Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 1
DCNA An application of SONA
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 2
Business Challenges
IT Solutions
How is IT responding to business drivers?
Flexible Application Deployments
Business Agility
Simplification
Differentiation
Meshed Composite Applications
IT is creating custom solutions to support business drivers
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 3
SONA Framework N
etw
ork
Syst
ems
Lay
er
Network Systems
Data Center Campus Branch
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 4
“SONA is an architectural approach to connect Network Services to Applications to deliver Business Solutions.”
What Is SONA?
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 5
Path Towards SONA Three Phases Approach
AUTOMATION
Storage
Network
Compute
Dynamic Provisioning and Information Lifecyle Management (ILM) to
Enable Business Agility
Business Policies On-Demand
Service Oriented VIRTUALIZATION
Storage Network Compute
Enterprise Applications
Management of Resources Independent of Underlying Physical Infrastructure to
Increase Utilization, Efficiency and Flexibility
Data Network
Server Fabric
Network
Centralization and Standardization to
Lower Costs, Improve Efficiency and Uptime
CONSOLIDATION
LAN WAN MAN
SAN
Storage Network
Intelligent Information
Network
HPC Cluster GRID
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 6
Applications generally perform well in LAN environments as few barriers exist to application performance High bandwidth Low latency Reliability
WAN characteristics hinder performance and consolidation efforts Already congested Low bandwidth Latency Packet Loss
The WAN Is A Barrier To Consolidation
Round Trip Time (RTT) ~ 0mS
Client LAN Switch Server
Round Trip Time (RTT) ~ many many milliseconds
Server Client LAN Switch LAN Switch
WAN
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 7
Cisco WAAS - Overcomes the WAN
Cisco WAAS is a solution that leverages a hardware footprint (WAE) in the remote office and in the data center to overcome application performance problems in WAN environments and enable infrastructure consolidation
Data Center
Remote Office
Remote Office
Remote Office
WAN
Optimized Connections
Optimized Connections
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 8
Traditional WAN Optimization: Not Seamless, but Disruptive to Existing Network
WAN NAS
Client Workstation LAN Switch WAN Router WAN Router Edge Device Core Device Firewall Firewall
LAN Switch Origin File Server
A B Preservation of IP and TCP Header Information
QoS NBAR
NetFlow ACL NAT
Security Filter VPN
Optimization Tunnel
Traditional WAN Optimization changes header information
Result: • Services may not work • Extra integration required • Risk of downtime due to dedicated links
Traditional WAN Optim.
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 9
Cisco WAAS: Seamless Network Integration, Service Preservation
IP Network NAS
Client Workstation LAN Switch
LAN Switch
Edge WAE Core WAE
A B Full Preservation of IP and TCP Header Information
Data Center Scalability
Transport and Flow Optimizations Data Redundancy Elimination Accelerates ALL TCP Traffic
Robust Application Adapters to Offload
WAN and Data Center Local Services
Firewall Firewall
Security Filter VPN
WAN Router
QoS NBAR
NetFlow ACL NAT
WAN Router
Visibility NetFlow
QoS Cisco WAAS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 10
Cisco WAAS, QoS, and Enterprise VoIP
Cisco WAAS enables enterprise VoIP deployments by easing the contention for available bandwidth resources and complying with network-based end-to-end QoS
WAN
Without WAAS (QoS only)
WAN
VoIP
Scavenger
ERP VoIP
Scavenger Email ERP
Additional Available Capacity!
With WAAS and QoS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 11
Data Center Integration with Cisco ACE
Application Control Engine (ACE) Provides transparent integration of Cisco WAAS into the datacenter, server load-balancing, and asymmetric application optimization Scales from 1Gbps to 64Gbps, up to 16 million TCP connections
ACE Features and Benefits Catalyst 6500 series module or standalone appliance form factor Solution for scaling servers, appliances, and network devices Virtual partitions, flexible resource assignment, security, and control Asymmetric application optimization complementing WAAS
Cisco Application Control Engine 4710 Appliance Series
Cisco Application Control Engine Linecard for the Catalyst 6500 Family
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 12
Path Towards SONA: Virtualization
What is virtualization? – A logical rather than physical view of
data, storage, network, and other resources presented independently of location, packaging, or capacity
– One Network Supports many physical resources: simplifies operations, reduces cost
– One Network Consolidates all types of resources for increased flexibility (data, voice, video, storage)
Benefit: flexible configuration and management of all infrastructure resources to reduce costs and increase agility
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 13
DCNA - Network Virtualization Framework
Access Control Path Isolation Services Edge WAN – MAN - Campus
Functions Branch - Campus Data Center - Campus Identify & authenticate
client (user, device, app) attempting to gain network access
Isolate into a Segment
Grant _controlled_ access or prevent access
1.
2.
3.
Map client VLAN to transport technology
Transport client traffic through isolated path
Terminate isolated path @ destination edge
1.
2.
3. VRFs
GRE
IPSec
MTR L2TPV3
MPLS
Map isolated path to destination VLAN
Apply policy at VLAN entry point
Isolate Application environments
1.
2.
3.
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 14
Path Isolation
Device Virtualization Control Plane Virtualization Data Plane Virtualization Management Virtualization
Data Path Virtualization Single-hop Multi-hop
802.1q DLCI VPI/VCI PW, VFI
Tags / circuits
Tags / circuits
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 15
Campus Network Virtualization Path Isolation Technologies
Access Control Path Isolation Policy Enforcement
Layer 2 Access Infrastructure
Layer 3 Core
VRF-Lite MPLS
ACLs/PBR GRE
• Builds on existing campus protocols
• Medium complexity • Scales up to a dozen
segments
• Widely deployed • Seamless services integration • Limited scalability • High complexity
• Builds on existing campus protocols
• Limited scalability • Medium complexity
• High scalability (256+ segments)
• High complexity • Requires new
protocol
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 16
IPSec VPNs are replacing traditional WAN media to save costs and enable new work habits
Common design issues for both Remote VPN and Branch-to-DC deployments
QoS critical in key areas
Design IPSec VPNs with QoS today to transport VoIP tomorrow
Deploy broadband and IPSec VPNs so WORK IS AN ACTIVITY—NOT A PLACE
Application of V3PN
V3PN
QoS
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 17
VTI Consideration
Branch Router
Data Center
Branch Connection
via WAN
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 18
VTI - IPSec
Virtual Tunnel Interface: VTI feature enables Implementing QoS features
from crypto head-end to branch routers. Provides a routable interface Interface Tunnel 0 Supports per-tunnnel features / peer (session)
configurations Supports Encryption of IP Multicast Head-end routers only need Virtual Templates, not
pre-configured tunnel interfaces Load balancing function of Routing Protocol
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 19
Business QoS objectives need to be defined: • Is the objective to enable VoIP only, or is video also required? • If so, is video-conferencing required streaming video or both? • Are there applications that considered mission-critical? If so, what are they? • Does the organization wish to squelch certain types of traffic? If so, what are they? • Does the business want to use QoS tools to mitigate DoS/worm attacks? • How many classes of service are needed to meet the business objectives? Because QoS introduces a system of managed unfairness, most QoS deployments inevitably entail political and organizational repercussions when implemented. To minimize the effects of these non-technical obstacles to deployment, address these political and organizational issues as early as possible, garnishing executive endorsement whenever possible.
A successful QoS deployment includes three key phases: 1) Strategically defining the business objectives to be achieved via QoS 2) Analyzing the service-level requirements of the traffic classes 3) Designing and testing QoS policies
Classify, mark, and police as close to the traffic-sources as possible; follow Differentiated-Services standards, such as RFC 2474, 2475, 2597, 2698, and 3246.
Provision queuing in a consistent manner (according to platform capabilities).
No “one-size fits all” Smooth/Bursty Benign/Greedy TCP Retransmits/
UDP does not
Data
Unpredicable Flows Drop + Delay Sensitive UDP Priority 150 ms one-way delay 30 ms jitter 1% loss Overprovision stream by
20% to account for headers + bursts
Video
Predicable Flows Drop + Delay Sensitive UDP Priority 150 ms one-way delay 30 ms jitter 1% loss 17 kbps-106 kbps VoIP +
Call-Signaling
Voice
Voice
Scavenger
Best Effort
Bulk
Streaming-Video
Mission-Critical
Routing
Interactive- Video
Call-Signaling Net Mgmt
Transactional
Real-time ≤ 33%
Critical Data
Best Effort ≥ 25%
Thoroughly test QoS policies prior to production-network deployment.
Application L3 Classification PHB DSCP
Routing CS6 48 Voice EF 46
Interactive Video AF41 34 Streaming Video CS4 32 Mission Critical AF31 26 Call-Signalling CS3 24
Transactional Data AF21 18 Network Mgmt CS2 16
Bulk Data AF11 10 Scavenger CS1 8 Best Effort 0 0
1) Strategically defining the business objectives to be achieved by QoS
2) Analyze the application service-level requirements. 3) Design and test the QoS Policies.
QoS Best Practices
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 20
DC 3.0 - DCNA IT
Rel
evan
ce a
nd C
ontr
ol
Application Architecture Evolution
Data Center 1.0 Mainframe
CENTRALIZED
Data Center 2.0 Client-Server and
Distributed Computing
DECENTRALIZED VIRTUALIZED
Data Center 3.0 Service Oriented and
Web 2.0 Based
IP Routing
LAN Switching SLB / Firewall
Storage Switching
App Delivery
Server Switching
Service
Orchestration
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 21
DCNA - Data Center Virtualization
IP FC
SAN FC
Network Virtualization VLAN, VRF, MPLS, GRE Independent Path/Policies for Network Segments
Network Service Virtualization
Firewall, Load Balancer, SSL Independent Network Services & Policies for Application
Storage Virtualization VSAN, Storage Independent Storage for Individual Application
Server Virtualization CPU, IO, Server Fabric Independent Compute Resources wrt Application Services
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 22
ACE compliments Green DCNA - Improving Power, Cooling, and Rack Space
8 Isolated Applications at 2GB Throughput Each
16X
Power Consumption
15X
Mid-Size Enterprise
32 Isolated Applications 4 ACE Modules OR
Products • 12 KW increase for
Competing Solution
• Five year Power and Cooling savings:
$335K-$419K
ACE Savings
32 Low-End Competing
Devices
Physical Rack Space
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 23
Green DCNA - Most Robust Application Availability
Physical Redundancy – Inter-chassis
ACE ACE
Catalyst 6500 Catalyst 6500
Physical Redundancy – Intra-chassis
ACE
ACE
Catalyst 6500
A B ACE-1
ACE-2
Active Active
C D Active Active
C’ D’ Standby Standby
A’ B’ Standby Standby
Red-grp2 Red-grp1 Red-grp3 Red-grp4
Application Redundancy -- Inter-Context
FT VLAN TRP protocol packets Heart-beats Configuration sync packets State replication packets
Failover Tracking • HSRP • Interface up / down • Multiple probes with priority
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 24
Introducing Cisco Validated Designs Building Blocks for SONA Solutions
3 Types of CVDs Network Services (Mobility, Security, Unified Communication) Industry Solutions (Retail PCI, Healthcare Translation…) Places in the Network (Campus, Data Center, Branch)
Campus Data Center
Enterprise Edge
WAN/MAN
Branch
Teleworker
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 25
Services Edge
Provide access to resources/subnets Shared – by multiple VNs Dedicated – to a single VN
VN Specific logical policy services - Dedicated per VN Resource Specific policy services - Shared across VNs Fusion routing
Access shared resources Inter-VN communication
Services Resources VNs
Shared Resource specific
VN specific User VN
Extranet VN
User VN
User VN
User VN
VN/resource specific
VN specific Shared
Dedicated
Fusion Router
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 26
Shared Services & Inter-VPN Communication FW + Fusion Router
Fusion router: Inter-VPN connectivity Shared resource connectivity
Internet, servers, etc.
FW contexts: VPN isolation / protection Per VPN policies: ACL, NAT … 256 contexts per FW Map to VLANs
Shared services available: On their own VPN (distributed) Off the transit router or DMZ (centralized) Access is always centralized
I-Net
PE
Shared Services
FWSM DMZ
Shared Services
VPN A
VPN B
VPN C
VPN D
VRF A
VRF B
VRF C
VRF D
Fusion Router
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 27
Understanding VRFs Route Targets
Import/export routes to/from MP-BGP updates Globally significant—creates the VPN Allows hub and spoke connectivity (central services)
VRF Export 3:3 Import 3:3 Export 2:2 Import 1:1
Export 3:3 Import 3:3 Export 2:2 Import 1:1 VRF
VRF
VRF Export 3:3 Import 3:3 Import 2:2 Export 1:1
VRF VRF Red – any-to-any Blue - Hub-n-spoke
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 28
Shared Services Extranet VPN Multiple-box Extranet Implementation
Bi-Directional Communication Between All VRFs and Central Services VRF Central services routes imported into both
VRF red and blue (1:1)
Central VRF imports routes for blue and red subnets (3:3, 2:2)
No routes exchanged between blue/red
No transitivity: imported routes are not “re-exported”
Blue and red remain isolated
VRF Export 3:3 Import 1:1 Export 2:2 Import 1:1
Export 3:3 Import 1:1 Export 2:2 Import 1:1 VRF
VRF
VRF
Import 3:3 Import 2:2 Export 1:1
VRF
Shared Services
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 29
Virtual
Blue
Path Towards SONA: Automation Dynamic Network Provisioning
Physical Campus LAN
Red
Virtual Virtual
Green
Security Policy QoS Policy Security Policy
QoS Policy Security Policy QoS Policy
User Authenticated Or,
MAC Authenticated Assignment
Static Port Assignment
Application Assignment
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 30
Summary: The Network as a Platform - DCNA
IT need not be a cost centre but a strong driver for business by addressing key challenges with DCNA which offers:
1) Business agility Ability to response rapidly to varying economic condition Ability to adjust rapidly to the changes in a business
environment 2) Differentiation from traditional business
Enabling SLAs with ease and permits to create layers of differentiated services
Address time to market issues Address regulatory compliance that could impact future
business 3) Operation Simplification
Reduce Opex and Capex through Consolidation, Virtualization and Standardization with an architectural approach validated by Cisco.
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 31
Summary: The Network as a Platform
Business Architecture
Business Agility Company Differentiation Process Simplification
Technology Architecture
Consolidation Virtualization Automation
Service Oriented Network Architecture
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 32
Summary: DCNA Reference Design
© 2006 Cisco Systems, Inc. All rights reserved. Presentation_ID 33