Escolar Documentos
Profissional Documentos
Cultura Documentos
Disclaimer
Network design is not black and white but, some design approaches have proven to work better than others
Design options in this presentation follow existing ESE design recommendations with a focus on Nexus 7000 Designs presented here are based on NX-OS 4.0 and 4.1 releases only
Does not address SAN designs
Recommendations are based on what customers have deployed since FCS of the platform
Cisco Confidential
Cisco Confidential
Aggregation
Access
Other Campus hand off Services (optional) ToR, MoR, Blade Switch
4
Layer 2 Domain
Use Rapid-PVST+ or MST Typically doesnt span beyond aggregation layer Pay attention to logical port count (MST scales better)
Cisco Confidential
SAN
Cisco Confidential
Pod 1
Pod 2
Pod 1
Pod 2
Cisco Confidential
Zones
Cisco Confidential
10
Cabling Options
Typically <100m
In-Rack Cabling
10GBase-CX1 Up to 7m
*Available Q2CY09 11
12
Have-nots:
VTP Client/Server/v3 support LLDP-MED FlexLink
Cisco Confidential
13
Donts:
Tune timers in dual Sup environments w/o testing switchover
Cisco Confidential
14
Have-nots:
MPLS Import/export capabilities for VRFs/BGP BFD Sub-second timers for all routing protocol NAT, any feature that includes software forwarding
Cisco Confidential
15
Donts:
Peer with an ISP and get full BGP feed (current TCAM cant hold 272k prefixes)
Cisco Confidential
16
Have-nots:
PAgP/ePAgP support
Dos:
Use cross-module EtherChannels and vPC Modify EtherChannel hash input values to your needs Use port channels with 2, 4 or 8 members for optimal traffic distribution
Donts:
Use per-packet ECMP without considering out-of-order possibility
17
Cisco Confidential
Security Aspects
Haves:
Control Plane Policing (enabled by default) Atomic ACL commits Cisco TrustSec (IEEE 802.1AE MAC Sec)
Have-nots:
Reflexive ACL support Firewall feature set ACS server managing Security Group ACLs
Dos:
Tune CoPP according to specific requirement of environment Use configuration sessions for large ACL configurations
Cisco Confidential
18
Have-nots:
Cisco-proprietary version of graceful restart (aka NSF) only standards based graceful restart is available/supported. Exception is built by EIGRP
Cisco Confidential
19
Donts:
Perform ISSU upgrade @ the busiest hour (we are confident in the solution but it is just not a best practice)
Modify default timers for dual sup environment (subject to testing)
Cisco Confidential
20
Dos:
Use CMP as backup mechanism to access the system Use mgmt0 as primary interface for SSH/telnet and SNMP, XML, NTP, NDE, etc.
Cisco Confidential
21
Conclusion
Cisco Confidential
22
Servers
Internal bus architecture # of CPUs/cores and network interfaces
Network Oversubscription
Nexus 7000 offers
32 port 10GE card with variable oversubscription Use flexible oversubscription to your advantage!
8 Ports 16 Ports 32 Ports 1:1 2:1 4:1
High performance 48 port GE I/O card MoR designs keep large amounts of East-West traffic away from Aggregation layer
Cisco Confidential
24
Oversubscription on Servers
Server Type Ratio GE 10GE
1:10
1:5 1:2
100 Mbps
200 Mbps 500 Mbps
1 Gbps
2 Gbps 5 Gbps
1:10
1:5 1:2
1 Gbps / 2 Gbps
2 Gbps / 4 Gbps 5 Gbps / 10 Gbps
VM
VM
VM
VM
VM
1:10
1:5 1:2
How does traffic behavior change in failover case? What compromises are you willing to make in event of failure?
Cisco Confidential
26
Nexus 7018
Single 768 768 512 Dual 768 768 512
Catalyst 6509
Single 384 384 130 Dual 336 336 116
64
64
128
128
34
32
Cisco Confidential
27
Oversubscription Calculation
Server: Access Layer: 500 Mbps/server over two GE NICs (active/standby) 1Gbps/500Mbps = 1:2 24 active server connections into 1x 10G uplink = 2.4:1 1:2 * 2.4:1 * 4:1 = 4.8:1 this is a low oversubscription typically 4:1 up to 12:1
Cisco Confidential
28
Cisco Confidential
STP logical ports Rapid-PVST+ limit: 10,000 MST limit: This design: 50,000 2,100
Cisco Confidential
Cisco Confidential
31
STP logical ports Rapid-PVST+ limit: 16,000 MST limit: This design: 75,000 8,151
Cisco Confidential
32
Cisco Confidential
33
STP logical ports Rapid-PVST+ limit: 16,000 MST limit: This design: 75,000 40,455
Cisco Confidential
34
Conclusion
Cisco Confidential
35
The above represent opportunities to position Nexus 7000 Remember: the competition will take this opportunity too!
Cisco Confidential
36
Cisco Confidential
37
Document contains integration of Catalyst 6500 service chassis as well as ASA 5580. ESE currently verifies advanced design options using vPC as well as VDCs. Available late Q1CY09.
Cisco Confidential
38
Conclusion
Cisco Confidential
39
Cisco Confidential
40
With vPC
No blocked uplinks Lower oversubscription EtherChannel load balancing (hash) Convergence sub-second
Cisco Confidential
41
Protocol Failure
With vPC
No blocked uplinks Lower oversubscription EtherChannel load balancing (hash) Convergence sub-second
42
vPC
VSS
ACE Appliance
ASA
NAM Appliance
Services Chassis
Cisco Confidential
43
Conclusion
Cisco Confidential
44
Needs
Partition routing so groups cant see/access each other (compliance/organizational boundaries)
Separate management for subset of services
Options
VLANs/VRFs VDCs Service contexts
Cisco Confidential
45
Back-to-back VRFs
802.1Q trunk
Cisco Confidential
46
Backup Prod-DB
47
Cisco Confidential
48
Cisco Confidential
49
Cisco Confidential
50
Conclusion
Position Nexus 7000 in Data Center designs TODAY!
Nexus 7000 offers superior 10GE density & performance Nexus 7000 supports DC relevant features today
ISSU (zero packet loss) vPC VDCs Etc.
51
Core Layer:
Modular Chassis High 10GE Density Low Oversubscription Layer 3 Links to Aggregation Hand-off to Campus
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
53
Aggregation Layer:
Modular Chassis High 10GE Density Layer 2 Trunks to Access Default Gateway for Servers Typically Attaches Services
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
54
Access Layer:
Top of Rack (ToR) Blade Switches as Access Layer End/Middle of Row (EoR/MoR) GE or 10GE to Servers Layer 2 Switching
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
55