DCNA - Cisco...Red-grp1 Red-grp2 Red-grp3 Red-grp4 Application Redundancy -- Inter-Context FT VLAN TRP protocol packets Heart-beats Configuration sync packets State replication packets

© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 1

DCNA An application of SONA


Business Challenges

IT Solutions

How is IT responding to business drivers?

Flexible Application Deployments

Business Agility

Simplification

Differentiation

Meshed Composite Applications

IT is creating custom solutions to support business drivers


SONA Framework N

etw

ork

Syst

ems

Lay

er

Network Systems

Data Center Campus Branch


“SONA is an architectural approach to connect Network Services to Applications to deliver Business Solutions.”

What Is SONA?


Path Towards SONA Three Phases Approach

AUTOMATION

Storage

Network

Compute

Dynamic Provisioning and Information Lifecyle Management (ILM) to

Enable Business Agility

Business Policies On-Demand

Service Oriented VIRTUALIZATION

Storage Network Compute

Enterprise Applications

Management of Resources Independent of Underlying Physical Infrastructure to

Increase Utilization, Efficiency and Flexibility

Data Network

Server Fabric

Network

Centralization and Standardization to

Lower Costs, Improve Efficiency and Uptime

CONSOLIDATION

LAN WAN MAN

SAN

Storage Network

Intelligent Information

Network

HPC Cluster GRID


  Applications generally perform well in LAN environments as few barriers exist to application performance High bandwidth Low latency Reliability

  WAN characteristics hinder performance and consolidation efforts Already congested Low bandwidth Latency Packet Loss

The WAN Is A Barrier To Consolidation

Round Trip Time (RTT) ~ 0mS

Client LAN Switch Server

Round Trip Time (RTT) ~ many many milliseconds

Server Client LAN Switch LAN Switch

WAN


Cisco WAAS - Overcomes the WAN

  Cisco WAAS is a solution that leverages a hardware footprint (WAE) in the remote office and in the data center to overcome application performance problems in WAN environments and enable infrastructure consolidation

Data Center

Remote Office

Remote Office

Remote Office

WAN

Optimized Connections

Optimized Connections


Traditional WAN Optimization: Not Seamless, but Disruptive to Existing Network

WAN NAS

Client Workstation LAN Switch WAN Router WAN Router Edge Device Core Device Firewall Firewall

LAN Switch Origin File Server

A B Preservation of IP and TCP Header Information

QoS NBAR

NetFlow ACL NAT

Security Filter VPN

Optimization Tunnel

Traditional WAN Optimization changes header information

Result: • Services may not work • Extra integration required • Risk of downtime due to dedicated links

Traditional WAN Optim.


Cisco WAAS: Seamless Network Integration, Service Preservation

IP Network NAS

Client Workstation LAN Switch

LAN Switch

Edge WAE Core WAE

A B Full Preservation of IP and TCP Header Information

Data Center Scalability

Transport and Flow Optimizations Data Redundancy Elimination Accelerates ALL TCP Traffic

Robust Application Adapters to Offload

WAN and Data Center Local Services

Firewall Firewall

Security Filter VPN

WAN Router

QoS NBAR

NetFlow ACL NAT

WAN Router

Visibility NetFlow

QoS Cisco WAAS


Cisco WAAS, QoS, and Enterprise VoIP

  Cisco WAAS enables enterprise VoIP deployments by easing the contention for available bandwidth resources and complying with network-based end-to-end QoS

WAN

Without WAAS (QoS only)

WAN

VoIP

Scavenger

Email

ERP VoIP

Scavenger Email ERP

Additional Available Capacity!

With WAAS and QoS


Data Center Integration with Cisco ACE

  Application Control Engine (ACE) Provides transparent integration of Cisco WAAS into the datacenter, server load-balancing, and asymmetric application optimization Scales from 1Gbps to 64Gbps, up to 16 million TCP connections

  ACE Features and Benefits Catalyst 6500 series module or standalone appliance form factor Solution for scaling servers, appliances, and network devices Virtual partitions, flexible resource assignment, security, and control Asymmetric application optimization complementing WAAS

Cisco Application Control Engine 4710 Appliance Series

Cisco Application Control Engine Linecard for the Catalyst 6500 Family


Path Towards SONA: Virtualization

 What is virtualization? –  A logical rather than physical view of

data, storage, network, and other resources presented independently of location, packaging, or capacity

–  One Network Supports many physical resources: simplifies operations, reduces cost

–  One Network Consolidates all types of resources for increased flexibility (data, voice, video, storage)

 Benefit: flexible configuration and management of all infrastructure resources to reduce costs and increase agility


DCNA - Network Virtualization Framework

Access Control Path Isolation Services Edge WAN – MAN - Campus

Functions Branch - Campus Data Center - Campus Identify & authenticate

client (user, device, app) attempting to gain network access

Isolate into a Segment

Grant _controlled_ access or prevent access

1.

2.

3.

Map client VLAN to transport technology

Transport client traffic through isolated path

Terminate isolated path @ destination edge

1.

2.

3. VRFs

GRE

IPSec

MTR L2TPV3

MPLS

Map isolated path to destination VLAN

Apply policy at VLAN entry point

Isolate Application environments

1.

2.

3.


Path Isolation

 Device Virtualization Control Plane Virtualization Data Plane Virtualization Management Virtualization

 Data Path Virtualization Single-hop Multi-hop

802.1q DLCI VPI/VCI PW, VFI

Tags / circuits

Tags / circuits


Campus Network Virtualization Path Isolation Technologies

Access Control Path Isolation Policy Enforcement

Layer 2 Access Infrastructure

Layer 3 Core

VRF-Lite MPLS

ACLs/PBR GRE

•  Builds on existing campus protocols

•  Medium complexity •  Scales up to a dozen

segments

• Widely deployed • Seamless services integration • Limited scalability • High complexity

• Builds on existing campus protocols

• Limited scalability • Medium complexity

•  High scalability (256+ segments)

•  High complexity •  Requires new

protocol


  IPSec VPNs are replacing traditional WAN media to save costs and enable new work habits

 Common design issues for both Remote VPN and Branch-to-DC deployments

 QoS critical in key areas

 Design IPSec VPNs with QoS today to transport VoIP tomorrow

 Deploy broadband and IPSec VPNs so WORK IS AN ACTIVITY—NOT A PLACE

Application of V3PN

V3PN

QoS


VTI Consideration

Branch Router

Data Center

Branch Connection

via WAN


VTI - IPSec

Virtual Tunnel Interface:  VTI feature enables Implementing QoS features

from crypto head-end to branch routers.  Provides a routable interface Interface Tunnel 0  Supports per-tunnnel features / peer (session)

configurations  Supports Encryption of IP Multicast  Head-end routers only need Virtual Templates, not

pre-configured tunnel interfaces  Load balancing function of Routing Protocol


Business QoS objectives need to be defined: • Is the objective to enable VoIP only, or is video also required? • If so, is video-conferencing required streaming video or both? • Are there applications that considered mission-critical? If so, what are they? • Does the organization wish to squelch certain types of traffic? If so, what are they? • Does the business want to use QoS tools to mitigate DoS/worm attacks? • How many classes of service are needed to meet the business objectives? Because QoS introduces a system of managed unfairness, most QoS deployments inevitably entail political and organizational repercussions when implemented. To minimize the effects of these non-technical obstacles to deployment, address these political and organizational issues as early as possible, garnishing executive endorsement whenever possible.

A successful QoS deployment includes three key phases: 1)   Strategically defining the business objectives to be achieved via QoS 2)   Analyzing the service-level requirements of the traffic classes 3)   Designing and testing QoS policies

Classify, mark, and police as close to the traffic-sources as possible; follow Differentiated-Services standards, such as RFC 2474, 2475, 2597, 2698, and 3246.

Provision queuing in a consistent manner (according to platform capabilities).

  No “one-size fits all”   Smooth/Bursty   Benign/Greedy   TCP Retransmits/

UDP does not

Data

  Unpredicable Flows   Drop + Delay Sensitive   UDP Priority   150 ms one-way delay   30 ms jitter   1% loss   Overprovision stream by

20% to account for headers + bursts

Video

  Predicable Flows   Drop + Delay Sensitive   UDP Priority   150 ms one-way delay   30 ms jitter   1% loss   17 kbps-106 kbps VoIP +

Call-Signaling

Voice

Voice

Scavenger

Best Effort

Bulk

Streaming-Video

Mission-Critical

Routing

Interactive- Video

Call-Signaling Net Mgmt

Transactional

Real-time ≤ 33%

Critical Data

Best Effort ≥ 25%

Thoroughly test QoS policies prior to production-network deployment.

Application L3 Classification PHB DSCP

Routing CS6 48 Voice EF 46

Interactive Video AF41 34 Streaming Video CS4 32 Mission Critical AF31 26 Call-Signalling CS3 24

Transactional Data AF21 18 Network Mgmt CS2 16

Bulk Data AF11 10 Scavenger CS1 8 Best Effort 0 0

1)   Strategically defining the business objectives to be achieved by QoS

2) Analyze the application service-level requirements. 3) Design and test the QoS Policies.

QoS Best Practices


DC 3.0 - DCNA IT

Rel

evan

ce a

nd C

ontr

ol

Application Architecture Evolution

Data Center 1.0 Mainframe

CENTRALIZED

Data Center 2.0 Client-Server and

Distributed Computing

DECENTRALIZED VIRTUALIZED

Data Center 3.0 Service Oriented and

Web 2.0 Based

IP Routing

LAN Switching SLB / Firewall

Storage Switching

App Delivery

Server Switching

Service

Orchestration


DCNA - Data Center Virtualization

IP FC

SAN FC

Network Virtualization VLAN, VRF, MPLS, GRE Independent Path/Policies for Network Segments

Network Service Virtualization

Firewall, Load Balancer, SSL Independent Network Services & Policies for Application

Storage Virtualization VSAN, Storage Independent Storage for Individual Application

Server Virtualization CPU, IO, Server Fabric Independent Compute Resources wrt Application Services


ACE compliments Green DCNA - Improving Power, Cooling, and Rack Space

8 Isolated Applications at 2GB Throughput Each

16X

Power Consumption

15X

Mid-Size Enterprise

32 Isolated Applications 4 ACE Modules OR

Products •  12 KW increase for

Competing Solution

•  Five year Power and Cooling savings:

$335K-$419K

ACE Savings

32 Low-End Competing

Devices

Physical Rack Space


Green DCNA - Most Robust Application Availability

Physical Redundancy – Inter-chassis

ACE ACE

Catalyst 6500 Catalyst 6500

Physical Redundancy – Intra-chassis

ACE

ACE

Catalyst 6500

A B ACE-1

ACE-2

Active Active

C D Active Active

C’ D’ Standby Standby

A’ B’ Standby Standby

Red-grp2 Red-grp1 Red-grp3 Red-grp4

Application Redundancy -- Inter-Context

FT VLAN TRP protocol packets Heart-beats Configuration sync packets State replication packets

Failover Tracking •  HSRP •  Interface up / down •  Multiple probes with priority


Introducing Cisco Validated Designs Building Blocks for SONA Solutions

3 Types of CVDs   Network Services (Mobility, Security, Unified Communication)   Industry Solutions (Retail PCI, Healthcare Translation…)   Places in the Network (Campus, Data Center, Branch)

Campus Data Center

Enterprise Edge

WAN/MAN

Branch

Teleworker


Services Edge

  Provide access to resources/subnets Shared – by multiple VNs Dedicated – to a single VN

  VN Specific logical policy services - Dedicated per VN   Resource Specific policy services - Shared across VNs   Fusion routing

Access shared resources Inter-VN communication

Services Resources VNs

Shared Resource specific

VN specific User VN

Extranet VN

User VN

User VN

User VN

VN/resource specific

VN specific Shared

Dedicated

Fusion Router


Shared Services & Inter-VPN Communication FW + Fusion Router

  Fusion router: Inter-VPN connectivity Shared resource connectivity

Internet, servers, etc.

  FW contexts: VPN isolation / protection Per VPN policies: ACL, NAT … 256 contexts per FW Map to VLANs

  Shared services available: On their own VPN (distributed) Off the transit router or DMZ (centralized) Access is always centralized

I-Net

PE

Shared Services

FWSM DMZ

Shared Services

VPN A

VPN B

VPN C

VPN D

VRF A

VRF B

VRF C

VRF D

Fusion Router


Understanding VRFs Route Targets

  Import/export routes to/from MP-BGP updates   Globally significant—creates the VPN   Allows hub and spoke connectivity (central services)

VRF Export 3:3 Import 3:3 Export 2:2 Import 1:1

Export 3:3 Import 3:3 Export 2:2 Import 1:1 VRF

VRF

VRF Export 3:3 Import 3:3 Import 2:2 Export 1:1

VRF VRF Red – any-to-any Blue - Hub-n-spoke


Shared Services Extranet VPN Multiple-box Extranet Implementation

Bi-Directional Communication Between All VRFs and Central Services VRF   Central services routes imported into both

VRF red and blue (1:1)

  Central VRF imports routes for blue and red subnets (3:3, 2:2)

  No routes exchanged between blue/red

  No transitivity: imported routes are not “re-exported”

Blue and red remain isolated

VRF Export 3:3 Import 1:1 Export 2:2 Import 1:1

Export 3:3 Import 1:1 Export 2:2 Import 1:1 VRF

VRF

VRF

Import 3:3 Import 2:2 Export 1:1

VRF

Shared Services


Virtual

Blue

Path Towards SONA: Automation Dynamic Network Provisioning

Physical Campus LAN

Red

Virtual Virtual

Green

Security Policy QoS Policy Security Policy

QoS Policy Security Policy QoS Policy

User Authenticated Or,

MAC Authenticated Assignment

Static Port Assignment

Application Assignment


Summary: The Network as a Platform - DCNA

  IT need not be a cost centre but a strong driver for business by addressing key challenges with DCNA which offers:

1)   Business agility   Ability to response rapidly to varying economic condition   Ability to adjust rapidly to the changes in a business

environment 2)   Differentiation from traditional business

  Enabling SLAs with ease and permits to create layers of differentiated services

  Address time to market issues   Address regulatory compliance that could impact future

business 3)   Operation Simplification

  Reduce Opex and Capex through Consolidation, Virtualization and Standardization with an architectural approach validated by Cisco.


Summary: The Network as a Platform

Business Architecture

Business Agility Company Differentiation Process Simplification

Technology Architecture

Consolidation Virtualization Automation

Service Oriented Network Architecture


Summary: DCNA Reference Design


Documents

DCNA - Cisco...Red-grp1 Red-grp2 Red-grp3 Red-grp4 Application Redundancy -- Inter-Context FT VLAN TRP protocol packets Heart-beats Configuration sync packets State replication packets