Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
© 2008 Cisco Systems, Inc. All rights reserved. 1
Layer 2 Extensions for Data Center Interconnect with Catalyst 6500
Belmont Belmont ChiaChia
Consulting System EngineerConsulting System EngineerData Center Network ArchitectureData Center Network Architecture
Cisco Confidential 2© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 3© 2008 Cisco Systems, Inc. All rights reserved.
Problem Statement
Why Layer 2 across Data Centers1. Geocluster
2. Legacy applications (hard-coded IP)
3. Redundant configurations (HSRP/VRRP, heartbeats, etc)
Provide layer 2 connectivity between data centers with:1. Redundant Paths
2. STP Isolation
3. Failover within
Cisco Confidential 4© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – Transport Options
Site A
Site D
Site B
Site C
Dark FiberMPLS
IP
Cisco Confidential 5© 2008 Cisco Systems, Inc. All rights reserved.
L2 Extension Transport Options
Dark Fiber – Applicable for Short Distances (< 100km)
MPLS– Applicable if Enterprise is ready to deploy MPLS in core– MPLS service can be self-deployed or as managed service from
SP (directly attached L2VPN or Carrier supporting Carrier)
IP– Applicable for majority of customers with no Dark Fiber or
MPLS
Cisco Confidential 6© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 7© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Assumes dark fiber between sites
• Distance limitations are given by DWDM
• Number of sites can be 2 or more
Cisco Confidential 8© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Assumes dark fiber between sites
• Distance limitations are given by DWDM
• Number of sites can be 2 or more
Cisco Confidential 9© 2008 Cisco Systems, Inc. All rights reserved.
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Add 2 switches in main data centers
• Switches use separate lambda to interconnect
• These switches will form a VSS
• Use DWDM X2 to build VSL*
Cisco Confidential 10© 2008 Cisco Systems, Inc. All rights reserved.
A B
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Repeat similar principle for all sites
Cisco Confidential 11© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 12© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – MPLS
Site A
Site D
Site B
Site C
EoMPLS / VPLSMPLS
Cisco Confidential 13© 2008 Cisco Systems, Inc. All rights reserved.
L2 extension Loop PreventionEoMPLS PW
LocalSTP
Backup PW into Core
LocalSTP
Site A Site B
with EEM to enable the backup PW
EoMPLS PW-redundancyLoop-free interconnexion for dual sites VLAN extension
Native Port xconnect
New solution under validation
Cisco Confidential 14© 2008 Cisco Systems, Inc. All rights reserved.
Per VLANalternate path
LocalSTP
Only Local STPPW redundancy into PE
LocalSTP
Site A
L2 Core L2 Core
Per VLANVFI
L2 extension Loop Prevention VPLS
Cisco Confidential 15© 2008 Cisco Systems, Inc. All rights reserved.
Layout for multiple DCs
Cisco Confidential 16© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 17© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – IP
Site A Site B
EoMPLSoGRE / VPLSoGREGRE Tunnels
IP
Requires Whitney 2SIP-400 for WAN uplinks
Cisco Confidential 18© 2008 Cisco Systems, Inc. All rights reserved.
IP CoreIP Core
DC Interconnect using EoMPLSoGRE
GRE Tunnels
12.2(33)SXI feature
Edge only functionality using SIP400
Site A
Site BEoMPLSLSoGRE
EoMPLSoGRE
SIP-400
SIP-400
SiSi
SiSi
Cisco Confidential 19© 2008 Cisco Systems, Inc. All rights reserved.
DC Interconnect using VPLSoGRE
IP CoreIP Core
GRE Tunnel
s
12.2(33)SXI feature
Edge only functionality using SIP400
Site A
Site C
Site BVPLSoGRE
VPLSoGRE
VPLSoGRE
SIP-400
SIP-400
SIP-400
SiSi
SiSi
SiSi
Cisco Confidential 20© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 21© 2008 Cisco Systems, Inc. All rights reserved.
Encrypted L2 extensionusing ATOMoGRE
Nowadays IPSec is the main encryption mecanismIPSEC requires IP packetsL2 are not IP packetsToday, no native L2oIP solution is existing
L2oGRE is acting as L2oIP and so can be encryptedEoMPLS for point to point solutionVPLS for multipoint solution
Requires either:Two boxes solution (one for L2VPNoGRE, one for IPSec)One box solution with a wrap cable
Cisco Confidential 22© 2008 Cisco Systems, Inc. All rights reserved.
VPLS o GRE o IPSEC in one boxwith wrap-cable
Crypto
GREVPLS PW
Wrap ports• ingres is SIP-400• egress is any port
SIP-400
VPN-SPA
VRFedge
VRFcore
Core port
any Ethernet port
GREL3
To integrate both function in one box:1. Use VRFs to isolate routing
• One VRF for edge link• One VRF for Core links
2. Wrap cable to connect SIP-400 toward VRF
Cisco Confidential 23© 2008 Cisco Systems, Inc. All rights reserved.
Key Takeaways
The Key Takeaways of this presentation are:Catalyst 6500 offers multiple solutions for extending Layer 2 between multiple Data Centers VSS with DWDM on Catalyst 6500 offers a 10G multipoint solutionATOMoGRE with SIP-400 offers a 1G multipoint solution for L2 extensions over a WAN with IP or MPLS coreL2 extension options on Catalyst 6500 are redundant, scalable and secure.