hawaii techday-switching-v2

Multilayer Campus Architecture and Design Principals

Peyton Schouest – Solutions Architect

CCIE # 20234

[email protected]

Mitch Mitchiner – Solutions Architect

CCIE# 3958

[email protected]

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031

Enterprise-Class Availability

Systems Approach to High Availability

•  Network-level redundancy

•  System-level resiliency

•  Enhanced management

•  Human ear notices the difference in voice within 150–200 msec 10 consecutive G711 packet loss

•  Video loss is even more noticeable

•  200-msec end-to-end campus convergence

Resilient Campus Communication Fabric

2

Next-Generation Apps Video Conf., Unified Messaging, Global Outsourcing, E-Business, Wireless Ubiquity

Mission Critical Apps. Databases, Order-Entry, CRM, ERP

Desktop Apps E-mail, File and Print

Ultimate Goal……………..100%

APPLICATIONS DRIVE REQUIREMENTS FOR HIGH AVAILABILITY NETWORKING


Next-Generation Campus Design

•  VoIP is now a mainstream technology •  Ongoing evolution to the full spectrum of Unified Communications •  High-definition executive communication application requires stringent Service-Level Agreement

(SLA) •  Reliable service—high availability infrastructure •  Application service management—QoS

Unified Communications Evolution


•  Multilayer Campus Design Principles •  Foundation Services

•  Campus Innovations

•  QoS Considerations

•  Summary

Agenda

4

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services Block

Distribution Blocks

SiSi SiSi SiSi

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031 Data Center WAN Internet

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi

SiSi SiSiSiSi SiSi

SiSi SiSi

Access

Core

Distribution

Distribution

Access

High-Availability Campus Design Structure, Modularity, and Hierarchy

5


Hierarchical Campus Network Structure, Modularity and Hierarchy

6

Data Center

WAN Internet PSTN

SiSi

SiSi

SiSi SiSi

SiSi SiSi SiSi

SiSi

SiSi SiSi SiSi

SiSi

Not This!!


Hierarchical Network Design Without a Rock Solid Foundation the Rest Doesn’t Matter

7

SiSi SiSi

SiSiSiSi

SiSi SiSi

Building Block Access

Distribution

Core

Distribution

Access §  Offers hierarchy—each layer has specific role §  Modular topology—building blocks §  Easy to grow, understand, and troubleshoot §  Creates small fault domains— clear

demarcations and isolation §  Promotes load balancing and redundancy §  Promotes deterministic traffic patterns §  Incorporates balance of both Layer 2 and Layer

3 technology, leveraging the strength of both §  Utilizes Layer 3 routing for load balancing, fast

convergence, scalability, and control


Access Layer

•  It’s not just about connectivity •  Layer 2/Layer 3 feature rich environment; convergence,

HA, security, QoS, IP multicast, etc. •  Intelligent network services: QoS,

trust boundary, broadcast suppression, IGMP snooping

•  Intelligent network services: PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, etc.

•  Cisco Catalyst® integrated security features IBNS (802.1x), (CISF): port security, DHCP snooping, DAI, IPSG, etc.

•  Automatic phone discovery, conditional trust boundary, power over Ethernet, auxiliary VLAN, etc.

•  Spanning tree toolkit: PortFast, UplinkFast, BackboneFast, LoopGuard, BPDU Guard, BPDU Filter, RootGuard, etc.

Feature Rich Environment

8

Access

Distribution

Core SiSiSiSi

SiSi SiSi


Distribution Layer

•  Availability, load balancing, QoS and provisioning are the important considerations at this layer

•  Aggregates wiring closets (access layer) and uplinks to core

•  Protects core from high density peering and problems in access layer

•  Route summarization, fast convergence, redundant path load sharing

•  HSRP or GLBP to provide first hop redundancy

Policy, Convergence, QoS, and High Availability

9

Access

Distribution

Core SiSiSiSi

SiSi SiSi


Core Layer

•  Backbone for the network—connects network building blocks

•  Performance and stability vs. complexity— less is more in the core

•  Aggregation point for distribution layer

•  Separate core layer helps in scalability during future growth

•  Keep the design technology-independent

Scalability, High Availability, and Fast Convergence

10

Access

Distribution

Core SiSiSiSi

SiSi SiSi


Do I Need a Core Layer?

•  No Core

•  Fully-meshed distribution layers

•  Physical cabling requirement

•  Routing complexity

It's Really a Question of Scale, Complexity, and Convergence

11

4th Building Block 12 New Links 24 Links Total

8 IGP Neighbors

3rd Building Block 8 New Links 12 Links Total

5 IGP Neighbors

Second Building Block–4 New Links


2nd Building Block 8 New Links

Do I Need a Core Layer?

•  Dedicated Core Switches •  Easier to add a module

•  Fewer links in the core

•  Easier bandwidth upgrade

•  Routing protocol peering reduced

•  Equal cost Layer 3 links for best convergence

It’s Really a Question of Scale, Complexity, and Convergence

12

4th Building Block 4 New Links 16 Links Total

3 IGP Neighbors

3rd Building Block 4 New Links 12 Links Total

3 IGP Neighbors


Data Center WAN Internet

SiSi SiSi SiSi SiSi

SiSi SiSi

SiSi SiSiSiSi SiSi

SiSi SiSi

Access

Core

Distribution

Distribution

Access

Design Alternatives Come Within a Building (or Distribution) Block

13

Layer 2 Access Routed Access Virtual Switching System


Layer 3 Distribution Interconnection

•  Tune CEF load balancing •  Match CatOS/IOS EtherChannel settings and tune

load balancing

•  Summarize routes towards core

•  Limit redundant IGP peering •  STP Root and HSRP primary tuning or GLBP to load

balance on uplinks

•  Set trunk mode on/no-negotiate

•  Disable EtherChannel unless needed •  Set port host on access layer ports:

•  Disable trunking Disable EtherChannel Enable PortFast

•  RootGuard or BPDU-Guard

•  Use security features

Layer 2 Access—No VLANs Span Access Layer

14

Access

Distribution

Core

VLAN 120 Voice 10.1.120.0/24

Point-to-Point Link

VLAN 20 Data 10.1.20.0/24

VLAN 140 Voice 10.1.140.0/24

SiSi SiSi

SiSi SiSi

VLAN 40 Data 10.1.40.0/24

Layer 3


VLAN 250 WLAN 10.1.250.0/24

Layer 2 Distribution Interconnection

•  Tune CEF load balancing

•  Match CatOS/IOS EtherChannel settings and tune load balancing

•  Summarize routes towards core

•  Limit redundant IGP peering

•  STP Root and HSRP primary or GLBP and STP port cost tuning to load balance on uplinks

•  Set trunk mode on/no-negotiate

•  Disable EtherChannel unless needed

•  RootGuard on downlinks

•  LoopGuard on uplinks

•  Set port host on access Layer ports: •  Disable trunking

Disable EtherChannel Enable PortFast

•  RootGuard or BPDU-Guard

•  Use security features

Layer 2 Access—Some VLANs Span Access Layer

15

VLAN 120 Voice 10.1.120.0/24

Trunk

VLAN 20 Data 10.1.20.0/24

VLAN 140 Voice 10.1.140.0/24

SiSi SiSi

SiSi SiSi

Layer 2

VLAN 40 Data 10.1.40.0/24

Access

Distribution

Core





•  Summary

Agenda

16

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services Block

Distribution Blocks

SiSi SiSi SiSi


Foundation Services •  Layer 1 physical things

•  Layer 2 redundancy— spanning tree

•  Layer 3 routing protocols

•  Trunking protocols—(ISL/.1q)

•  Unidirectional link detection

•  Load balancing •  EtherChannel link aggregation •  CEF equal cost load balancing

•  First hop redundancy protocols •  VRRP, HSRP, and GLBP

17

Spanning Tree Routing

HSRP

GLBP

Trunking

Load Balancing



Layer 3 Equal Cost Links



SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi

Best Practices— Layer 1 Physical Things •  Use point-to-point interconnections—

no L2 aggregation points between nodes

•  Use fiber for best convergence (debounce timer)

•  Tune carrier delay timer

•  Use configuration on the physical interface not VLAN/SVI when possible

18


Redundancy and Protocol Interaction

•  Indirect link failures are harder to detect

•  With no direct HW notification of link loss or topology change convergence times are dependent on SW notification

•  Indirect failure events in a bridged environment are detected by spanning tree hellos

•  In certain topologies the need for TCN updates or dummy multicast flooding (uplink fast) is necessary for convergence

•  You should not be using hubs in a high-availability design

Link Neighbor Failure Detection

19

SiSi

SiSi

SiSi

BPDUs

Layer 2

SiSi

SiSi

SiSi

Layer 2

Hellos



•  Direct point-to-point fiber provides for fast failure detection

•  IEEE 802.3z and 802.3ae link negotiation define the use of remote fault indicator and link fault signaling mechanisms

•  Do not disable auto-negotiation on GigE and 10GigE interfaces

•  The default debounce timer on GigE and 10GigE fiber linecards is 10 msec

•  The minimum debounce for copper is 300 msec

Link Redundancy and Failure Detection

20

1

2

3

Linecard Throttling: Debounce Timer

Remote IEEE Fault Detection Mechanism

Cisco IOS® Throttling: Carrier Delay Timer

SiSi SiSi

1



•  Configuring L3 routed interfaces provides for faster convergence than an L2 switch port with an associated L3 SVI

Layer 2 and 3—Why Use Routed Interfaces

21

21:32:47.813 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to down 21:32:47.821 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/1, changed state to down 21:32:48.069 UTC: %LINK-3-UPDOWN: Interface Vlan301, changed state to down 21:32:48.069 UTC: IP-EIGRP(Default-IP-Routing-Table:100): Callback: route, adjust Vlan301

21:38:37.042 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/1, changed state to down 21:38:37.050 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet3/1, changed state to down 21:38:37.050 UTC: IP-EIGRP(Default-IP-Routing-Table:100): Callback: route_adjust GigabitEthernet3/1

SiSiSiSiL2

SiSiSiSiL3

~ 8 msec loss ~ 150–200 msec loss

1. Link Down 2. Interface Down 3. Autostate 4. SVI Down 5. Routing Update

1.  Link Down 2.  Interface Down 3.  Routing Update


Best Practices— Spanning Tree Configuration •  Only span VLAN across multiple access

layer switches when you have to!

•  Use rapid PVST+ for best convergence

•  Required to protect against user side loops

•  Required to protect against operational accidents (misconfiguration or hardware failure)

•  Take advantage of the spanning tree toolkit

22




Layer 2 Loops

Same VLAN Same VLAN Same VLAN


SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi


Multilayer Network Design

•  At least some VLANs span multiple access switches

•  Layer 2 loops •  Layer 2 and 3 running over

link between distribution •  Blocked links 23

•  Each access switch has unique VLANs

•  No Layer 2 loops

•  Layer 3 link between distribution

•  No blocked links

SiSi SiSi SiSi SiSi

Vlan 10 Vlan 20 Vlan 30 Vlan 30 Vlan 30 Vlan 30

Layer 2 Access with Layer 3 Distribution


0

5

10

15

20

25

30

35

PVST+ Rapid PVST+

UpstreamDownstream

Optimizing L2 Convergence

•  Rapid-PVST+ greatly improves the restoration times for any VLAN that requires a topology convergence due to link UP

•  Rapid-PVST+ also greatly improves convergence time over backbone fast for any indirect link failures

•  PVST+ (802.1d) •  Traditional spanning tree

implementation

•  Rapid PVST+ (802.1w) •  Scales to large size

(~10,000 logical ports) •  Easy to implement, proven, scales

•  MST (802.1s) •  Permits very large scale STP

implementations (~30,000 logical ports)

•  Not as flexible as rapid PVST+

PVST+, Rapid PVST+ or MST

24

Tim

e to

Res

tore

Dat

a Fl

ows

(sec

)


Layer 2 Hardening

•  Place the root where you want it •  Root primary/secondary macro

•  The root bridge should stay where you put it •  RootGuard •  LoopGuard •  UplinkFast •  UDLD

•  Only end-station traffic should be seen on an edge port •  BPDU Guard •  RootGuard •  PortFast •  Port-security

Spanning Tree Should Behave the Way You Expect

25

SiSiSiSi

BPDU Guard or RootGuard

PortFast Port Security

RootGuard

STP Root

LoopGuard

LoopGuard






SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi

Best Practices— Layer 3 Routing Protocols

•  Typically deployed in distribution to core, and core-to-core interconnections

•  Used to quickly reroute around failed node/links while providing load balancing over redundant paths

•  Build triangles not squares for deterministic convergence

•  Only peer on links that you intend to use as transit

•  Insure redundant L3 paths to avoid black holes •  Summarize distribution to core to limit EIGRP

query diameter or OSPF LSA propagation •  Tune CEF L3/L4 load balancing hash to achieve

maximum utilization of equal cost paths (CEF polarization)

26


Best Practice—Build Triangles not Squares

•  Layer 3 redundant equal cost links support fast convergence

•  Hardware based—fast recovery to remaining path

•  Convergence is extremely fast (dual equal-cost paths: no need for OSPF or EIGRP to recalculate a new path)

Deterministic vs. Non-Deterministic

27

Triangles: Link/Box Failure Does not Require Routing Protocol Convergence

Model A

Squares: Link/Box Failure Requires Routing Protocol Convergence

Model B

SiSi

SiSiSiSi

SiSi SiSi

SiSiSiSi

SiSi


Best Practice—Passive Interfaces for IGP

•  Limit unnecessary peering using passive interface: •  Four VLANs per wiring closet •  12 adjacencies total •  Memory and CPU requirements increase

with no real benefit •  Creates overhead for IGP

Limit IGP Peering Through the Access Layer

28

Routing Updates

OSPF Example: Router(config)#routerospf 1 Router(config-router)#passive-interfaceVlan 99 Router(config)#routerospf 1 Router(config-router)#passive-interface default Router(config-router)#no passive-interface Vlan 99

EIGRP Example: Router(config)#routereigrp 1 Router(config-router)#passive-interfaceVlan 99 Router(config)#routereigrp 1 Router(config-router)#passive-interface default Router(config-router)#no passive-interface Vlan 99

Distribution

Access

SiSiSiSi


interface Port-channel1 description to Core#1 ip address 10.122.0.34 255.255.255.252 ip hello-interval eigrp 100 1 ip hold-time eigrp 100 3 ip summary-address eigrp 100 10.1.0.0 255.255.0.0 5

10.1.2.0/24 10.1.1.0/24

Why You Want to Summarize at the Distribution

•  It is important to force summarization at the distribution towards the core

•  For return path traffic an OSPF or EIGRP re-route is required

•  By limiting the number of peers an EIGRP router must query or the number of LSAs an OSPF peer must process we can optimize this reroute

•  EIGRP example:

Limit EIGRP Queries and OSPF LSA Propagation

29

SiSiSiSi

SiSi SiSi

No Summaries Queries Go Beyond the Core

Rest of Network

Access

Distribution

Core


SiSiSiSi

SiSi SiSi

Why You Want to Summarize at the Distribution

•  It is important to force summarization at the distribution towards the core

•  For return path traffic an OSPF or EIGRP re-route is required

•  By limiting the number of peers an EIGRP router must query or the number of LSAs an OSPF | peer must process we can optimize his reroute

•  For EIGRP if we summarize at the distribution we stop queries at the core boxes for an access layer flap

•  For OSPF when we summarize at the distribution (area border or L1/L2 border) the flooding of LSAs is limited to the distribution switches; SPF now deals with one LSA not three

Reduce the Complexity of IGP Convergence

30

10.1.2.0/24 10.1.1.0/24

Rest of Network

Summary: 10.1.0.0/16

Summaries Stop Queries at the Core

Access

Distribution

Core


Best Practice— Summarize at the Distribution

•  Best practice—summarize at the distribution layer to limit EIGRP queries or OSPF LSA propagation

•  Gotcha: •  Upstream: HSRP on left

distribution takes over when link fails

•  Return path: old router still advertises summary to core

•  Return traffic is dropped on right distribution switch

•  Summarizing requires a link between the distribution switches

•  Alternative design: use the access layer for transit

Gotcha—Distribution-to-Distribution Link Required

31

10.1.2.0/24 10.1.1.0/24

Summary: 10.1.0.0/16

SiSiSiSi

SiSi SiSi

Access

Distribution

Core


Provide Alternate Paths •  What happens if fails? •  No route to the core anymore? •  Allow the traffic to go

through the access? •  Do you want to use your

access switches as transit nodes?

•  How do you design for scalability if the access used for transit traffic?

•  Install a redundant link to the core •  Best practice: install redundant link to

core and utilize L3 link between distribution layer

32

Single Path to Core

A B

SiSiSiSi

SiSiSiSi

Access

Distribution

Core


SiSi

Load-Sharing Simple

Equal-Cost Multipath Optimizing CEF Load-Sharing

33

SiSiSiSi

SiSi

30% of Flows

70% of Flows

SiSiSiSi

SiSiSiSiLoad-Sharing Simple

Load-Sharing Full Simple

* = Default Load-Sharing Mode ** = PFC3 in Sup720 and Sup32 Supervisors

Catalyst 6500 PFC3** Load-Sharing Options Default* Src IP + Dst IP + Unique ID Full Src IP + Dst IP + Src Port + Dst Port Full Exclude Port Src IP + Dst IP + (Src or Dst Port) Simple Src IP + Dst IP Full Simple Src IP + Dst IP + Src Port + Dst Port

Catalyst 4500 Load-Sharing Options Original Src IP + Dst IP Universal* Src IP + Dst IP + Unique ID Include Port Src IP + Dst IP + (Src or Dst Port) + Unique ID

•  Depending on the traffic flow patterns and IP Addressing in use one algorithm may provide better load-sharing results than another

•  Be careful not to introduce polarization in a multi-tier design by changing the default to the same thing in all tiers/layers of the network


SiSiSiSi

SiSi SiSi

SiSi SiSi

CEF Load Balancing

•  CEF polarization: without some tuning CEF will select the same path left/left or right/right

•  Imbalance/overload could occur

•  Redundant paths are ignored/underutilized

•  The default CEF hash input is L3

•  We can change the default to use L3 + L4 information as input to the hash derivation

Avoid Underutilizing Redundant Layer 3 Paths

34

L

L

R

R

Redundant Paths Ignored

Distribution Default L3 Hash

Core Default L3 Hash

Distribution Default L3 Hash


SiSiSiSi

SiSi SiSi

SiSi SiSi

CEF Load Balancing

•  The default will for Sup720/32 and latest hardware (unique ID added to default). However, depending on IP addressing, and flows imbalance could occur

•  Alternating L3/L4 hash and L3 hash will give us the best load balancing results

•  Use simple in the core and full simple in the distribution to add L4 information to the algorithm at the distribution and maintain differentiation tier-to-tier

Avoid Underutilizing Redundant Layer 3 Paths

35

R L

R L

R L

All Paths Used

Distribution L3/L4 Hash

Core Default L3 Hash

Distribution L3/L4 Hash


Best Practices—Trunk Configuration •  Typically deployed on interconnection between

access and distribution layers •  Use VTP transparent mode to decrease

potential for operational error

•  Hard set trunk mode to on and encapsulation negotiate off for optimal convergence

•  Change the native VLAN to something unused to avoid VLAN hopping

•  Manually prune all VLANS except those needed

•  Disable on host ports: •  CatOS: set port host •  Cisco IOS: switchport host

36




802.1q Trunks


SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi


VTP Virtual Trunk Protocol •  Centralized VLAN management

•  VTP server switch propagates VLAN database to VTP client switches

•  Runs only on trunks

•  Four modes: •  Server: updates clients and servers •  Client: receive updates— cannot make

changes •  Transparent: let updates pass through •  Off: ignores VTP updates

37

FServer

Set VLAN 50

Trunk

Trunk Trunk

Client

Off

Trunk

A

B

C

Client

Transparent

Ok, I Just Learned VLAN 50!

Drop VTP Updates

Pass Through Update

Ok, I Just Learned VLAN 50!


DTP Dynamic Trunk Protocol •  Automatic formation of

trunked switch-to-switch interconnection •  On: always be a trunk •  Desirable: ask if the other side can/will •  Auto: if the other sides asks I will •  Off: don’t become a trunk

•  Negotiation of 802.1Q or ISL encapsulation •  ISL: try to use ISL trunk encapsulation •  802.1q: try to use 802.1q encapsulation •  Negotiate: negotiate ISL or 802.1q encapsulation with

peer •  Non-negotiate: always use encapsulation that is hard

set

38

On/On Trunk

Auto/Desirable Trunk

Off/Off NO Trunk

Off/On, Auto, Desirable NO Trunk

SiSi SiSi

SiSi SiSi

SiSi SiSi

SiSiSiSi


0

0.5

1

1.5

2

2.5

Tim

e to

Con

verg

e in

Sec

onds

Trunking Desirable Trunking Nonegotiate

Optimizing Convergence: Trunk Tuning

•  DTP negotiation tuning improves link up convergence time •  IOS(config-if)# switchport mode trunk •  IOS(config-if)# switchport nonegotiate

Trunk Auto/Desirable Takes Some Time

39

Voice Data

Two Seconds of Delay/Loss Tuned Away

SiSi


Best Practices—UDLD Configuration •  Typically deployed on any fiber optic

interconnection

•  Use UDLD aggressive mode for most aggressive protection

•  Turn on in global configuration to avoid operational error/misses

•  Config example •  Cisco IOS:

udld aggressive

40




Fiber Interconnections


SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi


Unidirectional Link Detection

•  Highly-available networks require UDLD to protect against one-way communication or partially failed links and the effect that they could have on protocols like STP and RSTP

•  Primarily used on fiber optic links where patch panel errors could cause link up/up with mismatched transmit/receive pairs

•  Each switch port configured for UDLD will send UDLD protocol packets (at L2) containing the port’s own device/port ID, and the neighbor’s device/port IDs seen by UDLD on that port

•  Neighboring ports should see their own device/port ID (echo) in the packets received from the other side

•  If the port does not see its own device/port ID in the incoming UDLD packets for a specific duration of time, the link is considered unidirectional and is shutdown

Protecting Against One-Way Communication

41

Are You ‘Echoing’

My Hellos?

SiSi

SiSi


UDLD Aggressive and UDLD Normal

•  Timers are the same—15-second hellos by default

•  Aggressive Mode—after aging on a previously bi-directional link—tries eight times (once per second) to reestablish connection then err-disables port

•  UDLD—Normal Mode—only err-disable the end where UDLD detected other end just sees the link go down

•  UDLD—Aggressive—err-disable both ends of the connection due to err-disable when aging and re-establishment of UDLD communication fails

42

SiSi SiSi


Best Practices— EtherChannel Configuration •  Typically deployed in distribution to core, and

core to core interconnections

•  Used to provide link redundancy—while reducing peering complexity

•  Tune L3/L4 load balancing hash to achieve maximum utilization of channel members

•  Deploy in powers of two (two, four, or eight) •  Match CatOS and Cisco IOS PAgP settings •  802.3ad LACP for interop if you need it

•  Disable unless needed •  Cisco IOS: switchport host

43





SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi


Understanding EtherChannel Link Negotiation Options—PAgP and LACP

44

On/On Channel

On/Off No Channel

Auto/Desirable Channel

Off/On, Auto, Desirable No Channel

SiSi SiSi

SiSi SiSi

SiSi SiSi

SiSiSiSi

On/On Channel

On/Off No Channel

Active/Passive Channel

Passive/Passive No Channel

SiSi

SiSi SiSi

SiSi SiSi

SiSiSiSi

SiSi

Port Aggregation Protocol Link Aggregation Protocol

On: always be a channel/bundle member Active: ask if the other side can/will Passive: if the other side asks I will Off: don’t become a member of a channel/bundle

On: always be a channel/bundle member Desirable: ask if the other side can/will Auto: if the other side asks I will Off: don’t become a member of a channel/bundle


EtherChannels or Equal Cost Multipath 10/100/1000 How Do You Aggregate It?

45

SiSiSiSi

Access

Distribution

Core 10 GE and

10-GE Channels

Typical 20:1 Data Over- Subscription

Typical 4:1 Data Over- Subscription

SiSi SiSi


EtherChannels or Equal Cost Multipath

•  More links = more routing peer relationships and associated overhead

•  EtherChannels allow you to reduce peers by creating single logical interface to peer over

•  On single link failure in a bundle •  OSPF running on a Cisco

IOS-based switch will reduce link cost and reroute traffic

•  OSPF running on a hybrid switch will not change link cost and may overload remaining links

•  EIGRP may not change link cost and may overload remaining links

Reduce Complexity/Peer Relationships

46




SiSiSiSi


SiSiSiSi

SiSi SiSiSiSiSiSi


EtherChannels or Equal Cost Multipath

•  More links = more routing peer relationships and associated overhead

•  EtherChannels allow you to reduce peers by creating single logical interface to peer over

•  However, a single link failure is not taken into consideration by routing protocols. Overload possible

•  Single 10-gigabit links address both problems. Increased bandwidth without increasing complexity or compromising routing protocols ability to select best path

Why 10-Gigabit Interfaces

47




SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi



EtherChannels—Quick Summary •  For Layer 2 EtherChannels: Desirable/Desirable is the recommended configuration so that PAgP

is running across all members of the bundle insuring that an individual link failure will not result in an STP failure

•  For Layer 3 EtherChannels: one can consider a configuration that uses ON/ON. There is a trade-off between performance/HA impact and maintenance and operations implications

•  An ON/ON configuration is faster from a link-up (restoration) perspective than a Desirable/Desirable alternative. However, in this configuration PAgP is not actively monitoring the state of the bundle members and a misconfigured bundle is not easily identified

•  Routing protocols may not have visibility into the state of an individual member of a bundle. LACP and the minimum links option can be used to bring the entire bundle down when the capacity is diminished. •  OSPF has visibility to member loss (best practices pending investigation). EIGRP does not…

•  When used to increase bandwidth—no individual flow can go faster than the speed of an individual member of the link

•  Best used to eliminate single points of failure (i.e., link or port) dependencies from a topology

48


Best Practices—First Hop Redundancy •  Used to provide a resilient default

gateway/first hop address to end-stations

•  HSRP, VRRP, and GLBP alternatives

•  VRRP, HSRP, and GLBP provide millisecond timers and excellent convergence performance

•  VRRP if you need multivendor interoperability

•  GLBP facilitates uplink load balancing

•  Preempt timers need to be tuned to avoid black-holed traffic

49




1st Hop Redundancy


SiSiSiSi

SiSiSiSi

SiSi SiSiSiSiSiSi


First Hop Redundancy with VRRP

•  A group of routers function as one virtual router by sharing one virtual IP address and one virtual MAC address

•  One (master) router performs packet forwarding for local hosts

•  The rest of the routers act as back up in case the master router fails

•  Backup routers stay idle as far as packet forwarding from the client side is concerned

IETF Standard RFC 2338 (April 1998)

50

R1—Master, Forwarding Traffic; R2,—Backup VRRP ACTIVE VRRP BACKUP

IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0000.5e00.0101

IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: vMAC:

IP: 10.0.0.1 MAC: aaaa.aaaa.aa01 GW: 10.0.0.10 ARP: 0000.5e00.0101



SiSiSiSi

Access-a

Distribution-A VRRP Active

Distribution-B VRRP Backup

R1 R2


First Hop Redundancy with HSRP

•  A group of routers function as one virtual router by sharing one virtual IP address and one virtual MAC address

•  One (active) router performs packet forwarding for local hosts

•  The rest of the routers provide hot standby in case the active router fails

•  Standby routers stay idle as far as packet forwarding from the client side is concerned

RFC 2281 (March 1998)

51

IP: 10.0.0.1 MAC: aaaa.aaaa.aa01 GW: 10.0.0.10 ARP: 0000.0c07.ac00

SiSiSiSi

Access-a

R1

HSRP ACTIVE HSRP STANDBY IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0000.0c07.ac00

IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: vMAC:



R1—Active, Forwarding Traffic; R2—Hot Standby, Idle

R2

Distribution-A HSRP Active

Distribution-B HSRP Backup


Why You Want HSRP Preemption

•  Spanning tree root and HSRP primary aligned

•  When spanning tree root is re-introduced, traffic will take a two-hop path to HSRP active

•  HSRP preemption will allow HSRP to follow spanning tree topology

Avoid ‘Black-Hole’ during system startup

52

SiSiSiSi

SiSiSiSi

Access

Distribution

Core

Spanning Tree Root

HSRP Active

HSRP Active

Spanning Tree Root

HSRP Preempt

Without Preempt Delay HSRP Can Go Active Before Box Completely Ready to Forward Traffic: L1 (Boards), L2 (STP), L3 (IGP Convergence) standby 1 preempt delay minimum 180


First Hop Redundancy with GLBP

•  All the benefits of HSRP plus load balancing of default gateway à utilizes all available bandwidth

•  A group of routers function as one virtual router by sharing one virtual IP address but using multiple virtual MAC addresses for traffic forwarding

•  Allows traffic from a single common subnet to go through multiple redundant gateways using a single virtual IP address

Cisco Designed, Load Sharing, Patent Pending

53

GLBP AVG/AVF, SVF GLBP AVF, SVF R1- AVG; R1, R2 Both Forward Traffic

IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0007.b400.0101

IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: 10.0.0.10 vMAC: 0007.b400.0102

IP: 10.0.0.1 MAC: aaaa.aaaa.aa01 GW: 10.0.0.10 ARP: 0007.B400.0101



SiSiSiSi

Access-a

Distribution-A GLBP AVG/

AVF, SVF

Distribution-B GLPB AVF, SVF

R1


First Hop Redundancy with Load Balancing

•  Each member of a GLBP redundancy group owns a unique virtual MAC address for a common IP address/default gateway

•  When end-stations ARP for the common IP address/default gateway they are given a load-balanced virtual MAC address

•  Host A and host B send traffic to different GLBP peers but have the same default gateway

Cisco Gateway Load Balancing Protocol (GLBP)

54

10.88.1.0/24

.5 .4

.1 .2

vIP 10.88.1.10

GLBP 1 ip 10.88.1.10 vMAC 0000.0000.0001

GLBP 1 ip 10.88.1.10 vMAC 0000.0000.0002

ARPs for 10.88.1.10 Gets MAC 0000.0000.0001

ARPs for 10.88.1.10 Gets MAC 0000.0000.0002

A B

R1 R2 ARP

Reply


Optimizing Convergence: VRRP, HSRP, GLBP

•  VRRP not tested with sub-second timers and all flows go through a common VRRP peer; mean, max, and min are equal

•  HSRP has sub-second timers; however all flows go through same HSRP peer so there is no difference between mean, max, and min

•  GLBP has sub-second timers and distributes the load amongst the GLBP peers; so 50% of the clients are not affected by an uplink failure

Mean, Max, and Min—Are There Differences?

55

50% of Flows Have ZERO

Loss W/ GLBP

GLBP Is 50% Better


If You Span VLANS, Tuning Required

•  Both distribution switches act as default gateway

•  Blocked uplink caused traffic to take less than optimal path

By Default, Half the Traffic Will Take a Two-Hop L2 Path

56 VLAN 2 VLAN 2

F 2

F: Forwarding B: Blocking

Access-b

SiSiSiSi

Core

Access-a

Distribution-A GLBP Virtual MAC 1

Distribution-B GLBP Virtual

MAC 2

Access Layer 2

Distribution Layer 2/3

Core Layer 3





•  Summary

Agenda

57

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services Block

Distribution Blocks

SiSi SiSi SiSi


Traditional High Availability Challenges

SiSi SiSi

Campus Network Data Center Network

SiSi SiSi

Traditional L2/L3 Design High Availability Challenges Multiple Control Protocols to Configure and Manage – HSRP/VRRP/STP

Under-utilized or Idling Links connecting to access layer or servers

Multiple Nodes to Manage and Troubleshoot


Traditional L2/L3 Complex STP configuration and Management HSRP/VRRP- 3 IP address Manage Two Nodes and Config

VSS STP – Not Dependant

No HSRP/VRRP- 1 IP address Manage Single Node and Config

Manage additional routing peers Manage reduced routing peers

Virtual Switching System (VSS) System Virtualization – Increased Operational Efficiency

Core/Distribution Data Center Access

SiSi SiSi SiSi SiSi


Traditional L2/L3 Idling Links Under-utilized Links Complex STP configuration

VSS No Idling - Active/Active Links

Simple Etherchannel Config Indertministic STP based convergence

Deterministic sub-second convergence

Fully Utilized Link – Granular LB

Core/Distribution Data Center Access

SiSi SiSi SiSi SiSi

Scale the Available Layer 2 Bandwidth Multi-Chassis Etherchannel (MEC)


Building 1 1000 Ports




Campus Core 94 Total Devices of Image & Configuration Management 168 Port-Channels 168 Access Trunks 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 94 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.

Network Design

Traditional L2 / L3 Campus Multi-Layer Switches

Non-Stack L2 Switches


Building 1 Building 2 Building 3 Building 4

29 Total Devices of Image & Configuration Management 48 Port-Channels 48 Access Trunks 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 29 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.

VSS VSS

Core



SiSi

SiSi SiSi SiSi

SiSi

SiSi

SiSi

Access

Core



SiSi SiSi

SiSi SiSiSiSi SiSi

SiSi SiSi

Distribution

Distribution

Access Data Center WAN Internet


SiSi SiSi

SiSi SiSiSiSi SiSi

SiSi SiSi

High Availability Campus Design Simplified with VSS


VSS Architecture Key Concepts

Virtual Switch Domain

Virtual Switch Link

Special 10GE Port-Channel joins two Catalyst Switches allowing them to operate as a single logical device

Virtual Switch 1 Virtual Switch 2

Catalyst Switch that operates as the Hot Standby Control Plane for the VSS

Defines 2 Catalyst Switches that are participating together as a Virtual Switching System (VSS)

Catalyst Switch that operates as the Active Control Plane for the VSS

Active Control Plane

Active Data Plane

Hot Standby Control Plane

Active Data Plane


VSS Architecture Virtual Switch Link (VSL)

The Virtual Switch Link (VSL) joins two physical chassis together The VSL provides a control-plane interface to keep both chassis in sync The VSS “control-plane” uses the VSL for CPU to CPU communications (programming, statistics, etc.) while the “data-plane” uses the VSL to extend the internal chassis fabric to the remote chassis.

A Virtual Switch Link (VSL) Port-Channel can consist of up to 8 x 10GE (or 4 x 40GE) members

All traffic traversing the VSL is encapsulated in a 32 byte “Virtual Switch Header” containing Ingress and Egress Port Index, Class of Service (CoS), VLAN ID, other important information from the Layer 2 and Layer 3 header

Virtual Switch Link

VS Header L2 Hdr L3 Hdr DATA CRC Switch 1 Switch 2


VSS Architecture Dual Active Data Planes

Both data forwarding planes are ACTIVE Standby Supervisor and all Line Cards are actively forwarding!

VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 <snip> Switch 1 Slot 5 Processor Information : ----------------------------------------------- Current Software state = ACTIVE <snip> Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 5 Processor Information : ----------------------------------------------- Current Software state = STANDBY HOT (switchover target) <snip> Fabric State = ACTIVE Control Plane State = STANDBY

Data Plane Active

Data Plane Active

Switch1 Switch2

LACP, PAGP and ON EtherChannel modes

are supported


VSS

VSS Architecture Load-Balancing for MEC & ECMP

The PFC / DFC hash logic used for MEC and ECMP load-balancing (to determine the physical port to use) is skewed to always favor LOCAL links! This avoids overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…

Link 1 Link 2

Blue Traffic destined for the

Neighbor will result in Link 1 being

chosen

Orange Traffic destined for the

Neighbor will result in Link 2 being

chosen

Logical Interface

Physical Interface

Result Bundle Hash (RBH) Value

PO 10 T 1/1/1

PO 10 T2/1/1

Logical Interface

Physical Interface

Result Bundle Hash (RBH) Value

PO 10 T 1/1/1

PO 10 T2/1/1 0,1,2,3,4,5,6,7

0,1,2,3,4,5,6,7


Standby Active Switch 1 Switch 2

Enhanced PAGP

VSLP

VSLP Fast Hello

v  Requires ePAGP capable neighbor: v  3750: 12.2(46)SE v  4500: 12.2(44)SE v  6500: 12.2(33)SXH1

v Direct L2 Point-to-Point Connection v  Requires 12.2(33)SXI

v  Sub-Second Convergence v  Typically ~200-250ms

v Sub-Second Convergence v  Typically ~50-100ms

VSS High Availability Dual-Active Protocols

Standby Active Switch 1 Switch 2

VSLP


Virtual Switching System Dual-Attach Whenever Possible

§  Dual-Attach connect to neighbor devices whenever possible!

§  EtherChannel and CEF load-balancing algorithms have been modified for VSS to always favor locally attached interfaces

§  With a Dual-Attached network design

§  Data traffic will not traverse the VSL under normal conditions, only control traffic will traverse the VSL

§  Data traffic will traverse the VSL only if there is a failure event and no local interfaces are available


Introducing Easy VSS

Traditional VSS conversion: 1. Assign Virtual Switch Domain

2. Assign Switch ID

3. Create Port-channel

4. Configure Port-channel as VSL

5. Add ports to the VSL Port-channel

6.  “switch convert mode virtual”

Start with two Standalone

systems

Both systems are now a

Single VSS

Apply one-time VSS Conversion Commands and

Reload

Easy VSS conversion: 1.  Easy VSS Feature can be enabled or disabled

2.  Single command line to convert to VSS

3.  User prompted for Domain ID and VSL details

15.2(1)SY1


VSS Support - Catalyst 6500, 6800, 4500-E and 4500-X

Catalyst 6500 / 6800 Catalyst 4500-E Catalyst 4500-X

Supervisors Sup2T, Sup720-10G Sup7-E, Sup7L-E Sup8-E

Fixed (based on Sup7E)

Mixed / Asymmetric Chassis Support Yes Yes *after release 3.5.0E No, must pair using the same base model, either 16-port or 32-port Optional 8-port module is supported

Software Trains Sup2T - 12.2SY, 15.0SY, 15.1SY, 15.2SY

3.6.0E 3.5.0E 3.4.0SG 15.1(2)SG

3.6.0E 3.5.0E, 3.4.0SG Sup720-10G - 12.2SXH, 12.2SXI,

12.2SXJ, 15.1SY

Quad-Sup SSO Sup2T 15.1SY1 No, Future Release N/A

Quad-Sup Uplink Forwarding Sup720-10G 12.2(33)SXI4 No, Future Release N/A


72 Simplify Operations by Eliminating STP, FHRP and Multiple Touch-Points

Minimizes Convergence with Sub-second Stateful and Graceful Recovery (SSO/NSF) Double Bandwidth & Reduce Latency with Active-Active Multi-chassis EtherChannel (MEC)

Benefits of Virtual Switching

Catalyst Virtual Switching System Topology Comparisons

Traditional

Access Switch

LACP or PAGP

STP or MST

HSRP or VRRP

Access Switch Stack

VSS - Physical

LACP or PAGP

VSL

Access Switch Access Switch Stack

VSS - Logical

Access Switch Stack

Access Switch

MEC


SDP SRP SCP

Instant Access Client

Instant Access Stack

VSL

LACP or PAGP

LACP or PAGP

Access Switch

Access Stack

VSL

Access Switch

Access Stack

LACP or PAGP

Evolution of the Campus



SiSi SiSi

SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi


Core




VSS VSS

Core


5 Total Devices of Image & Configuration Management 4 Port-Channels 0 Trunk Configuration 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 5 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.

VSS + IA

Catalyst Instant Access


Core


Instant Access Campus Design

VLAN 10

VLAN 100

VLAN 100

VLAN 20

VLAN 120

VLAN 30

VLAN 130

VLAN 40

VLAN 140

VLAN 50

VLAN 150

VLAN 100 VLAN 100

Data

Phone

Badge

Satellite Device capable of Stacking & POE+

Single Point of Management, Configuration and Troubleshooting

Simplified Network Design for VLANs and Port-Channels

Agile Infrastructure to add new features uniformly across Access Layer

A Single Image to Deploy and Manage across Distribution Block

2000 Port Campus Distribution Block

No Configuration of Access Switches

ISE


Port-Channel FEX-Fabric

IA Parent

Supervisor 2T

WS-6904-40G + CVR-4SFP

Virtual Switching System (VSS) IA Parent

Supervisor 2T


IA Client


Port-Channel FEX-Fabric

IA Parent

Supervisor 2T


Virtual Switching System (VSS) IA Parent

Supervisor 2T


IA Client

Catalyst 6807-XL Catalyst 6500-E

Catalyst 6880-X


Catalyst 6800IA Family

Data and PoE/PoE+ Options

2 x 10G SFP+ Uplink Ports

Catalyst 6500 features at the Access layer

740W POE Budget 15W on 48 ports or 30W on 24 ports

Stackable up to 5 member switches

System and Status LEDs

48 x 1G RJ45 Ports

80


Copper Twin-Ax for internal rack connectivity 1m, 3m, 5m, 7m

10GBASE-LRM MMF & SMF for intra building connectivity using legacy fiber

220m – 300m

26m – 400m 10GBASE-SR MMF for rack to rack and intra-building connectivity

10GBASE-LR SMF, for inter-building, campus and metro connectivity

Up to 30Km 40Km

DWDM transport network 80Km and greater

10GBASE-ER SMF, for inter-site connectivity

DWDM, for inter-site and long-haul connectivity

Up to 10Km

Diagram Not to Scale

81


v  One IOS Image across Distribution & Access-Layer v  C6500/C6800 Image + C6800IA Image bundled together as One Image

v  Automatic Image Management for Access-Layer

v  Automatic Image check & downloaded to IA client, when it comes online

v  Enhanced Fast Software Upgrade (with ISSU)

v  issu runversion <fex-id>

Behaves Just Like a Line Card! The C6800IA image is managed by VSS System


VSS Quad-Sup SSO

•  SSO across VSS, with single Supervisor in each Chassis

•  MEC across VSS Pair

Recommended

SiSi SiSiSiSiSiSi

Traditional VSS

•  Single C6K Chassis and Supervisor in VSS Mode

•  Standard EtherChannel

SiSi

Single-Chassis VSS

•  Cross-VSS and In-Chassis SSO with 2 Supervisors in each Chassis

Recommended


Stack of 3 (Phase 1) Max FEX-ID 12

FEX 101 FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 107 FEX 108 FEX 109

Max 21 Stacks Switches = 1008 ports.

12 Nodes of 48 ports each = 576 ports

FEX 101 FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 107 FEX 108 FEX 109 FEX 110 FEX 111 FEX 112

84


Feature

Port Scale

Fabric Link

Stacking Supervisor 2T

6880-X 15.1(2)SY

1000 12 3

15.2(1)SY and 15.2(1)SY1

2000 42 5

Catalyst Instant Access Phase 2 Scalability – 15.2(1)SY1 Software Release Train

Feature

Port Scale Fabric Link

Stacking

15.1(2)SY

1000 12 3

15.2(1)SY -> 15.2(1)SY1

1200 -> 1500 25 -> 32

5

Phase 1 Phase 2

85


15.1(2)SY Release Train 15.2(1)SY Release Train

5 3

12 FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 107 FEX 108 FEX 109 FEX 110 FEX 111 FEX 101

FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 139 FEX 140 FEX 141 FEX 142 FEX 101

- - - - - -

42

STACKING

FABRIC LINK

86


Catalyst Instant Access Fabric Link Connectivity Scenarios – Dual Homed to VSS Pair

Recommended Design

Dual Homed to VSS Pair

Dual Homed across Stack Members

Up to 8 uplinks (80G) MEC across Client to Parent

87

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 88

Catalyst Instant Access Connecting a downstream Switch

SiSi SiSi

v  Connect a downstream Switch just like you would to a local Line Card

v  A remote (downstream) Switch must be managed Independently

v  You can use Smart Install

v  You can use Compact Switch

v  Spanning Tree across Trunk ports

v  Spanning Tree will block redundant links

VSS


Catalyst Instant Access Host Port Connectivity Options

MEC at IA Ports across Stack Members

Single Homed End devices to IA Client dual homed to VSS Pair

Host

89


Segmentation (Compliance)

Topology Independent Segmentation with

Secure Group Access (SGA)

Context-Aware Control

Role-Based Access Control with Security Group Tagging (SGT)

Identify, Profile Devices with Device Sensor

802.1X Authentication

What

Where

How Who

IDENTITY

When

Protect Network Infrastructure

MACsec Encryption (Hardware ready)

Network Device Admission Control (NDAC)

þ

þ þ þþ

90


•  MPLS based L3 VPN Services at Access Layer

•  VRF configuration only on Distribution

•  No IGP relationship between access and distribution—Fabric Links

•  No LDP between distribution and access—no additional control overhead

•  No MP-BGP on access devices

•  Higher Scaling than 802.1Q-based segmentation at Layer 2

•  Group Segregation with ASA-SM service module

VRF A

VRF C

VRF B

Enterprise MPLS Core/ Access

VRF A

VRF C

VRF B

MPLS VRF at Access interface GigabitEthernet103/1/0/24

no switchport

vrf forwarding PCI

ip address 18.18.18.18 255.255.255.0

mpls ip

91


Key Takeaways Instant Access is a deployment model with specific benefits:

•  Simplified operations •  Single point of management •  Image management •  Configuration management •  Troubleshooting

•  Eliminates configuration complexity at the access uplink •  VLAN trunks, VRF-Lite , MPLS and other segmentation protocols

•  Specific hardware and software requirements

•  Centralized wired and wireless switching designs

•  Instant Access is shipping and ready to deploy •  Scalability up to 2000 nodes and different client platforms included

92





•  Summary

Agenda

93

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services Block

Distribution Blocks

SiSi SiSi SiSi


Start by Defining Your QoS Strategy Articulate Your Business Intent, Relevant Applications and End-to-End Strategy

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Video/qosmrn.pdf


The Case for Campus QoS

•  The primary role of QoS in campus networks is to manage packet loss •  In campus networks, it takes only a few milliseconds of congestion to cause drops

•  Rich media applications are extremely sensitive to packet drops


1080

line

s of

Hor

izon

tal

Res

olut

ion

1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9) 1080p60

1080 x 1920 lines =

2,073,600 pixels per frame

x 24 bits of color per pixel

x 60 frames per second

= 2,985,984,000 bps

or 3 Gbps Uncompressed! Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream

which represents over 99.8% compression (~ 1000:1) Packet loss is proportionally magnified by compression ratios

Users can notice a single packet lost in 10,000—

Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!

Why Is Video So Sensitive to Packet Loss?


Audio Samples

20 msec

Voice Packets

Bytes

200

600

1000

1400

Time

200

600

1000

1400

33 msec

Video Packets Video Frame

Video Frame

Video Frame

VoIP vs. HD Video—At the Packet Level


KB

ytes

Per

ms

10 Gbps Line Rate

Campus QoS Design Considerations How Long Can Queue-Buffers Accommodate Line-Rate Bursts?

10-GE Linecard Example

Total Per-Port Buffer: 90 MB Total Per-Queue Buffer*: 11.25 MB Gbps Line Rate: 10 Gbps = 1.25 GB/s or 1250 KB/ms Total Per-Queue Buffering Capacity: 9.0 ms

*Assuming (8) equal-sized queues

ms

0

500

1000

1500

10

50

90

130

170

210

250

290

330

370

410

450

490

530

570

610

650

690

730

770

810

850

890

930

970

10 GE Linecard Example (WS-X6908)

1 second

Begin dropping at 9 ms but overall utilization is still only 1%!


Oversubscription in the Campus

GE Link 10GE Link 40GE Link


Software and Syntax Variations

•  Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS) •  QoS is disabled by default and must be globally enabled with mls qos command •  Once enabled, all ports are set to an untrusted port-state

•  Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC) •  QoS is enabled by default •  All ports are trusted at layer 2 and layer 3 by default

•  Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS •  QoS is enabled by default (Sup2T) – Disabled by default (Sup720) •  All ports are trusted at layer 2 and layer 3 by default •  C3PL presents queuing policies similar to MQC, but as a defined “type” of policy


Untrusted / User-Administered Devices no mls qos trust

Trusted Centrally-Administered Devices mls qos trust dscp

Centrally-Administered & Conditionally-Trusted Devices mls qos trust device

•  cisco-phone •  cts •  ip-camera •  media-player

Trust Boundary Trust Boundaries

Trust Boundary

Trust Boundary

The trust boundary is the edge where •  Layer 2 (CoS / UP) and/or •  Layer 3 (DSCP)

markings are accepted or rejected


Campus QoS Design Best Practices

•  Classify and mark applications as close to their sources as technically and administratively feasible

•  Always perform QoS in hardware rather than software when a choice exists

•  Police unwanted traffic flows as close to their sources as possible

•  Enable queuing policies at every node where the potential for congestion exists


4 Class Model

Scavenger

Critical Data

Call Signaling

Realtime

8 Class Model

Critical Data

Video Call Signaling

Best Effort

Voice

Bulk Data

Network Control

Scavenger

11 Class Model

Network Management

Call Signaling Streaming Video

Transactional Data

Interactive-Video Voice

Best Effort

IP Routing

Mission-Critical Data

Scavenger

Bulk Data

Time

Best Effort


1T

Catalyst Hardware Queuing 1P3Q1T Example

1 Priority Queue

3 Non-Priority Queues

1P 3Q

Each queue has 1 Drop Threshold (the tail of the queue)


Catalyst Hardware Queuing 1P3Q1T Example

Interrupt Scheduling

Resume Scheduling


AF11 Minimum WRED Threshold: Begin randomly dropping AF11 Packets



Weighted Random Early Detect (WRED) Operation 3T WTD Example

Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example

Front of

Queue

Tail of

Queue Direction

of Packet Flow


BWR = Bandwidth Remaining

Network Management

Signaling

Realtime Interactive

Transactional Data

Multimedia Conferencing

Bulk Data

AF2 CS3

CS4 AF4

CS2 AF1

Scavenger CS1 Best Effort DF

Multimedia Streaming AF3

Broadcast Video VoIP

Application-Class

CS5 EF

Internetwork Control CS6

DSCP Network Control (CS7)

8Q4T/1P7Q4T

Realtime-Queue (10% BW/Priority)

EF CS5 CS4

Control Queue (10% BW/BWR)

CS7 & CS6 CS3 & CS2

Multimedia-Conferencing Queue (10% BW/BWR

+ DSCP-WRED) Multimedia-Streaming Queue

(10% BW/BWR + DSCP-based WRED)

Transactional Data (10% BW/BWR

+ DSCP-based WRED) Bulk Data

(4% BW/BWR +DSCP-based WRED)

Scavenger (1% BW/BWR) Default Queue

(25% BW/BWR + WRED)

DF

AF1 CS1

AF2

AF3

AF4

Example - Cisco Catalyst 6500/6800 8Q4T Ingress & 1P7Q4T Egress Queuing Models (6908-10GE)

Ingress and Egress queuing models varies by line card/module. Refer to the 6500/6800 QoS Configuration Guide to ensure that you use the proper queuing module for a given line card.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html


http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.pdf


Key Takeaways

•  Start by defining your QoS Strategy

•  Campus QoS is needed primarily to control packet drops

•  Know your QoS toolset, as this varies platform-to-platform

•  Cisco provides many At-A-Glance guides to get you up and running quickly

•  Cisco also provides Cisco Validated Design guides for more detail


Campus QoS Design 4.0—In-Depth

•  Enterprise Quality of Service Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html

•  Campus QoS Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html

•  WLAN QoS Design (BYOD CVD) http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_AVC.html

Comprehensive Design Chapters





•  Summary

Agenda

111

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services Block

Distribution Blocks

SiSi SiSi SiSi


Summary •  Offers hierarchy—each layer has specific role

•  Modular topology— building blocks

•  Easy to grow, understand, and troubleshoot

•  Creates small fault domains— Clear demarcations and isolation

•  Promotes load balancing and redundancy

•  Promotes deterministic traffic patterns

•  Incorporates balance of both Layer 2 and Layer 3 technology, leveraging the strength of both

•  Utilizes Layer 3 routing for load balancing, fast convergence, scalability, and control

112


Layer 3 Equal Cost

Links

Layer 3 Equal Cost

Links

Access

Distribution

Core

Distribution

Access


SiSi SiSi

SiSi SiSi

SiSi SiSi

SiSi SiSi

§  Offers hierarchy—each layer has specific role

§  Modular topology—building blocks §  Easy to grow, understand, and

troubleshoot §  Creates small fault domains— clear

demarcations and isolation §  Promotes load balancing and

redundancy §  Promotes deterministic traffic patterns §  Incorporates balance of both Layer 2

and Layer 3 technology, leveraging the strength of both

§  Utilizes Layer 3 routing for load balancing, fast convergence, scalability, and control


Hierarchical Network Design Without a Rock Solid Foundation the Rest Doesn’t Matter

113

Spanning Tree Routing

HSRP

GLBP

Trunking

Load Balancing

Access

Distribution

Core

Distribution

Access

Building Block

SiSi SiSi

SiSi SiSi

SiSi SiSi


Continue Your Education •  Demos in the Cisco campus

•  Walk-in Self-Paced Labs

•  Table Topics

•  Meet the Engineer 1:1 meetings

•  Related sessions BRKCRS-1500 Wired LAN Deployment Using the Cisco Validated Design for Campus BRKCRS-2600 Incorporating Intelligent Access at the Campus Edge BRKCRS-2888 Advanced Enterprise Campus Design: Converged Access BRKCRS-3035 Advanced Enterprise Campus Design: Virtual Switching System BRKCRS-3036 Advanced Enterprise Campus Design: Routed Access

114



•  Campus Design Best Practices


•  Putting It All Together

•  Summary

•  Switching Update

Agenda

115

SiSiSiSi

SiSiSiSi

SiSi

Data Center

SiSi SiSi

Services Block

Distribution Blocks

SiSi SiSi SiSi


Cisco Infrastructure Innovations Transforming the Enterprise

SCALE SECURITY SIMPLICITY

Trustsec

Unique Innovation for 802.11ac explosion

Energywise, UPOE

& IOT

Instant Access

Enterprise IoT

Cisco Multigigabit


Infrastructure Capacity Trends 802.11ac

Multi Gigabit (mGIG)


Regular clients, TREND

Wired clients

Wireless clients

Regular clients, IMPACT

Wired ports

Wireless density

time time

IOT clients, TREND

Wired clients

Wireless clients

IOT clients, IMPACT

Wired ports

Wireless density

time time

NG Workspace trends and impact / Summary.

Same trends observed in Campus and Branch

Wireless density is Key, but IOT will demand wired ports

Access Convergence is the best answer to simplify the increasing complexity


CL

IEN

TS

/ B

AN

DW

IDT

H

Early 2000 2002 2004 2006 2008 2010 2012 2014 2015

Wireless Standards – Past, Present, and Future

11Mbps

802.11n 450 Mbps

802.11ac Wave2

3.5 Gbps 6.8 Gbps

Future 10 Gbps

802.11ac Wave1 1 Gbps

802.11g 54 Mbps

802.11a, 802.11b 11 Mbps

Pervasive Nice to Have

Media Rich Applications

Mission Critical


Why Not Use 10GBASE-T?

UTP Cable IEEE 10G Spec CAT 5/5e N/A

CAT 6 55 meters

CAT 6A 100 meters

CAT 7 100 meters

>75% of WW installed base is Cat 5e/6 up to 100 meters

10GBASE-T cannot work over vast majority of installed base Source: Cabling Installation & Maintenance

Magazine, Cabling Market Outlook Consumption Trends and Analysis Enterprise and Data Center Organizations, February 2014

Cat 5e – 46%

Cat 6 – 28%

Cat 6A – 16%

Cat 7 – 5%

Cat 7A – 4%

Enterprise Horizontal BASE-‐T Cabling


The Problem - Gigabit Bottleneck

Existing Gigabit infrastructure is insufficient to handle .11ac

growth beyond 1Gbps

Gigabit Ethernet has been around since 1999 and has now become the bottleneck

Market needs an innovative technology to support >1Gbps

over existing cables

Limited to 1G!

Cat 5e Cables

WiFi @ 1G >1G


The Solution – Cisco Multigigabit Technology Powered by NBASE-T

Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure

2.5-5G!

Cat 5e Cables

WiFi > 1G

Multigigabit Switch

Multigigabit Capable AP

Is a game-changing innovation allowing enterprise networks to

evolve beyond 1G

Enables 2.5 and 5 Gbps up to 100m on legacy cables

Supports all PoE standards up to 60W

Cisco Multigigabit with


MultiGigabit Cabling Investment Protection

Cable Type

1G 2.5G 5G 10G

Cat5e ✓ ✓ ✓ NA

Cat6 ✓ ✓ ✓ 55 m

Cat6a ✓ ✓ ✓ ✓

Auto-negotiable Speeds – Interoperates with legacy ports at 100 Mbps and higher

Brownfield Deployments can leverage existing Cat5e cables, extending ROI, and supporting speeds at 2.5G and 5G at a Distance of 100m

Greenfield Deployments with Cat6a Will Support 10G – They can also support speeds at 2.5G and 5G at a distance of 100m


Cisco Multigigabit Ethernet Key Differentiators

Higher Speed AP Uplinks to Switches Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à Future proofed for higher speeds

Infrastructure Investment Protection Supports 100m distance with Cat5e cabling up to 5G speeds for Brownfield Supports Cat6a cabling for Greenfield deployments for higher speeds

POE/POE+/UPOE Cisco Innovation over 10GT Standard to support high end point power needs

Standards Compliant 1G and 10G BaseT IEEE standards, IEEE P802.3bz 2.5/5GBASE-T standardization in progress


The NEW Cisco Catalyst Multigigabit Product Family

•  NG Workspace switch •  Multigigabit in smallest form factor •  POE/POE+ •  Instant Access support

•  Industry leading Fixed Access •  24 & 48 Port Stackable Switches •  24 & 12 Multigigabit Ports •  New Uplinks

•  Best In Class Modular Access •  New 48 Ports Line Card •  12 Ports of Multigigabit per slot •  Up to 96 multigigabit ports per system

4500E 3850 3650CX

Innovation in multiple form factors!!


Energywise, UPOE & IOT


Cisco UPOE


AN EXPANDING ECOSYSTEM OF PoE DEVICES

Cisco PoE Innovation on the New Compact Switches Industry’s first fanless portfolio with 240W PoE+

FULL PoE+ •  Cisco Innovation: 240W

of PoE+ (8 x 30W) •  Fanless, silent

reliable operation

PERPETUAL PoE*

•  Provides non-stop PoE power

•  Switch can continue to provide PoE+ during configuration and reboot

DC POWERED*

•  Option to power over 18V-60V external DC power supply, supports PoE+

PoE PASS-THROUGH*

Compact Switch in the Ceiling

Ethernet Cable

…

WiFi Access Point

IP Video Surveillance

Camera

Dense Sensor Network

(Light, Motion, CO2/CO, etc.)

Commercial LED PoE Fixtures

Building Mgmt (Connected

HVAC) Wall Switch

Digital Ceiling Applications

* Roadmap (1H CY15)

•  Upto 146W PoE+ when switch is powered over UPoE & Auxiliary AC/DC power adapter


Reduced Powering Constraints with PoE Pass-Through WS-C3560CX-8PT-S

POWERED with Cisco UPOE/PoE+

ELIMINATE THE NEED FOR HUNDREDS OF METERS OF ETHERNET CABLING

•  Support Up to 8 IP devices with a single Ethernet cable drop

•  Save $100–$1000/ cable drop depending on deployment scenario

DEPLOY APPLICATIONS IN LOCATIONS WITHOUT ACCESS TO POWER OUTLETS

•  Compact Switch and PoE end devices powered by upstream UPOE/PoE-capable switch/router (Upto 70W of PoE+)

•  Auxillary (External) AC and DC Power Option (Upto 146W of PoE+)

4500-E

3850

No Power Supply No Fan

Upto 8 PoE+ Devices


Today’s Challenges – Systems are Siloed

§  Most departments and organizations work autonomously and have multiple or individual networks, software, servers and support

§  Each solution requiring dedicated power, infrastructure, operation, support, and maintenance

§  Buying multiple networks in the same building to perform the same basic functions

§  Dozens of different IT standards is difficult for reliability, security and repair

§  Siloes inhibit or prevent interoperability

§  Drives up the expense or prevents getting data from each system easily

Reducing TCO with a Converged Strategy


Light as a Service

Color beacons create pathway lighting

Beacons mark location of people/things

Rooms adjust color to match your mood

Any light can be backed up with a UPS

Color beacon’s indicate a condition

Lights change to signal the end or

start of a meeting

Intelligent lights are sign/symbol generators that can enable thousands of applications


Example BOM Comparison – XXXXX Company

PoE Solution Line Voltage Solution

Line Item Qty Fee Per Line Item Total Fees Qty Fee Per Line

Item Total Fees

Lighting Fixture Fee Summary 701 $ 272 $ 190,750 701 $ 272 $ 190,750

Sensors & Wall Control Fees 100 $ 135 $ 13,464 100 $ 135 $ 13,464

Power Control Systems (Spice boxes for POE / Zero to ten control system for line voltage) 701 $ 239 $ 167,399 1 $ 350,000 $ 350,000

Control Software Setup (Comissioning or Software scene configuration) 1 $ 17,500 $ 17,500 1 $ 25,000 $ 25,000

Control Software (Nupac) 1 $ 6,006 $ 6,006

Fixture installation 701 $ 306,250 $ 306,688 1 $ 306,250 $ 306,688

Sensors & Wall Control Installation 100 $ 263 $ 26,250 1 $ 23,625 $ 26,250

Cat 6/Wiring line runs & Materials 801 $ 315 $ 252,315 801 $ 825 $ 660,700

Conduit/piping/junction boxes 1 $ 80,000 $ 80,000

2200VA UPS SMART OL 120V USB DB9 2U RM (to support emergency power for Catalyst 3750s) 4 $ 995 $ 3,981

Emergency lighting 0-10V dimming power supply 79 $ 180 $ 14,220

Cat 6 Patch Panel - 24 port, 1U 30 $ 100 $ 3,000

19 inch steel rack 2 $ 400 $ 800

Project management 1 $ 106,000 $ 106,000 1 $ 126,000 $ 126,000

27 Catalyst 3750X 48 Port UPOE LAN Base with redundant power supplies (WS-C3750X-48U-L) 24 $ 6,030 $ 144,720

Total $ 1,238,872 $ 1,793,071

$0

$200,000

$400,000

$600,000

$800,000

$1,000,000

$1,200,000

$1,400,000

$1,600,000

$1,800,000

$2,000,000

POE Solution Line Voltage Solution

$1.24M

$1.79M

PoE vs Line Voltage Saving $: 554,200 Saving %: 31%


Incremental Energy Savings

Productivity & Health/Comfort

Generic Lighting Applications

Digital ceiling unlocks the power of IoT analytics

UPOE Connected Lighting

Incremental energy savings based on highly

dense sensor network and individual fixture control

Electrical Load Shedding Personalized Workspaces Granular Occupancy Granular Daylight Harvesting

Highly Flexible Scheduling

Change lighting temperature to follow

the circadian rhythm of workers and students

Human Centric Lighting Real time conference room availability

Customized lighting for retail stores

Emergency pathway lighting for first responders

Code blue visual indicator

Integrated Sensors • Light • Occupancy / motion

Integrated radios • WiFi • LiFi • BTLE

Metering

Analytics

• Energy • Resources • Space / occupancy • Grouping / interactions


Smart+Connected City Infrastructure Management: Leverage Investment Across Citywide Issues

Smart+Connected City Parking

Give citizens live parking availability information to reduce circling and congestion

1 Smart+Connected City Traffic

Monitor and manage traffic incidents to reduce congestion and improve livability

2 Smart+Connected City Safety & Security

Automatically detect security incidents, shorten response time, and analyze data to reduce crime

3 Smart+Connected City Street Lighting

Manage street lighting to reduce energy and maintenance costs

5 Smart+Connected City Location Services

Provide view of people flow data to aid planning and leverage location data for contextual content and advertising

4

Shared Infrastructure Layer: Smart+Connected City Wi-Fi

Common Information Layer: CIM Software

Smart+Connected City Operations Center


Cisco’s City Lighting Products and Applications

§  5-year warranty (provided by Sensity)

§  DLC (DesignLights Consortium) listed, UL/CSA safety certification

Retrofit and Luminaire Solutions

Parking Lot

Post Top/Decorativ

e

Wall Pack

High Bay Roadway

Garage Canopy

High Mast/ Flood


•  Policy based energy management via the network •  Delivers both monitoring and control

•  Broad adoption across •  Cisco enterprise platforms

•  Partner applications and devices

SOLUTION DESCRIPTION •  Energy and operational cost savings •  Greater visibility into energy usage

•  Energy mandate compliance

CUSTOMER BENEFITS

The Central Nervous System for Energy Intelligence

7:00 AM 7:00 PM


Product Update


Addressing Customer Choices

Catalyst 3650

Stackable access, wired-wireless

convergence, PoE+

*Software Update Middle CY2014

160 Gbps 25 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec

Catalyst 2960-X

Stackable access, PoE+

Catalyst 3850

Stackable access, wired-wireless convergence, UPOE / PoE+

Catalyst 4500E

Modular access, wired-wireless convergence, UPOE / PoE+

480 Gbps, 100 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec StackPower Cisco UPOE Modular Uplinks mGIG Mixed Stacking Fiber, Copper, 10G-T **

928 Gbps 100 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec Cisco UPOE VSS ISSU mGIG Linecards Investment Protection

160 Gbps 50 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec

**Roadmap

80Gbps Redundant PSUs* NetFlow-Lite TrustSec


10G SFP+ 1G SFP

1/10G 1RU Aggregation

Catalyst 4500-X

•  Fixed 10G Aggregation •  16p & 32p Base Units •  8 port 10G Network

Module •  Front-to-Back and

Back-to-Front Fans and Power Supplies

1G 1RU Aggregation

Catalyst 3850 1G Fiber •  Fixed 1G Aggregation •  Stackable •  12p and 24p SKU •  10G Network Module

Catalyst 6880-X

•  Fixed Supervisor with 16 10G ports

•  Up to 4 x 16 port 10G Network Modules for 80 10G ports

•  Best-in-Class Core Feature-set

•  BGP, MPLS, VSS, Instant Access

1/10G 1RU Aggregation

Catalyst 3850 10G Fiber

•  Fixed 10G Aggregation •  12p, 24p & 48p SKU •  Stackable (12p/24p) •  10G & 40G Network

Module

1/10G 5RU Core

Catalyst 6840-X •  Fixed 10G Core & Agg •  16p & 32p 10G SKU •  24p & 40p 10/40G SKU •  Front-to-Back Fans

and Power Supplies •  Best-in-Class Core

Feature-set •  BGP, MPLS, VSS,

Instant Access

1/10G 2RU Core & Agg.

Catalyst Fixed Backbone Portfolio Sc

ale

/ Fea

ture

s

NEW

NEW


The Quiet and Fanless 2960X Cool SKU WS-C2960X-24PSQ-L

MULTIPLE USE CASES 110W PoE on 8 ports 24x1G downlinks

2x1G SFP & 2x1G Cu

Retail Ideal in retail outlets to connect a POS machine, phone, ringer, video display

with network and PoE powering. Suited for mounting in confined spaces in the

floor

NetFlow Lite on all ports 11 inch depth, 1RU Higher MTBF rates

Education Extend access to labs, classrooms and other training rooms from central/floor distribution rooms. Reduce cable costs

and ideally suited for classrooms or confined areas

Defense Provide network and PoE connectivity

in mobile units to devices in inconvenient locations reducing cables and possible power failures. Ideal due to quiet operation and longer MTBF

rates


Catalyst Compact Switch Portfolio

8 AND 12 PORT MODELS

QUIET (FANLESS)

EXTEND THE CISCO NETWORK

FULL-SIZE CAPABILITIES LOWER TCO

FAST ETHERNET

2960-C Portfolio LAN Base

8 and 12 port FE Data or PoE

2 x 1G Uplinks E- LLW

Advanced Layer 2

Orderable Now*

* WS-3560CX-8PTS & WS-3560CX-8XPD-S FCS/Orderable in June

GIGABIT ETHERNET

2960-CX 3560-CX LAN Base 8 port GE

Data or PoE+ 1G Uplinks

E- LLW

IP Base / IP Services

8 and 12 port GE Data or PoE+

1G or 10G Uplinks E- LLW

Advanced Layer 3 and Layer 2


The New Multigigabit Compact Switch WS-C3560CX-8XPD-S

MULTIPLE USE CASES 6 x 1G/PoE+ 2 x mGig PoE+ 2 x 10G SFP+

Maintain Switch to AP Reach at Higher Speeds

Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à

Future Proofed for Higher Speeds

Infrastructure Investment Protection

Supports 100m Distance with Cat5e Cabling up to 5G Speeds

for Brownfield

Supports Cat6a/6e Cabling for Greenfield Deployments for

Higher Speeds

POE+ Cisco Innovation Over 10GT

Standard to Support High End Point Power Needs

Standards Compliant

1G and 10G BaseT IEEE Standards

Shipping Now

mGig for 11ac AP Deployments

mGig as Uplinks Connected to

Access Switches (Cat 3K/4K)


Mini 3650 – 3KV2 replacement Depth of switch – 11.62”

2 SKU’s •  24 x 1Gbe •  48 x1Gbe

48 Ports – 4xSFP+ 24 Ports - 2xSFP & 2xSFP+

Fixed Power Supply, Fixed Fans

11.62 inch depth, 1RU Cisco StackWise®-160 Converged Access

Upto 770W PoE+ budget IP Base/IP Services

Expected FCS

Q1CY16

11.62” = 295mm

Cisco Confidential 144 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Catalyst 3850 Switch

Bu i l t on C isco ’s Innova t i ve “UADP” ASIC The In te l l i gen t Swi tch fo r the Wor ld Connec ted

* Roadmap

Wireless CAPWAP Termination Up to 2000

Clients per Stack

40 Gbps Uplink Bandwidth

Line Rate on All Ports

FRU Fans, Power Supplies

Granular QoS/Flexible

NetFlow

Up to 50 APs/2000 clients per stack, and 40G per switch

480 Gbps Stacking Bandwidth

Stackpower

SGT/SGACL*

Full POE+


Delivering Unprecedented Power Availability and Flexibility

•  Power Resiliency - Adaptable “pool of power” available to all stack members

•  Provides “Zero-footprint” RPS i.e. power supply redundancy without an RPS

•  Intelligent power shedding—turn off low priority PoE end devices in the event of a power supply failure

StackPower

Resiliency


The New Catalyst 3850 Multigigabit Switches

Stackable with all other 3850 Switches (up-to 8 stack members)

Price-compelling 48-port Mgig High Performance 24-port 10Gb-T

# of mGig Ports

Port Capabilities

New uplink Modules

12 mGig ports 24 mGig ports

UPOE, EEE, MACsec UPOE, EEE, MACsec

New 2x40G and 8x10G (existing NM’s are supported)

New 2x40G and 8x10G (existing NM’s are supported)


The New Catalyst 3850 Uplink Modules

All 3850 Uplinks Are Supported on mGig switches

2x40Gig, QSFP 8x10Gig, SFP/SFP+

Compatibility

80G Non Blocking 80G Non Blocking

Only work on mGig and 10G Fiber (24-port) Switches

Performance

Only work on mGig and 10G Fiber (24-port) Switches


The New Catalyst 3850 10G Fiber Switches

# 10G Ports 12 16 24 32 48 Total

Capacity 160G 160G 320G 320G 640G

Network Modules

Supported C3850-NM-4-10G Slot Used

C3850-NM-4-10G C3850-NM-8-10G C3850-NM-2-40G

Slot Used 4x40G fixed (No FRU Network

Module)

Key Features Stacks with C3850 family – Stackwise and StackPower

Orderable Now


SUPERVISOR ENGINE 7-E SUPERVISOR ENGINE 7L-E

•  Optimized for Large Campus •  848 Gbps Switching Capacity •  4x10G SFP+/SFP uplinks •  250 MPPS •  Flexible Netflow

•  Optimized for Small/Mid Size Campus •  520 Gbps (48G/slot) •  2x10G (SFP/SFP+) or 4x1G SFP Uplinks •  225 MPPS •  Flexible Netflow

FIBER LINE CARD PORTFOLIO COPPER LINE CARD PORTFOLIO High Density

Low Density

48G

24G

WS-X4624-SFP-E WS-X4712-SFP+E

WS-X4612-SFP-E WS-X4606-X2-E

1G 10G Data Only PoE+

WS-X4748-UPOE+E WS-X4748-RJ45-E

WS-X4648-RJ45V+E WS-X4648-RJ45-E

4503-E

4507R+E 4510R+E

4506-E

POE POWER SUPPLIES

PWR-C45-1300ACV PWR-C45-2800ACV PWR-C45-4200ACV PWR-C45-6000ACV PWR-C45-9000ACV


C4500E Multigigabit Line card

Innovation with Investment Protection Supported with Supervisor Engine 7 and 8 on all 4500-E chassis

Mode

1 mGig Lite Mode 48p 1GE UPOE (First 12p usable as mGig)

Mode

2 Mode

3

mGig Enhanced Mode 12p mGig UPOE + 24p 1GE UPOE

mGig Performance Mode 12p mGig UPOE

Catalyst 4500 Multi-Gig Shipping Now


Works in all Shipping 4500-E chassis

Up to 25APs 1000 Clients

4 SFP+ 10G/1G Uplinks NG Campus

Ready

Wireless integration

Faster CPU Attribute Sup8LE Sup8E

Uplinks 4x10G/1G 8x10G/1G

Port Scale 240 384

Chassis Support

3,6,7 3,6,7,10

Wireless scale 50 APs, 1000 Clients

100 APs, 2000 Clients

FIB Table Size (V4/V6)

64K/32K 256K/128K

Wired & Wireless Features

The NEW Supervisor 8L-E

Converged Access at Low End

FCS Q4CY2015


Cisco Catalyst 6800 Family

Reinventing Your Backbone Experience

Shipping Since Q4CY13

•  Single touch point for entire campus network

•  POE/POE+ and stacking •  Cat6K features at the access with

feature consistency

•  Up to 80x10G ports in 4.5RU •  Built-in sup with extensible slots •  Catalyst 6500 DNA •  Optimized for 10G density, price, and

rich services

•  7 slots 10RU •  Up to 880G/slot capable •  Tremendous investment protection •  Optimized for 10/40/100G •  Built for scalability and performance

6807-XL 6880-X 6800IA


Throughput in 6807 160G

Optics: SFP / SFP+

Egress Buffer/port: 250 - 500 MB

Features:

Full-feature L2 / L3 with IPv4 / IPv6, MPLS / VPLS capabilities.

1M IPv4 Routes, 2M NetFlow, Performance mode

Additional Hardware Features:

Large Buffers, VSS, Instant Access. SGT, MACSEC, LISP, Dual Priority Queues, 2 Level

Shaping (HQoS)

80G

SFP / SFP+

250 - 500 MB

Full-feature L2 / L3 with IPv4 / IPv6, MPLS / VPLS capabilities.

1M IPv4 Routes, 1M NetFlow, Performance mode


Shaping (HQoS)

80G

SFP / SFP+

500 MB

Full-feature L2 / L3 with IPv4 / IPv6, MPLS / VPLS capabilities. 1M IPv4 Routes, 1M NetFlow,

No Oversubscription


Shaping (HQoS)

32x10G SFP+ 16x10G SFP+ 8x10G SFP+

Catalyst 6800 10G Portfolio Providing Deployment Options

Now Shipping

Common ASIC Architecture


Scalability & Performance

Supervisor 6T Taking Catalyst 6800 to a New Level of Scalability and Performance

Feature Parity with Sup2T from Day 1: 3000+ Features

Target Q1CY16

EC

SUP2T SUP6T

6807-XL Bandwidth 220G /Slot 440G /Slot

CPU 1.5Ghz MPC8572

2.5Ghz X86 Dual Core

Memory 2 - 4GB DDR2 667Mhz

4 - 8GB DDR3 1333Mhz

Uplinks 2 x 10G (X2) & 3 x 1G (SFP)

2 x 40G (QSFP) & 8 x 1/10G (SFP+)

Uplinks Advanced Features

VSS, MACSEC, SGT

VSS, Instant Access, MACSEC,

SGT, LISP

Bootdisk Compact Flash eUSB

Mgmt Port CMP Mgmt0

High-Performance Control Plane with x86 CPU

2 x 40G (QSFP) and 8 x 1/10G (SFP+) Uplinks Supporting IA, LISP, etc

Fiber / Copper Management Ports

Improved Fabric Providing 440G/slot

in 6807-XL

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031 Cisco 155 © 2014-2015 Cisco Systems Inc. and/or its affiliates. All rights reserved. All Catalyst 6800 Features in a Smaller Fixed Form Factor

Depth: 21.8”

Height: 2RU

40 ports of SFP/SFP+ Up to 12 ports of QSFP 10/100/1000M GLC-T 100M FX

256K IPv4 Routes 1.5M NetFlow 64K QoS / ACL

2 x 40G QSFP Uplinks Breakout to 4 x SFP+

750W / 1100W Redundant AC/DC Front-to-Back Airflow

VSS, Instant Access, LISP, SGT, MACSec, HQoS, etc

High-Scale Control Plane with X86 CPU Higher Scale for IA

Introducing the Catalyst 6840-X Orderable Now


6840-X Models 15.2(1)SY Q4CY2014

15.2(1)SY Q4CY2014 32x10G 24x10G + 2x40G 40x10G + 2x40G 16x10G

Native Optics: SFP/SFP+

# of 10G Ports: 16

# of 40G Ports: 4 using reverse adapter

Features: Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 512K Netflow

Additional Hardware Features:

Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access

SFP/SFP+

32

8 using reverse adapter

Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 1M Netflow


SFP/SFP+ and QSFP

24 + 8 using breakout

2 + 6 using reverse adapter

Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 1M Netflow


SFP/SFP+ and QSFP

40 + 8 using breakout

2 + 10 using reverse adapter

Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 1.5M Netflow


Orderable Now


1/10GE Now

40GE Later

QSFP-40G-SR4 QSFP-40G-CSR4 QSFP-40G-SR-BD QSFP-40G-LR4 QSFP-40G-ER4

Future Proofing with 10G to 40G Adapter

C6800-8P-10G

6880-X

SUP8-E

4500-X

C6800-16P-10G

C6800-16P-10G

Reverse SFP to QSFP Adapter Can Upgrade Your 10G Ports to 40G

40G Adapter

QSFP

Target Q1CY16


C6800IA-48FPDR C6800IA-48TD C6800IA-48TD C3560-CX-12PD-S

PoE/PoE+ ✗ ü 48 ports, 740W

ü�48 ports, 740W

ü 12 ports, 240W

ü 12 ports, 240W

Down Link Ports 48 x 1G RJ45 48 x 1G RJ45 48 x 1G RJ45 12 x 1G RJ45 6 x 1G RJ45 + 2 x mGig

Uplink Ports 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+

Stack 3 à 5 3 à 5 3 à 5 ✗ ✗ Dual Power Supply ✗ ✗ ü ✗ ✗ Stand-Alone Mode ✗ ✗ ✗ ü ü

*will be released with 15.2(1)SY1

Catalyst Instant Access Client Portfolio

C3560CX-8XPD-S* C6800IA-48FPD


Catalyst Software Update

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031 Investment Protection •  All E-Series Chassis and 6807-XL

•  DFC4 Upgrade Option for 67xx Line Cards Reinforce Enterprise Backbones with the Catalyst 6800

The new 15.2(1)SY Release Addressing Campus Backbone Challenges with Cat6K

§  IA Port Scale: 1K ->2K ports

§  IA Stack Scale : 3->5

§  IA Fabric Scale : 12->42

§  Compact IA Client : new!

§  8, 16 and 32p 10G/1G cards

§  Performance mode §  48p 1G cards §  40G adapter*

§  APIC-EM* §  PnP Agent §  Service Discovery

Gateway 2.0 §  Interface Templates

and Auto Config §  IBNS 2.0 §  Path Trace

§  OSPFv3 area filter §  DHCPv6 LDRA §  IPv4/v6 MVPN §  VRF-aware DHCP relay §  VRF-aware DNS §  and Much More

Instant Access

New Hardware

Innovative Features

Customer Solutions

200+ NEW BACKBONE

FEATURES

Now Shipping


Simplicity with Auto Conf and Interface Templates Configuration Challenges for Catalyst 6K Instant Access

Easy to Use and Intuitive

Up to 2,000 ports to configure and manage

Huge Running-configuration to maintain

Manual configuration of Access ports is complex and

error prone

AUTO CONFIGURATION

Simplified Running

Configuration

Parsed at Definition

Time Built-in

Templates Configuration

Rollback Precedence Management

Integrated with Session

Aware Networking


Interface Templates

6500# show running-config interface GigabitEthernet 101/1/0/1 ! interface GigabitEthernet 101/1/0/1 switchport mode access switchport block unicast switchport port-security priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end 6500# show running-config interface GigabitEthernet 101/1/0/2 ! interface GigabitEthernet 101/1/0/2 switchport mode access switchport block unicast switchport port-security priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end

BEFORE

Easy to Build, Modify and Troubleshoot Simplify Running Configuration

6500# show run template IA_INTERFACE_TEMPLATE ! template IA_INTERFACE_TEMPLATE switchport mode access switchport block unicast switchport port-security priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end 6500# show run interface GigabitEthernet 101/1/0/1 ! interface GigabitEthernet 101/1/0/1 source template IA_INTERFACE_TEMPLATE end 6500# show run interface GigabitEthernet 101/1/0/2 ! interface GigabitEthernet 101/1/0/2 source template IA_INTERFACE_TEMPLATE end

AFTER


Catalyst Update End of Sale / End of Life


3750X / 3560X End of Sale Heads-Up Products Announcement EoS Date Replacement Benefits

3750X October 31, 2015 October 31, 2016 Catalyst 3850

§  mGig §  Stack BW §  FNF (Flexible NetFlow) §  CA (Converged Access) §  Improved QoS §  Bigger buffers (12M)

3560X October 31, 2015 October 31, 2016 Catalyst 3650

§  Price §  CA (Converged Access) §  Opt. Stacking §  FNF (Flexible NetFlow) §  Improved QoS §  Bigger buffers


720-10G-3C / 4900M End of Sale Heads-Up Products Announcement EoS Date Replacement Benefits

Cat6500 Sup720-10G-3C October 31, 2014 July 31, 2015 Sup 2T

§  Instant Access §  Backward compatibility with older

generation of line cards §  Scalability/performance

improvements §  Support for future 40-Gbps module

and shipping nonblocking 10-Gbps modules

§  Connectivity management processor (CMP) for improved out-of-band management

4900M October 31, 2015 October 31, 2016

Catalyst 4500X Catalyst 3850 Catalyst 6840

§  Price §  Flexible NetFlow §  Improved QoS §  Bigger buffers §  VSS


End-Of-Sale - March 2016

•  External Announcement Date: October 1, 2015 •  End Of Sale Date: March 31, 2016

MODULES*

WS-X6708-10G-3C

WS-X6748-SFP

WS-X6748-GE-TX

WX-X6816-10T

WS-X6904-40G

WS-X6904-40G-10T

WS-X6908-10G

WS-X6908-10G-2T

*including XL, spare versions


Instant Access


Source: A commissioned study conducted by Forrester Consulting for Cisco Systems, 2012

MONITORING, TROUBLESHOOTING

SECURITY CONFIGURATIONS

INITIAL INSTALL, CONFIGS, TESTING

UPGRADING EQUIPMENT


Simplify Operations across entire Distribution POD

“Grow as you Go” with full “Plug & Play” IA client provisioning Deploy Premium Catalyst 6500 features at Access Layer

Benefits of Instant Access

Catalyst Instant Access Topology Comparisons

Traditional

Access Switch

LACP or PAGP

STP or MST

HSRP or VRRP

Access Switch Stack

VSS - Physical

LACP or PAGP

VSL

Access Switch Access Switch Stack

Instant Access

SDP SRP SCP

VSL

Instant Access Switch

Instant Access Stack


Instant Access Capabilities Differences From DC FEX

FEX STACKING

Fabric Link

Flex Stack

POE/POE+ CAPABILITY REMOTE SWITCHES

spanning-‐tree bpduguard disable


1000 Port Campus Distribution Block

Satellite Device capable of Stacking & POE+

Single Point of Management, Configuration and Troubleshooting

Simplified Network Design for VLANs and Port-Channels

Agile Infrastructure to add new features uniformly across Access Layer

A Single Image to Deploy and Manage across Distribution Block

Managed Devices = 20+ Managed Devices = 1

Key Benefits Now Shipping

ISE PRIME


Supervisor 2T WS-X6904-40G 6880-X

6500-E

6807-XL

•  10G SFP+ Uplink Ports •  POE & POE+ Support •  Integrated Stacking Module

Catalyst 6800IA

* 6807-XL and 6880-X will be available in Q4CY13.

Catalyst 6500/6800 VS

Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia

Config on Parent: interface Port-channel101 switchport mode fex-fabric fex associate 101 interface Port-channel102 switchport mode fex-fabric fex associate 102 interface GigabitEthernet101/1/0/1 switchport mode access switchport access vlan 101 interface GigabitEthernet102/1/0/1 ip address 102.1.1.1 255.255.255.0 ipv6 address 2013:102:1:1:1::1/96

FEX 101 FEX 102 FEX 103 FEX 104

Simplified Configurations


Instant Access Campus Design

Span VLAN to Isolate Badge Readers and Cameras

Keep Traditional Design for Users and Phones

Loop Free Campus Topology

VLAN 10 VLAN 20

VLAN 110 VLAN 120

VLAN 200

Data

Phone

Badge


Instant Access Parent, Client

Catalyst 6880-X

Catalyst 6807-XL

Sup 2T

6904 FourX Catalyst 6800IA

Catalyst 6500E Sup 2T

6904 FourX

Data: $7,000 PoE: $9,000


5 Total Devices of Image & Configuration Management 4 Port-Channels 0 Trunk Configuration 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 5 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.

VSS + IA

Catalyst Instant Access


Core


Cisco Catalyst Instant Access Summary

Ø Simplified Configuration and Deployment

Ø Single point of Management

Ø Plug and Play Provisioning

Ø No Image Management at Access

Ø Cat6500 Features consistent across Distribution and Access

Simplifying Networks Reducing TCO 176

Thank you


Thanks for your time --- 5’s are Good!!!

177