© 2008 cisco systems, inc. all rights reserved. 1 layer 2 extensions for data center interconnect...
TRANSCRIPT
© 2008 Cisco Systems, Inc. All rights reserved. 1
Layer 2 Extensions for Data Center Interconnect with Catalyst 6500
Belmont ChiaBelmont Chia
Consulting System EngineerConsulting System EngineerData Center Network ArchitectureData Center Network Architecture
Cisco Confidential 2© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options
1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 3© 2008 Cisco Systems, Inc. All rights reserved.
Problem Statement
Why Layer 2 across Data Centers
1. Geocluster
2. Legacy applications (hard-coded IP)
3. Redundant configurations (HSRP/VRRP, heartbeats, etc)
Provide layer 2 connectivity between data centers with:
1. Redundant Paths
2. STP Isolation
3. Failover within <4 seconds
4. Load balancing
5. Scalable
6. Encryption (optional)
Cisco Confidential 4© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – Transport Options
Site A
Site D
Site B
Site C
Dark FiberMPLS
IP
Cisco Confidential 5© 2008 Cisco Systems, Inc. All rights reserved.
L2 Extension Transport Options
Dark Fiber – Applicable for Short Distances (< 100km)
MPLS– Applicable if Enterprise is ready to deploy MPLS in core
– MPLS service can be self-deployed or as managed service from SP (directly attached L2VPN or Carrier supporting Carrier)
IP– Applicable for majority of customers with no Dark Fiber or
MPLS
Cisco Confidential 6© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options
1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 7© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Assumes dark fiber between sites
• Distance limitations are given by DWDM
• Number of sites can be 2 or more
Cisco Confidential 9© 2008 Cisco Systems, Inc. All rights reserved.
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Add 2 switches in main data centers
• Switches use separate lambda to interconnect
• These switches will form a VSS
• Use DWDM X2 to build VSL*
Cisco Confidential 10© 2008 Cisco Systems, Inc. All rights reserved.
A B
DC Interconnect – Dark Fiber
Site A
Site D
Site B
Site C
• Repeat similar principle for all sites
Cisco Confidential 11© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options
1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 12© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – MPLS
Site A
Site D
Site B
Site C
EoMPLS / VPLSMPLS
Cisco Confidential 13© 2008 Cisco Systems, Inc. All rights reserved.
L2 extension Loop Prevention EoMPLS PW
LocalSTP
Backup PW into Core
LocalSTP
Site A Site B
EoMPLS PW-redundancy
Loop-free interconnexion for dual sites VLAN extension
Native Port xconnect
New solution under validation
with EEM to enable the backup PW
Cisco Confidential 14© 2008 Cisco Systems, Inc. All rights reserved.
Per VLANalternate path
LocalSTP
Only Local STPPW redundancy into PE
LocalSTP
Site A
L2 Core L2 Core
Per VLANVFI
L2 extension Loop Prevention VPLS
Cisco Confidential 15© 2008 Cisco Systems, Inc. All rights reserved.
Layout for multiple DCs
MPLS/VPLS
Core
Agg
Access
Core
Agg
Access
Core Agg Access
Data Center A
Data Center B
Data Center C
Cisco Confidential 16© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options
1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 17© 2008 Cisco Systems, Inc. All rights reserved.
DC Core
Aggregation
Access
DC Interconnect – IP
Site A Site B
EoMPLSoGRE / VPLSoGREGRE Tunnels
IP
Requires Whitney 2
SIP-400 for WAN uplinks
Cisco Confidential 18© 2008 Cisco Systems, Inc. All rights reserved.
IP CoreIP Core
DC Interconnect using EoMPLSoGRE
GRE Tunnels
12.2(33)SXI feature
Edge only functionality using SIP400
Site A
Site BEoMPLSLSoGRE
EoMPLSoGRE
SIP-400
SIP-400
SiSi
SiSi
Cisco Confidential 19© 2008 Cisco Systems, Inc. All rights reserved.
IP CoreIP Core
DC Interconnect using VPLSoGRE
GRE
Tunnels
12.2(33)SXI feature
Edge only functionality using SIP400
Site A
Site C
Site BVPLSoGRE
VPLSoGRE
VPLSoGRE
SIP-400
SIP-400
SIP-400
SiSi
SiSi
SiSi
Cisco Confidential 20© 2008 Cisco Systems, Inc. All rights reserved.
Agenda
Problem Statement
Transport Options
1. Dark Fiber
2. MPLS
3. IP
Encryption
Cisco Confidential 21© 2008 Cisco Systems, Inc. All rights reserved.
Encrypted L2 extension using ATOMoGRE
Nowadays IPSec is the main encryption mecanism
IPSEC requires IP packets
L2 are not IP packets
Today, no native L2oIP solution is existing
L2oGRE is acting as L2oIP and so can be encrypted
EoMPLS for point to point solution
VPLS for multipoint solution
Requires either:
Two boxes solution (one for L2VPNoGRE, one for IPSec)
One box solution with a wrap cable
Cisco Confidential 22© 2008 Cisco Systems, Inc. All rights reserved.
VPLS o GRE o IPSEC in one box with wrap-cable
Crypto
GREVPLS PW
Core port
any Ethernet port
Wrap ports• ingres is SIP-400• egress is any port
SIP-400
VPN-SPA
VRFedge
VRFcore
To integrate both function in one box:1. Use VRFs to isolate routing
• One VRF for edge link• One VRF for Core links
2. Wrap cable to connect SIP-400 toward VRF
GREL3
Cisco Confidential 23© 2008 Cisco Systems, Inc. All rights reserved.
Key Takeaways
The Key Takeaways of this presentation are: Catalyst 6500 offers multiple solutions for extending
Layer 2 between multiple Data Centers
VSS with DWDM on Catalyst 6500 offers a 10G multipoint solution
ATOMoGRE with SIP-400 offers a 1G multipoint solution for L2 extensions over a WAN with IP or MPLS core
L2 extension options on Catalyst 6500 are redundant, scalable and secure.