data center design guide 4 1

NORTEL NETWORKS CONFIDENTIAL

Internet Data Center Solution Design

Presentation name - 2


IDC Industry Analysis

Internet Data Center Requirements

Alteon IDC Solution Overview

Alteon IDC Solution Design

IDC Solution Case Study


Internet Infrastructure Upgrades

Web SwitchingGigabit Ethernet

Giga/Terabit RouterDWDMSonet

xDSLCable Wireless

CachingCDNWeb Switching


Migration to Internet Data Centers

Source: Forrester

IMPACT:– Outsourcers will own and manage web switches for customers

(already happening)– API-level interfaces for controlling web switches will become

more important


Why companies outsource to IDCs?

Source: Forrester


E-commerce vs. Brochureware

Source: Forrester

• New sites are increasingly complex and transaction-oriented

• Mission critical sites are more common, which changes the requirements for hosting


Internet Data Center Environment


Internet Data Center Environment

Remotely-monitored video surveillance safeguards the IDC and its perimeter 24 hours a day, 7 days a week.

Hand scanning sensors authorize Internet Data Center clearance by means of biometric recognition.

Server racks are reinforced against seismic anomalies with scientifically exact bracing that adjoins both the server racks and the caging environment to a below-floor channel.

All IDCs run on clean power conditioned by an Uninterruptible Power Supply (UPS). The UPS provides immunity to energy spikes and surgesexperienced by the public sector. Backup generators guarantee an alternate power source, providing indefinite hours of additional uptime in the event of a system failure.

Multiple HVAC units supplement principal cooling systems for consistent temperature control and maximum airflow.

A preferred alternative to conventional fire suppression methods, this system, together with intelligent early detection and backup suppression methods, prevents unnecessary equipment damage and incidental loss of uptime.

Internet operations are simultaneously monitored 24 x 7 within each Internet Data Center NOC (Network Operations Center) and from the Exodus Response Center

IDC access, 24 x 7 security monitoring and incident management are controlled by on-premises security officers.

Alarms are monitored 24 x 7 for rapid incident resolution.

Electronic motion sensors detect and react to movement around the perimeter of the IDC and within its interior. .


Successful key factors• Give client control

– Accessibility 24x7 with security

• Pre-configured wiring system

• Best security to safeguard the access

• Best facility– Network Operations Center (NOC)– Best reliable networking equipment– UPSs– Secure, monitored facility

• Great Connectivity– Multi-Telco connections with great and various types of bandwidth

• Offer Multi-services

• Best people & support


Internet Data Center Services

• Real Estate

• Bandwidth– 10Mbps and 100Mbps (shared or Dedicated)– Incremental bandwidth between 10Mbps - 100Mbps

• Managed Services– System monitoring > Network monitoring– Basic equipment level trouble shooting– Reporting > Backup service

• Professional Services– Total solution

• H/W, S/W, Planning, Design, Implementation– Security service

• Consultation > Firewall• Intrusion detection > Anti-virus• Data Recovery > Monitoring• Reporting


IDC Service Provider Approaches

• Infrastructure-driven service providers– Started out focusing on network pieces

• WAN (Internet backbone/peering)• LAN (per customer)• IP• Facilities like air conditioning and power

– Provide value by knowing about infrastructure and how to run it

– Evolving “up the stack”


IDC Service Provider Approaches

• Application-driven service providers– Started out focusing on hosting simple applications– Quickly moved to business applications like ERP with web

front-ends– Provide value by knowing about applications and the business

rules that shape them– Evolving “up the stack”


Changes in Site Complexity

• Move to transaction-oriented E-commerce sites drives need for stronger session state management– Network Intelligent URL based load balancing– Session state management for SSL– More awareness of applications– Application-level QoS


IDC Solution Requirements Summary

• High Performance, Reliability, Flexibility, Scalability

• Solve Data Center security concerns and Firewall Protection

• Serviceability

• Enable E-commerce platform


Alteon WebSystems

Founded May, 96 Claim to fame Content networking pioneer Customers 2000+ worldwide Employees 600+ FY00 revenue $109m Revenue growth 545% (4Q/00 over 4Q/9) Growth in value 774% (Sept 99 to Aug 00)

since IPO Status Just acquired by Nortel


Alteon Products/TechnologyStackable and Modular Web Switches

High-Speed Adapters

Traffic Control Software

Next GenerationNetwork Processing ASICs

Web Optimization Tools


IDC Network Basics


Alteon IDC Solution Vision

Infrastructure network for IDC• Most server-efficient Ethernet connectivity• Best resilience and application availability services• Most intelligent traffic prioritization, redirection and load balancing• Most comprehensive integration of IP traffic management services• Most scalable, high performance data center infrastructure network

Access Networks

Remote Data Center

Internet

WAN Backbone

Remote POPs

• Fast and Gig Ethernet• L2/3/4/L7 switching• Local/global load

balancing• Cache redirection• Bandwidth management• Security/Fire walling

Data Center

DatabaseWeb Servers

DNS

Web Switches

Host Optimized Adapters

Email

Firewall & VPNs


• Local Server Load Balancing– Increase application performance, availability and scalability by transparently distributing

user requests across local server farms• High Availability Configurations

– No single-point-of-failure at system level – Active-Active Design

• Global Server Load Balancing– Increase application performance, availability and scalability by transparently distributing

user requests across geographically distributed server farms• Policy-based Traffic Redirection

– Per port access control and traffic redirection to increase security, manage traffic and offload routers

– Enables load balancing of transparent devices including caches, SSL off-load, firewalls and default gateways for increased performance and availability

– Enables differentiated services and QoS• Bandwidth Management• Server Security Protection

– Protects servers against hacker attacks

Alteon Data Center Solution FAB


Alteon IDC Network Design

• High Performance, Reliability, Flexibility, Scalability– Capable to handle burst Internet transaction volume– Distributed Processing and Virtual Matrix Architecture– Active/Active configuration– Extremely high scalability– No restriction on IP addressing scheme of real servers

• Solve Data Center security concerns and Firewall Protection– Leading-edge solution for Denial of Service (DoS).– Most scalable high-performance firewall load balance – Freedom of choice of firewall selection


Alteon IDC Network Design

• Serviceability–Guaranteed Internet Bandwidth–Enable Service based provisioning, Dynamic

bandwidth, Preferential service, Usage-based service.

• Enable E-commerce platform–Content switching Server Load Balance–Content Intelligence switching–Scriptable Health Check–SSL Offload




IDC Network Infrastructure Design

IDC Network WAN Backbone Design

IDC Network Firewall & CDN Design

IDC Network LAN Backbone Design

IDC Network User Access Network Design

IDC Network User Network Design

IDC Network Management System Design

A Sample IDC Network Design


IDC Network ArchitectureInternet ( International/ Local)

Internet Backbone Connection

Firewall & Security (VPN)

HostingCustomer

Internet Data Center Backbone Switch

Hosting Access Switch / BMW

HostingCustomer


HostingCustomer

HostingCustomer


HostingCustomer

HostingCustomer

NetworkManagement

System

Internet WAN Layer

IDC Security Layer

LAN Backbone Layer

User Access Layer

User Networks Layer

IDC

In

fras

tru

ctu

reC

ust

omer

Net

wor

k


Mission of IDC Network Design

• IDC Network Infrastructure Design – High Throughput and Reliable WAN Backbone– Scalable Network Security Gateway– Reliable, Scalable, High Bandwidth LAN Backbone– Customer & Application Bandwidth Management

• IDC User Network Design– High Performance Server Farm with SLB– Global Access by GSLB– E-Business Application supported by SSL Offload and

Persistence

Network Design is an art not just connect all box together


Internet

Alteon Alteon

Alteon

Gigabit BB Gigabit BB

Alteon

Firewall

Alteon

Alteon

Firewall

SSL Service

SSL Service

SSL Service

SSL Service

L2 100Mbps SwitchWith Gigabit uplink

L2 Gigabit SwitchL2 100Mbps SwitchWith Gigabit uplink




L2 100Mbps SwitchL2 100Mbps SwitchWith Gigabit uplink

L2 10MbpsSwitch

L2 10MbpsSwitch

L2 10MbpsSwitch

L2 10MbpsSwitch

L2 10MbpsEthernet Hub




Gigabit dedicatedBandwidthConnection

100Mbps dedicatedBandwidth connection

100Mbps dedicatedSystem service



100Mbps sharedBandwidth connection

10Mbps sharedBandwidthconnection

100Mbps SharedSystem Service


Gigabit DedicatedSystem Service

Bandwidth Mgt. function

FWLB function Cache Service

FWLB functionL4/L7 LB function, iSD Service

Gigabit Ethernet Backbone

L2 Switching Fabric

Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet

IDC User Access

RR Internet Access Router

A Big Picture of IDC Network Design

Cache Server

Cache Server

Cache Server

Cache Server


IDC Network Infrastructure Sample DesignINTERNET

R

ACE 184 ACE 184

ACE 180E

Accelar 8600 Accelar 8600

ACE 180E

Firewall

ACE 180E

ACE 180E

Firewall

SSL Service

SSL Service

SSL Service

SSL Service


L2 Gigabit SwitchL2 100Mbps SwitchWith Gigabit uplink




L2 100Mbps SwitchL2 100Mbps SwitchWith Gigabit uplink

L2 10MbpsSwitch

L2 10MbpsSwitch

L2 10MbpsSwitch

L2 10MbpsSwitch





Gigabit dedicatedBandwidthConnection





100Mbps sharedBandwidth connection

10Mbps sharedBandwidthconnection



Gigabit DedicatedSystem Service

Bandwidth Mgt. function

FWLB function Cache Service

FWLB function

L4/L7 LB function, SSLService

Gigabit Ethernet Backbone

L2 Switching Fabric

Legends:Gigabit Ethernet100Mbps Ethernet10Mbps Ethernet

IDC User Access

RInternet Access Router

Cache Server

Cache Server

Cache Server

Cache Server


Alteon IDC Network Solution Data Center

Shared hosting service

Managed firewall and

VPN services

Dedicated hosting/co-location service

Customer 1 Customer 2 Customer 3

DNS

DNS

Data Center

Data Center

Internet

Provider Backbone

L3 concentration, Bandwidth mgnt

L3 concentration, policy redirection, ACL, and FWLB

POPs

caches

SLB, GSLB

SLB, GSLB

Reverse caches

Dynamic Content

Static Content

L2 concentration, ACL, policy redirection, SLB, GSLB, Bandwidth mgnt

SLB,

DNS

DNS

Customer 3

SLB, GSLB

Hierarchical Cache Farm


IDC Infrastructure and User Network (Option 1)

Dedicated Bandwidth Service10/100/1000Mbps; 256nKbps

Global Server Load Balance (GSLB)

Bandwidth Management (BWM)

Firewall Load Balance(FWLB)

Layer 4 & Layer 7 Load Balance L4&L7 LB

iSD Service

iSD Service

S S S S

Server offload

L2/L3 Dedicated connection

Legends:

SServers

IDC equipment boundary

User equipment boundary

IDC Infrastructure

User Network



Shared Bandwidth Service10/100/1000Mbps; 256nKbps





iSD Service

iSD Service

S S S S

Server offload

L2/L3 Shared connection

Legends:

SServers



IDC Infrastructure

User Network



Dedicated System Service10/100/1000Mbps





iSD Service

iSD Service

S S S S

Server offload

L2/L3 Dedicated connection

Legends:

SServers



IDC Infrastructure

User Network



Shared System Service10/100/1000Mbps





iSD Service

iSD Service

S S S S

Server offload

L2/L3 Shared connection

Legends:

SServers



IDC Infrastructure

User Network




IDC Network Infrastructure Design

IDC Network WAN Backbone Design

IDC Network Firewall & CDN Design

IDC Network LAN Backbone Design

IDC Network User Access Network Design

IDC Network User Network Design

IDC Network Management System DesignA Sample IDC Network Design


IDC Network Design – WAN Backbone

Internet ( International/ Local)

Internet Backbone Connection

Firewall & Security (VPN)

HostingCustomer

Internet Data Center Backbone Switch


HostingCustomer


HostingCustomer

HostingCustomer


HostingCustomer

HostingCustomer

NetworkManagement

System

Internet WAN

• IDC WAN backbone connect public and private network

• Major ISP with a high concentration in private connections • All IDC using multiple high-speed OC-3, and OC-12 lines for high performance, dedicated, and redundant backbone network connection

• Using reliable and far more powerful routers to built reliability, performance and scalable Internet node.

• High end Internet backbone router• Comprehensive IP backbone routing design


WAN Router Load Balancing

Load-sharing Routers

Internet Backbone

Load-sharing links

• All egress traffic is statistically load balanced among the routers.

• Similar to how we do it with Redirection, we ensure IP Flows are properly maintained between unique IP Sources and Destinations

• Required to ensure no out-of-order frames are transmitted out the WAN or LAN backbone

• We don’t care (nor can we control) how frame INGRESS from the WAN to the switch

• All Routers must have the ability the get to all destinations. Out-of-balance routing tables between the routers (from different network providers, for instance) will create problems.


WAN Backbone Support Differentiated Services

• Reduce costs and increase trans-Pacific access performance:

» Redirect non-time sensitive traffic to high-latency satellite links

• Put WAN link to different server groups, using policy filter to redirect different service to different server group.

Internet Backbone

HTTPFTP, Email


Bandwidth Management Design

A.com

• Usage-based services » Basic charge by target rate (Soft Limit)

» Over-subscription penalty based on frequency and amount of bursting between soft and hard limits

» Tag packets above software limit - “discard eligible” when upstream bandwidth not available

» Accounting data archived automatically for monthly billing

• QoS service offering

» Offer hosted Web sites preferential delivery by source IP blocks, applications, URL types, cookies, …

• Fast provisioning

» Pre-define up to 64 bandwidth policies AD3/180e

» Pre-define up to 1024 bandwidth policies AD4/184

VIP ACIR = 5 SL = 25 HL = 33IPTOS = …

. . .

VIP A

B.com

VIP B

VIP BCIR = 15 SL = 75 HL = 100IPTOS = …

CAR enabled

Internet Backbone


Security Management

• Prevent DOS attacks by– Rate limit SYN, Ping or other disruptive packets.– Alert operator when soft limit exceeded.

• Prevent potential outgoing DOS attacks.– Rate limit applications using unknown port

numbers.

• Augmented by other security features.– ACL to prevent undesirable packets.– NAT to hide internal addresses

Broadcast/ MulticastCIR = 10SL = 30HL = 50

Internet

IDC

SYN & IP OptionsCIR = 2 SL = 2HL = 5

Unknown Socket #’sCIR = 2 SL = 10 HL = 10

BW Contracts:


L3 VRRP for Reliable WAN Backbone

Internet Backbone

IP1 IP2VIR

Default Gateway for All Servers: VIR

L3 VRRP

data center design guide 4 1

Technology

internet data center

idc network basics

data center security

internet operations

internet data centers

security monitoring

alteon websystems

multiservices best people