Architektury přepínaných sítí,ftp.cisco.cz/Seminare/...CA-IA-LANdesign-RadekBoch.pdf ·...

Cisco Public © 2010 Cisco and/or its affiliates. All rights reserved. 1

Architektury přepínaných sítí, aneb jak reagovat na stávající trendy v IT

Radek Boch Systems Engineer, Cisco, [email protected] CCIE #7095

7.11.2013

mailto:[email protected]

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

• Campus Deployment Models

• Design Options

• Traditional Access

Multilayer

Routed

VSS

• Converged Access

• Instant Access

• Summary

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services

Block

Deployment Models

SiSi SiSi SiSi

2


Unified Access

Centralized Wireless

SiSi SiSi

Traditional Access

Dis

trib

ute

d W

ire

d

Instant Access C

en

tra

lize

d W

ire

d

IA

VSS

Cisco Prime Infrastructure

One Management Cisco ISE One Policy

Distributed Wireless

Converged Access

SiSi SiSi

Dis

trib

ute

d W

ire

d

Centr

aliz

ed W

ired

VS

S

VSS

MAMAMA

MAMAMA

MAMAMA

MAMAMA

MAMAMA

MAMAMA


Wireless APs

Cisco Catalyst

6800/VSS

Cisco Catalyst 4500E, Cisco Catalyst 3850, 3650

WISM2/ WLC

WLC

Identity Services Engine


What does it really mean?

Secure Group Access to Simplify the Network and Enable Virtualized Data

Center Services

Reduce Operating Expenses and Improve Network Application and Service

Delivery

Maximized Network Availability with Virtual Switching and Stateful Switch

Over

Application-Aware Networking to Enable Collaboration, Video, and Other

Apps

KEY SERVICES FOR UNIFIED ACCESS DEPLOYMENT

Current Platforms


odpovědí/posluchači odpovědí/posluchači [%]

Nejdůležitějším kritériem je pro mne:

Rozšiřitelnost kapacity do budoucna 14/41 34%

Jednoduchost používání 5/41 12%

Jednoduchost nasazení 3/41 7%

Léty prověřené technologie 5/41 12%

Univerzálnost řešení (množství dostupných funkcí) 10/41 24%

Dlouhá životnost zařízení 12/41 29%

Snadná migrace / zpětná kompatibilita 6/41 15%

Jiná, než uvedené možnosti 0/41 0%

bez odpovědi 19/41 46%



• Design Options


Multilayer

Routed

VSS


• Instant Access

• Summary

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services

Block

Deployment Models

SiSi SiSi SiSi

6


MULTILAYER CAMPUS DESIGN

Wireless LAN Controller

Cisco Prime/LMS

CAPWAP

Tunnel

Considerations

Highly Available Network Design

L2/L3 Protocol Tuning Required

Protocol Alignment Required

Deployment Flexibility

Well Understood Deployment

Access

Distribution

Backbone

Core

CPE

ISE


Benefits

• Well understood and well documented design with many years worth of deployment history

• Uses industry standard protocols such as Rapid Spanning Tree Protocol

• Cisco differentiating enhancements enable sub-second or near sub-second network convergence

• VLAN based traffic load sharing across multiple uplink interfaces

• Allows for multi-vendor environment

• Flexible equipment costs from low to high end

Challenges

•Requires significant configuration tuning to achieve sub second network convergence

•Requires significant complexity when adding VLAN or VRF segmentation

•All switches managed individually

•Large scale VLAN deployments increases baseline CPU utilization

•Complex – Alignment of Spanning Tree, Routing, and Default Gateway Redundancy required

•Spanning Tree Liability


VSS CAMPUS DESIGN

Cisco Prime/LMS

Considerations

Less Protocol Tuning Required

Efficient Resource Utilization

Higher Resiliency

with Quad Sup VSS

Access

Distribution

Backbone

Core

CPE

Fewer Routing Peers

CAPWAP

Tunnel

ISE


Standalone/Stack


Benefits

•Simplified network design with a single logical distribution layer device

•No First Hop Redundancy Protocol needed

•Ether channel based traffic load sharing across multiple uplinks

•Allows for extending VLANs across multiple access layer switches without creating STP blocking links and liability

•Supports sub-second convergence

•Allows for multivendor access switches

•Distribution Switches managed as One Entity

Challenges

•Cisco proprietary solution (VSS), requires Cisco switches in the distribution layer

•Access switches managed individually

•May require Etherchannel hash tuning (older hardware) for most efficient path utilization


MULTILAYER CAMPUS DESIGN

Cisco Prime/LMS

CAPWAP

Tunnel

Access

Distribution

Backbone

Core

CPE

Considerations

Single Control Plane

Simplified Network Recovery

Additional IP Address Usage

Common Set of Troubleshooting Tools

VLAN’s Constrained to WC

ISE



Benefits

•Single control plane = less complexity

•Less protocol tuning required for sub-second convergence (protocol dependent)

•Common set of troubleshooting tools

•ECMP default behavior for efficient utilization of available links and fast convergence

•Avoids flooding downstream

•No FHRP required

•No trunking required

•Permits VLAN ID reuse

•Simplified multicast topology

Challenges

•Requires additional IP address management and utilization

•VLAN’s limited to wiring closet – can not span VLAN’s across closets

•May require ECMP/CEF hash-tuning for most efficient path utilization (older hardware)

•RSPAN not possible (ER-SPAN required)


FIXED MODULAR

BACKBONE

ACCESS

Catalyst 6500-E

Catalyst 6807-XL

Catalyst 4500-E Sup8E, Sup7E Lite

6880-X

3850

3650

2960-X

Catalyst 4500-E Sup8E

4500-X


Catalyst 2960-X

10G/1G SFP+/SFP

80G FlexStack+,

8 Stack Members

Full PoE, PoE+

IPv6 FHS

NetFlow Lite

Advanced Layer 2

STACKABLE

Catalyst 2960-XR

2960-X Features plus:

IP Lite – L3/Routing

Redundant PSU

Advanced Layer 2/3

STACKABLE + RESILIENT

F ea tu re L ead ersh i p an d C i sco Q u a l i t y a t Co mp et i t i ve Prices

EASE-OF-USE ROBUST

SECURITY

ENHANCED

LIFETIME WARRANTY

ENERGY

EFFICIENCY

LOWER

TCO

Catalyst 2960-Plus

1G SFP/BASE-T Uplinks

802.3af PoE

Layer 2

Stand-alone

Catalyst 2960-SF

1G SFP Uplinks

40G FlexStack

Full PoE, PoE+

IPv6 FHS

Advanced Layer 2

STACKABLE

Fast Ethernet Gigabit Ethernet

FCS May ‘13

FCS Jul ‘13 FCS Aug ‘13

FCS Sep ‘12



• Design Options


Multilayer

Routed

VSS


• Instant Access

• Summary

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services

Block

Deployment Models

SiSi SiSi SiSi

15


Early 2000 2002 2004 2006 2008 2010 2012 2014 …

CL

IEN

TS

/ B

AN

DW

IDT

H

Media Rich Applications Pervasive Mission Critical Nice to Have


Early 2000 2002 2004 2006 2008 2010 2012 2014 …

CL

IEN

TS

/ B

AN

DW

IDT

H



Early 2000 2002 2004 2006 2008 2010 2012 2014 …

CL

IEN

TS

/ B

AN

DW

IDT

H


10Gbps

11Mbps

802.11n

450 Mbps

802.11a, 802.11b

11 Mbps

802.11g

54 Mbps

802.11ac-1

1 Gbps

802.11ac-2

3.5 Gbps

Future


Early 2000 2002 2004 2006 2008 2010 2012 2014 …

CL

IEN

TS

/ B

AN

DW

IDT

H


10Gbps

11Mbps

802.11n

450 Mbps

802.11a, 802.11b

11 Mbps

802.11g

54 Mbps

802.11ac-1

1 Gbps

802.11ac-2

3.5 Gbps

Future


Multilayer, VSS, or Routed Access

WiSM2,5508,8510*,3850,

3650, 5760

Cisco Prime

ISE

MA

MC/MO

*8510 will support MC functionality with the 8.0 release

Considerations

Single QoS Model for Wired/Wireless

Complete visibility in to wireless traffic

Consistent Services for wired/wireless

No external controller for

up to 250 AP’s

Future proof for 802.11ac, …

Access

Distribution

Backbone

Core

CAPWAP

Tunnel Multilayer or Routed Access

Supported


Benefits

•Can be deployed with existing traditional wireless architecture for ease of migration

•3850/3650/4500E* can terminate CAPWAP as the Mobility Agent with existing 5508, WISM2, 3850, 3650*, 5760, 8510* acting as the Mobility Controller.

•Single QOS model for Wired and Wireless on 3850/3650/4500E*

•Provides Flexible Netflow across all ports for wired and wireless

•Supports Multicast better based on how CAPWAP is terminated

Challenges

•Multiple management and troubleshooting points for Wireless (will be improved)

•Prime and WEBGUI to catch-up some functionality (will be fixed)

•Wired Migration blockers between 3850 and 3750x (is almost fixed)

•Wireless Migration blockers between AireOS & IOS (will be fixed)

*Roadmap


• Modular QoS based CLI

Alignment with 4500E series (Sup6, Sup7)

Class-based Queueing, Policing, Shaping, Marking

• More Queues

Up to 2P6Q3T queuing capabilities

Standard 3750 provides 1P3Q3T

Not limited to 2 queue-sets

Flexible MQC Provisioning abstracts queuing hardware

DMZ

ISE Prime

3850/3650

23 Employee Guest

BRANCH

WAN

INTEGRATED

CONTROLLER

Branch/Small Deployments with Converged Access

Single platform for wired and wireless

Wired and wireless traffic visibility at every hop

Consistent security and QoS control

Maximum resiliency with fast stateful recovery

Scale with distributed wired and wireless data

plane (480G Stack/40G wireless per switch)

• Allows for Advanced QoS, WAN optimization,

NetFlow, and other services for wireless and wired traffic

• Supports Layer 3 roaming

• Good availability due to MA/MC redundancy within the 3850

stack – provides wireless continuity with either WAN outage or

switch failure within the stack

50 – 250

AP’s

Multilayer or

Routed Access


ISE Prime

Access Points

Scale:

•Deployments greater than 16k wireless clients and 250 APs

•Up to 72k APs, 864k clients within a Mobility Domain.

Migration:

AP Capwap Tunnels Mobility Tunnels

Catalyst 3750

Mobility Domain

Catalyst 3750


ISE Prime

Access Points

Scale:



Migration: •Software Update on existing 5508 or Wism2 to release 7.3


Catalyst 3750

Code Upgrade on 5508 or wism2

Mobility Domain

Catalyst 3750


ISE Prime

Access Points

Scale:




• Access Switch Refresh – Catalyst 3850/Catalyst 4k with Sup 8-E


Code Upgrade on 5508 or wism2

Mobility Domain

New Catalyst 3850

MC

MA


ISE Prime

Access Points

Scale:





•Wireless Controller Replacement


Mobility Domain

New 5760

New Catalyst 3850

MC

MA


ISE Prime

Access Points

Scale:





•Wireless Controller Replacement

Benefits:

•Investment Protection with existing WLC code update

•Works seamlessly with Cisco’s Campus Deployment Best

Practices

•Phased Adoption : Interoperable with existing deployment


Mobility Domain

New 5760

New Catalyst 3850

MC

MA

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

Base Stackable Switch

Industry-Leading Switching - Deployment Choices, Flexibility, Affordability

Performance and Investment Protection

Advanced F

unctionalit

y

Catalyst 3650

High Performance Stackable Switch Highly Adopted Switching Platform

Catalyst 3850 Catalyst 4500E with Supervisor 8-E

STACKABLE SWITCHES MODULAR SWITCHES

APs support

• Modular Uplinks • 25 APs

• Modular 160G Stacking

Bandwidth

• Fixed Uplink

Stacking Bandwidth

• Modular 8 x 1 / 10G Uplinks

(928Gbps)

Bandwidth



• Design Options


Multilayer

Routed

VSS


• Instant Access

• Summary

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services

Block

Deployment Models

SiSi SiSi SiSi

31


1000 Port Campus Distribution Block

Cisco Prime

Managed Devices = 20+

ISE


1000 Port Campus Distribution Block

Considerations

Satellite device capable of Stacking, POE+

Single Point of Management, Configuration

and Troubleshooting

Simplified Network design for

VLANs and port channels

Agile Infrastructure to add new features

uniformly across Access Layer

A Single Image to deploy and manage

across Distribution Block

REDUCED TCO

Cisco Prime

Managed Devices = 1

ISE


TAG IA Client Interface

VIF1 IF1

VIF2 IF2

Ingress Mapping

IA Parent

IA Client

Hosts

Host-1 Host-2

Switch-3

IF1 IF2

F101

TAG: Virtual NIC Tag VIF – Virtual Interface

(VIF1) (VIF2)

• Automatically assigned

• One VIF to each host port

• One VIF to each Etherchannel

• One VIF to FEX CPU for Control Channel

• IA Parent VIF = 0

• Multicast/Broadcast: Pointer to Replication

Table in IA Client


Host-1

MAC1

Host-2

MAC2

Switch-3 IF2

F101

(VIF2)

SA=MAC1, DA=MAC2+ Payload

IF1

(VIF1)


VNTAG

SVIF = 0, DVIF = VIF2


VNTAG

SVIF = 0, DVIF = VIF2





VNTAG

SVIF = VIF1 DVIF = 0

VNTAG

SVIF = VIF1 DVIF = 0




Benefits

•Provides Single point of Management, Configuration and Troubleshooting for Distribution block

•Simplified distribution block design, eliminates configuration on the uplinks

•Simplified image management and qualification

•6K – IOS Feature Robustness available @ Access

•Can be used with Traditional or Converged Access (mix of Cat6848ia and Cat3850 @ Access)

•Provides solution for customers who need MPLS in access layer

Challenges

•Currently limited to distribution block design of 1000 ports

•Large amounts of east-west traffic would increase uplink bandwidth utilization (Over subscribed to start)

•Only supported with VSS configuration ( supported with single switch in VSS mode )

•Access Feature differences/lag between 6k and traditional access platforms 2k/3k/4k

•Converged Access not available in combination with Instant Access (Cat6848ia does not do CAPWAPP termination, Cat3850 does not do Satellite)


• Distribution Pair of Cat 6800/6500/Sup2T in VSS Mode

Requires 6904 Line card with 4X Adapter and SFP+

Requires IP Services License or greater

Minimal Parent configuration single 6500 in VSS mode

• 10G Links to the Client Required

Can be SR, LR, LRM, ER

Up to 60G MEC between Client stack and Parent

• Catalyst 6848ia Client Switches

6848ia supports Stacking up to 3 clients (5 in Phase 2)

144 ports per stack (240 ports Phase 2)

PoE+, non-PoE variants

• Can Support Switches off of the Client Ports

These would be treated as standalone switches, not managed by 6500

No support for cascaded IA Clients

Instant Access

Parent

Instant Access

Clients

6800/6500 VSS

6848ia

6848ia

6848ia

10G Fabric Links


FIXED MODULAR

BACKBONE

ACCESS

Catalyst 6800ia

Not Applicable

Catalyst 6500-E

Catalyst 6807-XL 6880-X


160G/slot

6900

SPEED CARD

80G/slot

New 10/40G

New 100G 200G/slot

92G/slot

6900

SPEED CARD

80G/slot

New 10/40G

New 100G 92G/slot



• Design Options


Multilayer

Routed

VSS


• Instant Access

• Summary

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services

Block

Deployment Models

SiSi SiSi SiSi


Unified Access


SiSi SiSi

Traditional Access

Dis

trib

ute

d W

ire

d

Instant Access C

en

tra

lize

d W

ire

d

IA

VSS




Converged Access

SiSi SiSi

Dis

trib

ute

d W

ire

d

Centr

aliz

ed W

ired

VS

S

VSS

MAMAMA

MAMAMA

MAMAMA

MAMAMA

MAMAMA

MAMAMA


Unified Access


SiSi SiSi

Traditional Access

Dis

trib

ute

d W

ire

d

Instant Access




Converged Access

SiSi SiSi

Dis

trib

ute

d W

ire

d

Centr

aliz

ed W

ired

VS

S

VSS

MAMAMA

MAMAMA

MAMAMA

MAMAMA

MAMAMA

MAMAMA

VSS

MA


• Solution Value-Proposition

Unified Management, Visibility and Control for Wired/Wireless

Policy and Management for Wired/Wireless (ISE and Prime)

Control and visibility to the network edge – Advanced QoS, Netflow, Wireshark

Hierarchical and Fair BW Mgmt (per-AP/radio/SSID/user/application), AFD

Scalable for evolving network demands

Distributed Wired & Wireless for increased BW Scalability

• Platform Value-Proposition

Resilient Access Layer

High BW Capacity – 40G Wireless, 480G Stackwise+, 928G Sup8/4500E

Local/Cross-Stack switching

Dual Hot-swappable PS

Stackpower for load-sharing and Resilience

MAMAMA

Converged Access

Scale, Bandwidth,

Control, Visibility,

Resilience

VSS


• Solution Value-Proposition

Simplified Ordering/Design

Only decisions are PoE/non-PoE, Oversubscription, Dual Sup, SFP’s

Simplified Deployment

Zero-touch Client Deployment (Auto Image Download)

Reduced Configuration – eliminate redundant config (TACACS, NTP)

Centralized Wired and Wireless

Simplified Management

Single Image for Distribution and Edge

Consistent features at Distribution and Access

Prime Infrastructure and ISE integration

• Platform Value-Proposition

Leaf inherits Advanced functionality of 6500

Such as: L3 Routing, TrustSec, FNF, MPLS/VRF

Instant Access

Simplicity,

Reduced Touch Points

VSS


Access Platforms Deployment Mode Priorities


odpovědí/posluchači odpovědí/posluchači [%]

Podle mého názoru vidím největší uplatnění:

Converged Accessu (WiFi klient jako další “virtuální” port na přepínači) 11/38 29%

Instant Accessu (“jeden velký” přepínač) 9/38 24%

Hierarchického modelu s VSS/stohováním (každá vrstva jako “jeden” přepínač) 9/38 24%

Hierarchického modelu s využitím Spanning Tree 1/38 3%

Hierarchického modelu s L3 v přístupové vrstvě (Routed Access) 3/38 8%

bez odpovědi 17/38 45%

Thank you.

Date post:	04-Jun-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Architektury přepínaných sítí,ftp.cisco.cz/Seminare/...CA-IA-LANdesign-RadekBoch.pdf ·...

Documents