Campuswide VLAN

Download Report

Transcript Campuswide VLAN

Campus LAN
Design
NW97_EMEA_301
1
Introduction
• Different user requirements dictate
different network solutions
• How to decide what model
of network to build?
• For each of the models:
Define network requirements
Analyze the network design architecture
Review required Technologies
NW97_EMEA_301
2
Agenda
• Building Blocks
• Campus Architectures
• Campus Design
NW97_EMEA_301
3
Building Blocks
NW97_EMEA_301
4
LAN Backbone Technologies
•Backbone only in Campus
(rarely Desktops)
155 Mbps •Interoperable Redundancy &
622 Mbps Loadsharing by PNNI1
FDX
•VLAN Standard (LANE)
•Full QOS (PBX Connection)
•Scaling Issues in large Campus
•Moderate Cost
Robust & Redundant
if Concentrators used !
Very Fast Failover
ATM
•End to End Technology
10 Mbps
100 Mbps •limited QOS (COS)
1000 Mbps •Multimedia over IP
FDX
“802.3”
“classical” L1
Install & Forget
todays L2, L3 FDX Topo
like Ethernet
Expensive...
FDDI
•FDX = NO Collisions !
•Existing Knowhow
•Very Low Cost
Ethernet
NW97_EMEA_301
5
ATM Physical Topology
Building Backbone
Campus Backbone
10/100 Mb/s
Ethernet
4/16 TR
155 or
622 Mb/s
25/155 Mb/s
ATM
155 or
622 Mb/s
Central
Switch
ATM
NW97_EMEA_301
WAN
7
Ethernet Physical Topology
Building Backbone
Campus Backbone
10/100 Mb/s
4/16 TR
(Future)
up to 2
Gb/s
10/100/1000
Mb/s
up to 8 Gb/s
WAN
ATM
NW97_EMEA_301
ATM
8
Gigabit Ethernet Distances
{
9u Singlemode
1000BaseSX
~850 nm
{
50u Multimode
“Long-Haul
Copper” (802.3ab)
{
4 pr Cat 5 UTP
{
C
1000BaseLX
~1300 nm
1000BaseCX
Copper
50u Multimode
62.5u Multimode
62.5u Multimode
Balanced
Shielded Cable
//
25m
Mach. Room
NW97_EMEA_301
Long Reach Lasers:
15 to 60 km
100m
Wiring Closet
260m
440m 550m
Building Backbones
3 km
Campus Backbone
9
Current Campus Design
Multi VLAN Server
VLAN 1
L2 Wire Speed
VLAN 4
L3 less performant
Smaller L2 Domains:
Common
Server
VLAN 2
•Faster convergence,
better resilience
•Less broadcast traffic
•Security domains
80+% Local Traffic
NW97_EMEA_301
10
New Trafficpatterns
• WEB Technology &
Distributed Systems
arrived
• Desktop-to-Desktop Video
Interactive Applications
Intranets
NW97_EMEA_301
11
Emerging Campus Structure
•Multilayer Switches
provide L2/L3 Features
Small localized Access VLANs
•Control by Access lists
•Selective BC forwarding
•Advanced Services
L2 =L3 Performance
Single VLAN
Backbone
95% Non
Local Traffic
VLAN 2
Central Server VLANs
Existing Structure
NW97_EMEA_301
13
Multilayer Switching Solutions
Multilayer Switching
Fusing Routing and Switching
Multi Protocol Over ATM
Inter ELAN Cut-through Switching
(MPOA)—ATMF Standard
NW97_EMEA_301
NetFlow™ Switching
Multilayer Switch Backbone
Inter VLAN Switching
Tag Switching
Router Backbones
Scalable Internet/Intranet
14
Multiprotocol over ATM
ATMF Standard
Based on LANE & NHRP
Limited Security
No IP MC Support in Standard
A
Cut Through Path
Remainder of Flow
ELAN A
ATM Backbone
MPOA Server
Handles Initial Flow
ELAN B
B
MPOA Client
NW97_EMEA_301
15
NetFlow Switching
• NetFlow switching
High performance Layer 3
switching
Fully compliant with all IETF
standards
No Host changes required
•
Flow management
Planning, administration
and troubleshooting
• NetFlow services
Si
Security services
Class of service
enablement
NW97_EMEA_301
16
NFLS First Packet of a Flow
Full Router or RSM
Route Processor Tasks
• Forwarding:
• Route Table
• Security:
• Access list
•Management:
• Accounting
Catalyst Switch with NFFC
Si
Application
VLAN Y
VLAN X
Campus Client
Server
Net Flow Lan Switching
NW97_EMEA_301
18
NFLS Remainder of Flow
Full Router or RSM
Catalyst NFFC
Catalyst Switch with NFFC
• Learn Flow
• Build Cache:
Source Address,
Dest. Address,
Application
• Forward Packets
InterVLAN
Statistics
L3• Gather
cut-through
switching
ASIC in Catalyst
(Services are maintained)
Campus Client
NW97_EMEA_301
Si
VLAN Y
VLAN X
Server
19
Integrated NetFlow Management
Routers
Flow
Consolidation
NetworkPlanning
Accounting/Billing
Si
Flow Profiling
Si
Switches
Flow Switching
and Data Export
NW97_EMEA_301
RMON Probe
Flow
Collection
Network Monitoring
Traffic
Director
Flow Consumers
20
Campus
Architectures
NW97_EMEA_301
21
Four Basic
Campus Architectures
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
22
Campuswide Vlans
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
23
Campuswide VLANs
• Users are Members of a specific VLAN (Subnet)
independent of physical moves
• Each VLAN could have a common set of security
requirements for all members
• Today most traffic is local to VLAN
With wirespeed L3 Performance no longer required
NW97_EMEA_301
24
Campuswide VLANs
Central
ACL
Netflow
RMON
NW97_EMEA_301
Issue: Scalability of campuswide L2 VLANs
Layer 3-4+ Routing and Filtering
Access Control, Accounting
I.e. User VLAN Membership via MAC
address with VMPS Feature on moves
25
Campuswide VLANs
VLAN ID
SRC MAC
Address
Central
ACL
Netflow
RMON
NW97_EMEA_301
Virtual
Membership
Policy Server
Layer 3-4+ Routing and Filtering
Access Control, Accounting
I.e. User VLAN Membership via MAC
address with VMPS Feature on moves
26
Campuswide Vlans
=>Ethernet
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
27
Campuswide VLAN
=>Ethernet Backbone
Switched Ethernet
Wiring
Closet
• Common security
requirements per VLAN
ISL Tagging
Distribution
Layer
Workgroup
Servers
Inter-VLAN
Routing
NW97_EMEA_301
ISL Tagging
Fast/Gigabit
Ethernet
Enterprise
Servers
• Majority of local Traffic
• Static IP addressing is
common
(DHCP can be used, too)
Core Layer
• Lots of adds, moves
and changes
• All VLANs across all
switches and the backbone
over time
• Spanning Tree Load
in Distribution/Core
Layer !!
28
Campuswide Vlans
=> ATM
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
30
Campuswide VLAN
=> ATM Backbone
Switched Ethernet
Wiring
Closet
Multiple
ELANs
Workgroup
Servers
Inter-ELAN
Routing
Enterprise
Servers
NW97_EMEA_301
• Lots of adds, moves,
and changes
ATM OC-3
• Static IP addressing common
(DHCP can be used)
LANE
• Common security
requirements per ELAN
Core Layer
VC Count !!
• Best for local Traffic
ATM
with PNNI
• Traditional voice/video
in ATM core
• Multiple VLAN (ELAN)
membership across all wiring
closets
• ATM VC Count
Scaleability !!!
31
LAN Emulation - Scalability Issues
LECS
LES
BUS
Required SVC´s
for 3 Clients...
Ethernet
Clients &
Server
ATM attached LANE Clients
need HIGH Performance ATM Hardware
to handle large number of SVC´s
LAN connected Clients CAN scale better
(depends on Switch Implementation)
NW97_EMEA_301
32
Campuswide VLAN
=>Ethernet Distribution, ATM Core
Switched Ethernet
Wiring
Closet
Workgroup
Servers
Distribution
Layer
ATM Lane
Core Layer
Inter-ELAN
Routing
NW97_EMEA_301
ATM PNNI
• Lots of adds, moves,
and changes
• Static IP addressing common
(DHCP can be used)
ISL Tagging
SPT Load !
• Best for local Traffic
• Common security
requirements per ELAN
• Traditional voice/video
in ATM core
• Multiple VLAN (ELAN)
membership across all wiring
closets
• Much lower ATM VC
Requirements
Enterprise
Servers
• SPT Load !
33
Campuswide VLAN with ATM
— Required Technologies
• LAN Emulation
• Inter-ELAN switching on routers
• High call/sec setup rate on ATM switch
• High BUS performance (mainly for multicast)
• PNNI for auto-rerouting in ATM core
• LANE Services Redundancy (SSRP)
• HSRP with LANE
• Sophisticated switch debugging tools
NW97_EMEA_301
34
Hierarchical Design
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
35
Hierarchical L2/L3 Network
• Users are still grouped into VLANS (subnets)
for overall network scalability
• Layer 3 performance approaches
Layer 2 performance
• User’s VLAN membership changes
as they move
• Traffic patterns nonlocal or unknown
NW97_EMEA_301
36
Hierarchical L2-L3 Campus
DHCP
Service
User
VLANs
Terminate
Here
L3
Block 1
L3
L3
Block n
Introduce Multilayer
Switches at
the Distribution
Core
Fully Structured
Scaleable L3
Server Block
NW97_EMEA_301
37
Hierarchical L2/L3 Network
• Layer 2 and Layer 3 used to advantage
No penalty for L3 with NetFlow™ LAN switching
Matches the new nonlocal traffic pattern
• VLANs for scalability and trunking
VLANS used as a design tool to optimize traffic flows
VLAN membership changes with moves
• Preserves scalability, addressing, policy
• Fast convergence at all layers of the network
NW97_EMEA_301
38
Hierarchical ATM
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
39
L2/L3 Network
=> ATMF MPOA
Switched Ethernet
Wiring
Closet
Multiprotocol
Client
(MPC)
ATM OC-3
• L3=L2 performance
• NO L3/L4 Accesscontrol
• Typical single Subnet per
Closet
• DHCP for IP mobility
Core Layer
MPOA
ATM
with PNNI
Route Server
(MPS)
MPC
• User’s VLAN
membership changes
with moves
• Most traffic leaves ELAN
• Traditional Voice/Video
in ATM core
Workgroup and
Enterprise Servers
NW97_EMEA_301
40
L2/L3 Network
=>Ethernet Distribution, ATM Core
Switched Ethernet
Wiring
Closet
• L3=L2 performance
• L3/4 NetFlow Services
• Typical single Subnet per
Closet
ISL Tagging
NetFlow
L3/L4
Distribution
Layer
ATM Lane
Core Layer
ATM PNNI
• User’s VLAN
membership changes
with moves
• DHCP for IP mobility
• Most traffic leaves ELAN
• Traditional Voice/Video
in ATM core
NW97_EMEA_301
Enterprise
Servers
42
Hierarchical Ethernet
Campuswide
VLANs
Hierarchical
L2/L3 Network
Frame-Switched
Backbone
Campuswide VLAN
with Ethernet
Backbone
Layer 2/Layer 3
with Ethernet
Backbone
ATM-Switched
Backbone
Campuswide VLAN
with ATM Backbone
Layer 2/Layer 3
with ATM Backbone
NW97_EMEA_301
43
L2/L3 Network
=>Ethernet
• L3=L2 performance
Switched Ethernet
Wiring
Closet
• Typical single Subnet per
Closet
ISL Tagging
NetFlow
L3/L4
Distribution
Layer
ISL Tagging
NW97_EMEA_301
Enterprise
Servers
• User’s VLAN
membership changes
with moves
• DHCP for IP mobility
Core Layer
FE, GE
• L3/4 NetFlow Services
• ISL used to maximize
uplink utilization
44
IP Mobility
• DHCP used for those clients who move
frequently
• Client receives valid IP address, mask, gateway
independent of location
• Similar in principle to Novell client
auto addressing
• DHCP is the best solution for IP mobility
• If DHCP is not possible
=> Local Area Mobility can be considered
NW97_EMEA_301
45
Campus Design
NW97_EMEA_301
48
Overall L2/L3 Campus Architecture
Switched Ethernet
....
Wiring
Closet
Switch
Domain
ISL Fast Ethernet
....
Distribution
Layer
(NetFlow
LAN Switching)
Workgroup
Servers
Core
Layer
Enterprise
Servers
NW97_EMEA_301
49
Desktop Connectivity
Switched Ethernet to the Desktop
Wiring
Closet
....
•Provision switched Ethernet to the desktop
•Use 10/100 ports for Migration to Fast Ethernet
•Catalyst™ 5500 for high density
or chassis fault tolerance
NW97_EMEA_301
51
VLAN Allocation
VLAN#
23 23 4 5 4 5 6 7 67
....
50 5150 51
etc.
•VLANs used to optimize network design
•Use VLAN trunking to scale uplink bandwidth
•Simple—maximize determinism of traffic flows
•Subnet size is approximately the size of a wiring closet
NW97_EMEA_301
52
Wiring Closet Interconnection
Switch Domain
....
Wiring
Closet
Fast Ethernet/
EtherChannel
ISL
Distribution
Layer
....
•Redundant Fast Ethernet ISL trunks
•Switch domain defined by building size
•Deploy RSM/NetFlow LAN switching in distribution layer
NW97_EMEA_301
53
Wiring Closet Detail View
VLANs:
3
2
2
3
4
5
4
5
Block 1
2
3
3
2
2
3
3
3
4
5
5
4
4
5
5
4
…
X = forwarding
Y = blocking
Wiring Closet
•Both uplinks are used for traffic
•Each uplink backs the other up
•Each Rootbridge backs the other up
•VLAN trunking to optimize design
FE ISL
FE ISL
Distribution
Layer
NW97_EMEA_301
STP Root for
Even VLANs
STP Root for
Odd VLANs
54
Redundancy Analysis
VLANs:
3
2
2
3
4
5
4
5
Block 1
3
2
2
3
3
3
4
5
5
4
4
5
5
4
…
X = forwarding
Y = blocking
Wiring Closet
X
•Fail any link
•Fail any distribution layer switch
•Traffic automatically flows on alternate link
•UplinkFast used to converge in seconds
Distribution
Layer
NW97_EMEA_301
55
UplinkFast States
Traditional
UplinkFast Feature
Listening
Blocking
Learning
Forwarding
NW97_EMEA_301
Listening
Blocking
Learning
Forwarding
56
UplinkFast
MAC Addresses “1” “2” “3”
Multicast “Dummy” Packets
with Source MAC Addresses
Wiring Closet
Distribution
Layer
NW97_EMEA_301
Forwarding tables updated by
Multicast “Dummy” Packets
57
Scale the Bandwidth with VLANs
VLANs:
2
3
2
3
4
5
4
5
Block 1
2 3
2 3
3 2
3 2
10 10
2
3
3
3
4
5
5
4
4
5
5
4
…
X = forwarding
Y = blocking
Wiring Closet
•Add another VLAN and Trunk between
wiring closet and distribution layer
•Readdressing is automatic with DHCP
Distribution
Layer
NW97_EMEA_301
58
Scaling BW—Fast EtherChannel
VLANs:
2
3
2
3
4
5
4
5
Block 1
2
3
10
3
2
10
2
3
3
3
4
5
5
4
4
5
5
4
…
X = forwarding
Y = blocking
Wiring Closet
Fast
EtherChannel
•Fast EtherChannel to increase uplink BW
•400 or 800 Mbps
•Needs Spanning Tree support
for redundant environment
Distribution
Layer
NW97_EMEA_301
59
Distribution Layer
=> Layer 3 Switching
....
Fast Ethernet/
EtherChannel
ISL
Distribution
Layer
....
Wiring
Closet
Switch Domain
....
NFFC
RSM
• Deploy NetFlow LAN Switching (NFLS)
Catalyst 5000 family switch
Route Switch Module (RSM)
NetFlow Feature Card (NFFC)
NW97_EMEA_301
60
Distribution Layer Redundancy
VLANs 1-10 (Example)
• Use both Layer 3
Switching engines
• HSRP for IP
Redundancy
Fast failover
Backplane Interconnections
to VLANs 1-10 Plus Core
HSRP Primary
for VLANs 1-10
Even
NW97_EMEA_301
HSRP Primary
for VLANs 1-10
Odd
61
Core Layer Interconnection
....
....
Wiring
Closet
Distribution
Layer
....
Core
Layer
Enterprise
Servers
NW97_EMEA_301
62
Ethernet Core—Single VLAN
Distribution
Layer
(NetFlow
LAN Switching)
Core Layer
Fast Ethernet/
Fast EtherChannel
...
Single IP Subnet in
Simplified Core
Enterprise
Servers
• Fast convergence in core with OSPF or EIGRP
• Bandwidth scaling with Fast EtherChannel
then Gigabit Ethernet
NW97_EMEA_301
63
Ethernet Core—Multiple VLANs
Distribution
Layer
(NetFlow
LAN Switching)
...
Core Layer
Fast Ethernet/
Fast EtherChannel
VLAN 100
VLAN 200
• Dual VLAN core for redundant paths
• Separation of Protocols possible
• Dual policies for security
NW97_EMEA_301
64
ATM Core Layer Considerations
Distribution
Layer NFLS
...
OC-3
OC-12 Uplinks
ATM Core Layer
Enterprise
Servers
•
•
•
•
NW97_EMEA_301
LAN Emulation in the Core
Single or multiple ELANs
Wire speed Layer 3 into the core
Enterprise servers on Fast Ethernet
65
ATM Core Redundancy
Distribution
Layer NFLS
SSRP
SSRP
...
SSRP
PNNI
ATM Core Layer
SSRP
Dual Phy
SSRP
ATMF
Standard
Client
• Dual Phy uplinks for hot standby
• PNNI provides fast, scalable VC routing
• SSRP for LANE services redundancy
NW97_EMEA_301
66
Server Attachments
....
....
Local Server
Single VLAN
....
Workgroup
Servers
FE ISL NIC
Several VLANs
Enterprise Servers
Single VLAN attached
L3/4 Connected to all VLANs
NW97_EMEA_301
67
Multicast Design
Distribution
Layer NFLS
...
Multicast Core
Core Layer
Unicast
Servers
IP Multicast
Servers
• PIM for multicast tree creation at Layer 3
• CGMP for intelligent multicast at Layer 2
• No performance penalty for IP multicast
NW97_EMEA_301
69
Hierarchical L2/L3 Campus Design
• Hierarchical Layer 2/Layer 3 networks
Scale well and are manageable
Solve real problems
• Layer 3 in the distribution layer
Full Cisco IOS for multiprotocol with RSM
Scale Layer 3 IP with NetFlow LAN Switching
• Redundant fast converging core
• Ethernet and ATM Backbones will exist
• DHCP is the Tool for IP mobility
NW97_EMEA_301
70
Summary
• Analyze your campus
requirements first:
Traffic-flow patterns
Deployment of DHCP
Mobility requirements
• Select the model that best suits
• Build it!
NW97_EMEA_301
71