center Locations

EoMPLS will allow multiple point to point links between any 2 sites Can build a full mesh of links to interconnect layer 3 devices VPLS scales by adding peer xconnects under the VFI in the IOS configuration Split horizon with MST local to data center will make for simple growth
Limits dependant on amounts of L2 traffic especially multicast, as these are replicated on each PW
BRKDCT-2840
Cisco Public
57
3 Site Drawing With EoMPLS PWs for L3
Server Farm
L2 Links (GE or 10GE) L3 Links (GE or 10GE) Server Farm

BRKDCT-2840 2011 Cisco and/or its affiliates. All rights reserved.
Server Farm
Cisco Public
58
3 Site Drawing With VPLS PWs for L2
Server Farm
L2 Links (GE or 10GE) L3 Links (GE or 10GE) Server Farm

Server Farm 59
Summary of Tagging Section

EoMPLS well suited for Router-Router links VPLS well suited for Switch-Switch links Straightforward to scale to multiple Data Center locations
MST and MC-LAG both work well

One tradeoff is QinQ support against number of VLANs to pass Another is the root of the spanning tree for inter-DC VLANs
A-VPLS
Backwards Compatible Load Balancing Enhancements Simplified Configuration Single virtual nPE
BRKDCT-2840
Cisco Public
60
Session Agenda
Data Center Interconnection Common Scenarios and Terms Dark Fiber / DWDM Solutions
Label Based Solutions

IP Based Solutions Encryption
Recommended Designs for Optimizing Traffic Flows

Q&A
BRKDCT-2840
Cisco Public
61
IP Based Solutions
EoMPLS/VPLSoGRE Reason for oGRE

IP Only Core Need a solution to stand up VC with a LDP label
GRE provides routing separation from metro core devices providing connectivity Customer Edge (CE) flapping routes wont propagate inside IP network
Point to point links between locations
Wide range of hardware support including 6500, 7600, ASR

IPSec securing of tunnel straightforward
Data plane rate limiting in L2 still needs protection
* Please note the 7600 does not support VPLSoGRE

63
What Is EoMPLS and VPLS Over GRE?

EoMPLS connectivity over IP-only network. EoMPLS VCs are established over MPLSoGRE Tunnels Requires SIP-400 on the 6500 with SUP720
EoMPLS instance
VPLS connectivity over IP-only network. VPLS VCs are established over MPLSoGRE Tunnels. Requires SIP-400 on the 6500 with SUP720
VPLS instance VPLS instance
EoMPLS instance PE
PE
MPLSoGRE Tunnels
PE
MPLSoGRE Tunnels
PE
IP GRE Tunnels that provide MPLS connectivity over IP-only network.
PE VPLS instance
MPLS LDP session is established through the GRE tunnel
BRKDCT-2840
Cisco Public
64
Layer 2 Extension EoMPLSoGRE Catalyst 6500

Per VLAN VC/GRE Per VLAN alternate path Backup EoMPLS Pseudo-wire into Core L3 nPE
Si Si
L3 nPE
MCEC with Nexus 7000 vPC
nPE
L2 Etherchannel as VSS is viewed as one device
Si
Si
nPE
L2
L2
Aggregation
Aggregation
Si
Si
VSL MEC Access

L2 Links (GE or 10GE) L3 Links (GE or 10GE)
Access
Si
VSL
Si
BRKDCT-2840
Cisco Public
65
Layer 2 Extension EoMPLSoGRE - Catalyst 6500

interface Loopback0 description tunnel source ip address 10.10.10.1 255.255.255.0 interface Loopback1 description LDP Router ID ip address 11.11.11.1 255.255.255.255 Interface Tunnel 10 ip address 192.168.10.1 255.255.255.0 tunnel-source 10.10.10.1 tunnel-destination 10.10.10.2 mpls ip ip route 11.11.11.2 255.255.255.255 Tunnel 10 Interface gig 1/0 Switchport Switchportmode access Switchportaccess vlan10 mtu 9216 interface GigabitEthernet3/0/1 description SIP-400 Interface mtu 9216 ip address 192.168.33.3 255.255.255.0 bfd interval 100 min_rx 100 multiplier 3 interface Loopback0 description tunnel source ip address 10.10.10.2 255.255.255.0 interface Loopback1 description LDP Router ID ip address 11.11.11.2 255.255.255.255 Interface Tunnel 10 ip address 192.168.10.2 255.255.255.0 tunnel-source 10.10.10.2 tunnel-destination 10.10.10.1 mpls ip ip route 11.11.11.1 255.255.255.255 Tunnel 10 Interface gig 1/0 Switchport Switchportmode access Switchportaccess vlan10 mtu 9216 interface GigabitEthernet3/0/1 description SIP-400 Interface mtu 9216 ip address 192.168.33.4 255.255.255.0 bfd interval 100 min_rx 100 multiplier 3
Int vlan 10 Xconnect 11.11.11.2 10 encapsulation mpls

! mtu 9216
Int vlan 10 Xconnect 11.11.11.1 10 encapsulation mpls mtu 9216

Cisco Public
66
Layer 2 Extension VPLSoGRE Catalyst 6500

Per VLAN VFI/GRE Per VLAN alternate path
L3 nPE
Si Si
L3 nPE nPE
Si Si
L3 nPE nPE
Si Si
nPE
L2 Etherchannel as VSS is viewed as one Device
L2
L2
Si
L2
Si
Aggregation
Aggregation
Si
Si
VSL
VSL MEC Access
Aggregation
Access
Si
Si
Access
VSL
BRKDCT-2840
Cisco Public
67
Layer 2 Extension VPLSoGRE - Catalyst 6500

interface Loopback0 description tunnel source ip address 10.10.10.1 255.255.255.0 interface Loopback1 description LDP Router ID ip address 11.11.11.1 255.255.255.255 Interface Tunnel 10 ip address 192.168.10.1 255.255.255.0 tunnel-source 10.10.10.1 tunnel-destination 10.10.10.2 mpls ip ip route 11.11.11.2 255.255.255.255 Tunnel 10 Interface gig 1/0 Switchport Switchport mode access Switchport access vlan10 mtu 9216 interface GigabitEthernet3/0/1 description SIP-400 Interface mtu 9216 ip address 192.168.33.3 255.255.255.0 bfd interval 100 min_rx 100 multiplier 3
l2 vfi vfi-vlan10 vpn id 10 neighbor11.11.11.2 encapsulation mpls interface Vlan 10 xconnectvfi vfi-vlan10 mtu 9216
interface Loopback0 description tunnel source ip address 10.10.10.2 255.255.255.0 interface Loopback1 description LDP Router ID ip address 11.11.11.2 255.255.255.255 Interface Tunnel 10 ip address 192.168.10.2 255.255.255.0 tunnel-source 10.10.10.2 tunnel-destination 10.10.10.1 mpls ip ip route 11.11.11.1 255.255.255.255 Tunnel 10 Interface gig 1/0 Switchport Switchport mode access Switchport access vlan10 mtu 9216 interface GigabitEthernet3/0/1 description SIP-400 Interface mtu 9216 ip address 192.168.33.4 255.255.255.0 bfd interval 100 min_rx 100 multiplier 3
l2 vfi vfi-vlan10 vpn id 10 neighbor 11.11.11.1 encapsulation mpls interface Vlan 10 xconnectvfi vfi-vlan10 mtu 9216
Cisco Public
68
Overlay Transport Virtualization (OTV)

Ethernet LAN Extension over any Network Ethernet in IP MAC routing Multi-datacenter scalability Simplified Configuration & Operation Seamless overlay - no network re-design Single touch site configuration
High Resiliency
Failure domain isolation Seamless Multi-homing Maximizes available bandwidth Automated multi-pathing Optimal multicast replication
BRKDCT-2840
Cisco Public
69
OTV Interface Types

Edge Device Internal Interfaces External Interface
OT V
Join Interface
Overlay Interface
L2 L3
Overlay Interface
Core
Join Interface
Internal Interfaces
BRKDCT-2840
Cisco Public
70
OTV Control Plane

Neighbor Discovery and Adjacency Formation
Before any MAC address can be advertised the OTV Edge Devices must:
Discover each other
Build a neighbor relationship with each other
The neighbor relationship can be built over a transport infrastructure, that can be:
multicast-enabled unicast-only
Technology Benefit: OTV can leverage any networking capability provided by the transport infrastructure (multicast, fast-reroute, ECMP)
BRKDCT-2840
Cisco Public
71
OTV Control Plane

Neighbor Discovery (over Multicast Transport)
Multicast-enable Transport
OTV Control Plane OTV OTV OTV Control Plane
IP A
West
IP B
East
The mechanism Edge Devices (EDs) join an multicast group in the transport, as they were hosts (no PIM on EDs) OTV hellos and updates are encapsulated in the multicast group
The end result Adjacencies are maintained over the multicast group A single update reaches all neighbors
BRKDCT-2840
Cisco Public
72
OTV Control Plane

Neighbor Discovery (Unicast-Only Transport)
Ideal for connecting two or three sites With a higher number of sites a multicast transport is the best choice
Unicast-only Transport
OTV Control Plane OTV OTV OTV Control Plane
IP A
West
IP B
East
Adjacency Server Mode
The mechanism
Edge Devices (EDs) register with an Adjacency Server ED EDs receive a full list of Neighbors (oNL) from the Adjacency Server OTV hellos and updates are encapsulated in IP and unicast to each neighbor
The end result

Neighbor Discovery is automated by the Adjacency Server All signaling must be replicated for each neighbor Data traffic must also be replicated at the head-end
73
OTV Data Plane

Encapsulation
OTV encapsulation adds 42 Bytes to the packet IP MTU size
Outer IP Header and OTV Shim Header in addition to original L2 Header stripped off of the .1Q header
The outer OTV shim header contains information about the overlay (VLAN, overlay number) The 802.1Q header is removed from the original frame and the VLAN field copied over into the OTV shim header
802.1Q header removed
802.1Q
802.1Q
DMAC
SMAC
Ether Type
DMAC
SMAC
Ether Type
IP Header
OTV Shim
L2 Header 14B* Payload
CRC 4B
6B
6B
2B
20B
8B
Original L2 Frame
20B + 8B + 14B* = 42Byte of total overhead

* The 4Bytes of .1Q header have already been removed 74
OTV Data Plane: Unicast

MAC Table contains MAC addresses reachable through IP addresses MAC TABLE
MAC TABLE MAC

MAC 1 MAC 2 MAC 3 MAC 4
OTV Inter-Site Traffic

1 Layer 2 Lookup
VLAN
100 100 100 100
MAC
MAC 1 MAC 2 MAC 3 MAC 4
IF
Eth 2 Eth 1 IP B IP B
VLAN
100
IF
IP A IP A Eth 3 Eth 4
MAC 4
5 Layer 2 Lookup
100 100 100
MAC 2 Eth 1 Eth 2
OTV
External IP A
MAC 1 MAC 3 IP A IP B
OTV
External IP B
Eth 4 Eth 3
MAC 1 MAC 3 MAC 1 MAC 3 IP A IP B
6
MAC 1 MAC 3
MAC 1 MAC 3
L2
L3
2 Encap
Core
3
L3 L2
4 Decap
MAC 1
MAC 3
West
East
BRKDCT-2840
Cisco Public
75
STP BPDU Handling

When STP is configured at a site, an Edge Device will send and receive BPDUs on the internal interfaces. An OTV Edge Device will not originate or forward BPDUs on the overlay network. An OTV Edge Device can become (but it is not required to) a root of one or more spanning trees within the site. An OTV Edge Device will take the typical action when receiving Topology Change Notification (TCNs) messages.
The BPDUs stop here
OTV
Core
BRKDCT-2840
Cisco Public
76
Data-plane Loop Prevention

AED and Broadcast/Multicast Handling
Broadcast/M-cast packets reach all Edge Devices within a site.
The AED for the VLAN is the only Edge Device that forwards b-cast/ m-cast packets onto the overlay network The b-cast/m-cast packet is replicated to all the Edge Devices on the overlay. Only the AED at each remote site will forward the packet from the overlay onto the site. Once sent into the site, the b-cast/m-cast packet is replicated per regular switching
OTV OTV
OTV OTV
Core
AED AED
BRKDCT-2840
Cisco Public
77
Multi-Homing
Per VLAN Authoritative Edge Device
OTV provides loop-free multi-homing by electing a designated forwarding device per site for each VLAN This forwarder is known as the Authoritative Edge Device (AED) The Edge Devices at the site peer with each other on the internal interfaces to elect the AED A hash based on the VLAN-ID and the number of edge Internal peering for devices on the site is usedAED election to elect the AED
OTV OTV
As sites merge and/or partition, internal peering is updated and AED re-election happens
AED
78
Multi-Homing
AED and Broadcast/Multicast Handling
Broadcast/M-cast packets reach all Edge Devices within a site. The AED for the VLAN is the only Edge Device that forwards b-cast/ m-cast packets onto the overlay network The b-cast/m-cast packet is replicated to all the Edge Devices on the overlay. Only the AED at each remote site will forward the packet from the overlay onto the site. Once sent into the site, the b-cast/m-cast packet is replicated per regular switching
OTV OTV
Broadcast stops here
Broadcast stops here

OTV
Bcast pkt
OTV
Core
AED AED
BRKDCT-2840
Cisco Public
79
Multi-Homing
AED and Unicast Forwarding
One AED is elected for each VLAN on each site Different AEDs can be elected for each VLAN to balance traffic load Only the AED forwards unicast traffic to and from the overlay Only the AED advertises MAC addresses for any given site/VLAN
Unicast routes will point to the AED on the corresponding remote site/VLAN
MAC TABLE VLAN
100 201
MAC
MAC 1 MAC 2
IF
IP A
OTV OTV
IP B
AED
AED IP A
OTV
OTV
Core
IP B
AED
AED
BRKDCT-2840
Cisco Public
80
OTV Use Case

Two Sites Connected With Dark-Fiber
BRKDCT-2840
Cisco Public
81
Configuration
OTV over a Multicast Transport
Minimal configuration required to get OTV up and running
feature otv feature otv otv site-vlan 600 otv site-vlan 602 interface Overlay1 interface Overlay1 description WEST-DC description EAST-DC otv join-interface e1/1 otv join-interface e1/1.10 otv control-group 239.1.1.1 otv control-group 239.1.1.1 otv data-group 232.192.1.0/24 otv data-group 232.192.1.0/24 OTV OTV otv extend-vlan 100-150 otv extend-vlan 100-150 feature otv otv site-vlan 601 IP A interface Overlay1 IP B description SOUTH-DC East West otv join-interface Po16 otv control-group 239.1.1.1 IP C otv data-group 232.192.1.0/24 OTV otv extend-vlan 100-150
South
BRKDCT-2840
Cisco Public
82
Configuration
OTV over an unicast-only transport
Establishing a DCI has never been this simple
feature otv otv site-vlan 600 interface Overlay1 description WEST-DC otv join-interface e1/1 otv adjacency-server local otv extend-vlan 100-150
OTV
feature otv otv site-vlan 602 interface Overlay1 description EAST-DC otv join-interface e1/1.10 otv adjacency-server 10.1.1.1 otv extend-vlan 100-150
OTV
IP A
West
feature otv otv site-vlan 601 interface Overlay1 description SOUTH-DC otv join-interface Po16 otv adjacency-server 10.1.1.1 IP C otv extend-vlan 100-150
OTV
IP B
East
South
BRKDCT-2840
Cisco Public
83
Localized HSRP
ip access-list ALL_IPs 10 permit ip any any mac access-list ALL_MACs 10 permit any any ip access-list HSRP_IP 10 permit udp any 224.0.0.2/32 eq 1985 20 permit udp any 224.0.0.102/32 eq 1985 mac access-list HSRP_VMAC 10 permit 0000.0c07.ac00 0000.0000.00ff any 20 permit 0000.0c9f.f000 0000.0000.0fff any vlan access-map HSRP_Localization 10 match mac address HSRP_VMAC match ip address HSRP_IP action drop vlan access-map HSRP_Localization 20 match mac address ALL_MACs match ip address ALL_IPs action forward vlan filter HSRP_Localization vlan-list 100-104,1100,1200,1300 mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00 mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000 mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000 0000.0000.0000 route-map OTV_HSRP_filter permit 10 match mac-list OTV_HSRP_VMAC_deny otv-isis default vpn Overlay0 redistribute filter route-map OTV_HSRP_filter otv site-vlan 601
BRKDCT-2840
Cisco Public
84
OTV Summary
STP Isolation: BPDUs are not forwarded over the overlay Multi-homing support Optimal Multicast Replication
Control-plane MAC based learning and forwarding

Simplified Configuration IP Based / Transport Agnostic
BRKDCT-2840
Cisco Public
85
Calculating Core MTU Requirements

Edge MTU is the MTU configured in the CE-facing PE interface Examples (all in Bytes):
Edge MPLSoGRE PE to PE MPLS Label GRE Header Total
1500
1500
MPLSoGRE PE to P
4 (1 label) 8 (2 labels) 30
24
24
1528
1532
PWoGRE PE to PE* (vLAN) 1500 PWoGRE PE to PE* (port) OTV

BRKDCT-2840
24
24 42
Cisco Public
1554
1550 1542
* 6 -srcmacaddr 6 -dstmacaddr 4 -VLAN information 2 -Type field 4 -Control word 4 -VC label 4 -Tunnel label
86
1500 1500
26
n/a
Session Agenda
IP Based Solutions
Q&A
BRKDCT-2840
Cisco Public
87
Encryption
Point-to-Point Encryption Solution

802.1AE Link
DC-1
N7000-1
DC-2
N7000-2
e1/25
55.5.5.1
e1/25
55.5.5.2
Nexus 7000
Nexus 7000
Nexus 7000 Trustsec can be used to secure data across remote data-center if Layer 2 and BPDU transparency is ensured (e.g. dark fiber or DWDM transport).
89
Encryption Solution
802.1AE Link
DC-1
N7000-1
DC-2
N7000-2
gi 0/0/0
e1/25
55.5.5.1
gi 0/0/3
gi 0/0/3
gi 0/0/0
Self-Managed MPLS Core
e1/25
55.5.5.2
Nexus 7000
Nexus 7000
EoMPLS PW
* Remote port shutdown (ASR Only)

90
Nexus 7000 vPC Encryption Solution
DC1-Nexus7000-1
DC2-Nexus7000-1
vPC
Self-Managed MPLS Core
vPC
DC1-Nexus7000-2
DC2-Nexus7000-2
* Remote port shutdown (ASR)

91
Conclusions
TrustSec SAP (Security Association Protocol) control plane is preserved through the EoMPLS pseudowire. 802.1AE connectivity can be achieved between the two nexus 7000 through the ASR(s)/6500(s) devices with confidentiality and integrity. Such solution can be deployed to preserve data confidentiality and integrity through Nexus 7000 when interconnecting remote data-centers over an EoMPLS network.
BRKDCT-2840
Cisco Public
92
VSPA/ASR1000/ASA Solution Overview

Datacenter Interconnect with MPLSoGREoIPSec
Solution Objective
DC 1
MPLSoGREoIPSec
DC 2
Provide a high speed Layer 2 connection between two or more DCs.. Two or more redundant links are used between the DCs. VSPA Performance Three VSPAs can drive a 10 GE link with IMIX traffic. Single chassis can encrypt three 10 GE links at IMIX rates. ASR-1000 Performance ASR1000-ESP5-1.8Gbps IPSec ASR1000-ESP10-4Gbps IPSec
Leverage ECMP to load balance flows over multiple GRE/IPSec Duplicate tunnels per VSPA allow redundant 10GE links to be provisioned Inherent crypto engine HA: Traffic will rebalance in the event of a VSPA outage
ASR1000-ESP20-8Gbps IPSec
ASR1006-2/ESP20-16Gbps IPSec
ASR1006-2/ESP40 25.8Gbps IPSec ASA-5585-X Performance
IPSec 5Gbps
93
Session Agenda
IP Based Solutions
Q&A
BRKDCT-2840
Cisco Public
94
Flow Optimization and Symmetry Site Selection and Inbound Flows First Hop Outbound
Optimizing Traffic Patterns and HA Design

Many tradeoffs in understanding flows in multi-DC design Slides that follow are a specific recommendation that meets the following requirements:
Minimize inter-DC traffic to maintenance/failure scenarios Ability to extend clusters between locations (OS, FS, DB, VMware DRS, etc.)
Desire to keep flows symmetric in/out of a location for DC services (FW, LB, IPS, WAAS, etc.)
Site failure will allow failover, with IP mobility to resolve caching issues Single points of failure in gear wont cause site failover Indicate a location preference for a service to the Layer 3 network If broadcast storm in DC, limit impacts to other DCs If DCI Layer 2 adjacency fails Ability to connect to services in both DC locations (active/active per application) DNS to round-robin clients to DC Allow backup server farms with same service VIP (for backup connections on site fail) Localized HSRP (egress) Inbound traffic draw via LISP (ingress)
This is a solution in production at some customers

96
Sample Cluster Service Normally in Left DC

Default Gateway Shared Between Sites
10.1.1.0/25 & 10.1.1.128/25 advertised into L3 -EEM or RHI can be used to get very granular
Layer3 Core Layer3 Core
10.1.1.0/24 advertised into L3 Backup should main site go down
Data Center 1 Active/Standby Pairs: FW IPS NLB SSL WAN Accel
Data Center 2 Active/Standby Pairs: FW IPS NLB SSL WAN Accel
VLAN A
VLAN A
10.1.1.1 HSRP Group 1 Priority 140 and 130
Cluster Node A Cluster VLAN C (L2 Only) Cluster VLAN D (L2 Only)
Cluster Node B
-Cluster VIP = 10.1.1.100 Preempt -Default GW = 10.1.1.1

BRKDCT-2840
L2 Links (GE or 10GE) L3 Links (GE or 10GE)

Cisco Public
-Cluster VIP = 10.1.1.100 -Default GW = 10.1.1.1

97
Sample Cluster Broadcast Storm in Left DC

Layer3 Core
Data Center 1
Data Center 2
VLAN A
VLAN A
Cluster Node B


98
Sample Cluster L2 Interconnect Failure

Layer3 Core
Layer3 Core
Data Center 1
Data Center 2
VLAN A
VLAN A
Cluster Node B


99
Active/Active per Application (VIP at Either)

Data Center 1 Data Center 2
DNS: www-hr.acme.com -> 10.1.1.100 www-news.acme.com -> 10.1.2.100

VLAN A VLAN A

Cluster Node A

Cluster Node B
Cluster VLAN C (L2 Only) Cluster VLAN D (L2 Only)

-Cluster VIP = 10.1.1.100 -Cluster VIP = 10.1.2.100 Preempt -Default GW = 10.1.1.1 -Default GW = 10.1.2.1
Cisco Public
100
Active/Active per Application (VIP at Both)

Data Center 1 Data Center 2
DNS: www-hr.acme.com -> 10.1.1.100 10.1.2.100

VLAN A VLAN A

Cluster Node A

Cluster Node B
Cluster VLAN C (L2 Only)
Cluster VLAN D (L2 Only)

-Cluster VIP = 10.1.1.100 -Cluster VIP = 10.1.2.100 Preempt -Default GW = 10.1.1.1 -Default GW = 10.1.2.1
Cisco Public
101
Primary Service in Left DC DR/SRM

Movement of VM announced via VCenter
144.254.1.100 144.254.200.100
144.254.1.0/24 is advertised into L3
Layer3 Core
MAC moved Change the IP@ 144.254.200.100 144.254.1.100

Agg Public Network Agg
SNAT
VLAN A
SNAT
Access Access
VM= 10.1.1.100 Default GW = 10.1.1.1

102
Stateful Firewall Services

Layer3 Core
Data Center 1
Data Center 2
VLAN B - Outside
VLAN B - Outside
VLAN C - Inside
VLAN C - Inside
ESX Node A
VLAN A 10.1.1.x
VLAN A 10.1.1.x
ESX Node B
BRKDCT-2840
Cisco Public
103
Localized First Hop

Data Center 1
Data Center 2
VLAN A 10.1.1.x
1) Filter HSRP Message 2) Filter vMAC
VLAN A 10.1.1.x

ESX Node A

ESX Node B
-VM IP Address = 10.1.1.100 -VM Default GW = 10.1.1.1

104
Locator/ID Separation Protocol (LISP) and L2 Extension Workload Mobility

Client in LISP Site
Client in non-LISP Site
C1 D MR
C2 E PxTR B
Server-to-Server L2 traffic
A
OTV
MS
VLAN A 10.1.1.0
VLAN A 10.1.1.0
FHRP: 10.1.1.1
ESX Server A
ESX Server B
FHRP: 10.1.1.1
-Virtual-Machine-A -IP Address = 10.1.1.100 -Mask: 255.255.255.0 -Default GW = 10.1.1.1 LISP: L3 Client-to-Server
Optimize L3 Routing providing granular location information Optimized mobility within or across subnets Scale the network so host routes are in mapping database
-Virtual-Machine-A -IP Address = 10.1.1.100 -Mask: 255.255.255.0 L2 Server-to-Server -Default GW = 10.1.1.1

Optimize LAN Extensions Enable dispersion of app clusters App discovery based on MAC level broadcast and link-local multicast General application communication may require L2 connectivity
Cisco Public
L3 Router
LISP Router or infrastructure device105
Routing Based Ingress Optimization

LISP
1
VM IP Address 10.10.10.1
IP_DA = 10.10.10.1
Ingress Tunnel Router (ITR) 6

IP_DA = 10.10.10.1 IP_DA = C
IP_DA = 10.10.10.1
IP_DA = B
Encap Prefix (EID) Route Locator (RLOC)

Moved to C, D A, B
ISP A
Data Center 1
ISP B
Data Center 2
10.10.10.1
B
ETR
3
Decap
10.10.10.2
A, B
7 Decap
C 5
ETR
IP_DA = 10.10.10.1
10.10.10.5 10.10.10.6
C, D C, D
IP_DA = 10.10.10.1
Agg
LAN Extension
Agg
Access
Access
4
VM= 10.10.10.1 Default GW = 10.10.10.1002011 Cisco and/or its affiliates. All rights reserved. BRKDCT-2840
Cisco Public
VM= 10.10.10.1 Default GW = 10.10.10.100
106
Session Agenda
IP Based Solutions
Q&A
BRKDCT-2840
Cisco Public
107
Summary
Discussed different deployment options and transport options Tightly coupled Data Center with FabricPath Spanning-tree isolation
Traffic Optimization Egress and Ingress Symmetry

Encryption Solutions
BRKDCT-2840
Cisco Public
108
Q&A
Recommendations
Recommended Reading
NX-OS and Cisco Nexus Switching (ISBN: 1587058928), by David Jansen, Ron Fuller, Kevin Corbin. Cisco Press 2010. Interconnecting Data Centers Using VPLS (ISBN-10: 1-58705-992-4; ISBN-13: 978-158705-992-6), by Nash Darukhanawalla, Patrice Bellagamba . Cisco Press. 2009. MPLS Fundamentals (ISBN: 1-58705-319-5), by Luc De Ghein, Cisco Press. 2007. Layer 2 VPN Architectures (ISBN: 1-58705848-0), by Wei Luo, Carlos Pignataro, Anthony Chan, Dmitry Bokotey. Cisco Press. 2005. Cisco LAN Switching Configuration Handbook (2nd Edition) (ISBN-1587056100; ISBN-13: 978-1587056109), by Steve McQuerry, David Jansen, David Hucaby, Cisco Press. 2009.
Available Onsite at the Cisco Company Store

110
Recommendations
Check the Recommended Reading flyer for suggested books
Additional Information on LISP:

http://www.lisp4.net http://lisp4.cisco.com http://www.cisco.com/go/lisp
Available Onsite at the Cisco Company Store

111
Complete Your Online Session Evaluation

Receive 25 Cisco Preferred Access points for each session evaluation you complete. Give us your feedback and you could win fabulous prizes. Points are calculated on a daily basis. Winners will be notified by email after July 22nd.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Dont forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and ondemand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.
BRKDCT-2840
Cisco Public
112
Visit the Cisco Store for Related Titles http://theciscostores.com
BRKDCT-2840
Cisco Public
114
Thank you.
BRKDCT-2840
Cisco Public
115

BRKDCT-2840 Data Center Networking Taking Risk Away From Layer 2 Interconnects

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

BRKDCT-2840 Data Center Networking Taking Risk Away From Layer 2 Interconnects

Загружено:

Авторское право:

Доступные форматы

Minimizing the Risks With Enterprise Multi-Site Data Center L2 Connectivity

Session BRKDCT-2840 Abstract

Goals of This Session

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

Data Center Interconnection Common Scenarios and Terms

Data Center Interconnection Common Scenarios and Terms

2011 Cisco and/or its affiliates. All rights reserved.

Layer 2 Use Cases

Virtual machine mobility

Legacy devices/apps with embedded IP addressing

Data Center co-location

In general Cisco recommends L3 routing for geographically diverse locations

2011 Cisco and/or its affiliates. All rights reserved.

Layer 2 Solution Types

Purchase multiple wavelengths from SP

Operational differences and MST database management

2011 Cisco and/or its affiliates. All rights reserved.

Layer 2 Solution Types (Cont)

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

Dark Fiber / DWDM Solutions

Layer 2 Prerequisites for All Options

2011 Cisco and/or its affiliates. All rights reserved.

Layer 2 Extension Without Tunnels/Tags (vPC/VSS)

Data plane rate limiting in L2 still needs protection

2011 Cisco and/or its affiliates. All rights reserved.

vPC / VSS Design

L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber

2011 Cisco and/or its affiliates. All rights reserved.

vPC / VSS L2 View

2011 Cisco and/or its affiliates. All rights reserved.

vPC / VSS Design

2011 Cisco and/or its affiliates. All rights reserved.

vPC / VSS L2 View

All links are port channels to Central VSS

2011 Cisco and/or its affiliates. All rights reserved.

vPC and Layer 3

L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber L3 Peer

vPC and Layer 3

L2 LH Fiber/DWDM L3 LH Fiber/DWDM L2 Local Fiber L3 Local Fiber L3 Peer

FabricPath Design (Partial/Full/Ring Topology)

Conversational MAC Learning

FabricPath Core FabricPath Data Center #1 Agg w/vPC+

2011 Cisco and/or its affiliates. All rights reserved.

2011 Cisco and/or its affiliates. All rights reserved.

EoMPLS (Ethernet Over MPLS)

2011 Cisco and/or its affiliates. All rights reserved.

Virtual Private LAN Service (VPLS)

Virtual Forwarding Instance (VFI)

Address Learning / Aging

Calculating Core MTU Requirements

2011 Cisco and/or its affiliates. All rights reserved.

End to End VPLS and EoMPLS Design

Layer 3 Core Intranet

WMC1 DC Core Po1 WAgg1

VPLS / EoMPLS Domain

2011 Cisco and/or its affiliates. All rights reserved.

Access to Aggregation Connections

2011 Cisco and/or its affiliates. All rights reserved.

Layer 3 Aggregation and Core Connections

Layer 3 Enterprise Core

Bidirectional forwarding detection (BFD) interval 100 min_rx 100 multiplier 3