Od spanning tree ke směrování na druhé vrstvě

Transcription

1 Cisco Expo 2012 Od spanning tree ke směrování na druhé vrstvě T-NET4/L2 Jaromír Pilař, Consulting Systems Engineer, Cisco Expo 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

2 Agenda L2 challenges and limitations Spanning tree protocol - traditional approach Multichassis Etherchannel "Routing" at L2 - Fabricpath and TRILL 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

3 Spanning Tree Protocol BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 3

4 Traditional approach L2 Requires a Tree Branches of trees never interconnect (no loop) 11 Physical Links 5 Logical Links S2 S1 S3 Spanning Tree Protocol (STP) typically used to build this tree Tree topology implies: Wasted bandwidth increased oversubscription Sub-optimal paths Conservative convergence (timer-based) failure catastrophic (fails open) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4

5 What is Spanning-Tree? Why do we need it? A redundant connection kills a bridged network: No TTL at layer 2, A single packet can take the whole bandwidth Though, we want to keep parallel links for redundancy 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 What is Spanning-Tree? Why do we need it? The Spanning-Tree is a layer-2 algorithm was originally designed by Radia Perlman while working for DEC in Adopted into IEEE 802.1D 1990 with updates in 1998 and 2004 This protocol provides the following: Loop-free network Keeps the redundancy in case of failure Operates in a plug & play fashion 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 What will Spanning Tree achieve? Transforms a redundant topology into a tree, that, by definition, only provides one path between two nodes => no loop Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 Spanning Tree Timers and reconfiguration time Hello_time: time between two BPDUs Forward_delay: duration of Listening and Learning stages Max_age: For ports receiving BPDUs, time before the device sending BPDUs is considered lost Given the following configurable parameters: Hello time (Default: 2s, Range allowed 1-10) Max Age (Default 20s. Range allowed 6-40) Forward Delay (Default 15s. Range allowed 4-30) the convergence time in the worst case is given by formula: Max Age + (2 * Forward delay) = 50 s 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

9 How to reduce the convergence time Cisco solution: BackboneFast UplinkFast PortFast Bridge 1 ROOT Bridge 2 Bridge 3 Bridge 4 Bridge 5 Bridge 6 Bridge 7 IEEE solution: 802.1w/RSTP (Rapid Spanning Tree Protocol) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Optimizing L2 Convergence PVST+, Rapid PVST+ or MST Rapid-PVST+ greatly improves the restoration times for any VLAN that requires a topology convergence due to link UP Rapid-PVST+ also greatly improves convergence time over backbone fast for any indirect link failures PVST+ Traditional spanning tree implementation Rapid PVST+ MST Scales to large size (~10,000 logical ports) Easy to implement, proven, scales Permits very large scale STP implementations (~30,000 logical ports) Not as flexible as rapid PVST Cisco and/or its affiliates. All rights reserved. Cisco Public 10

11 Layer 2 Hardening Spanning Tree Should Behave the Way You Expect Place the root where you want it Root primary/secondary macro The root bridge should stay where you put it RootGuard LoopGuard UplinkFast UDLD Only end-station traffic should be seen on an edge port BPDU Guard RootGuard PortFast STP Root RootGuard LoopGuard LoopGuard BPDU Guard or RootGuard PortFast 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 Multichassis Etherchannel BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 Feature Overview How does it help with STP? (1 of 2) Before STP blocks redundant uplinks VLAN based load balancing Loop Resolution relies on STP Protocol Failure Primary Root Secondary Root After No blocked uplinks Lower oversubscription EtherChannel load balancing (hash) Loop Free Topology 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 Feature Overview How does it help with STP? (2 of 2) Reuse existing infrastructure Build Loop-Free Networks 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 Virtual Switching System (VSS) BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 Catalyst 6500 Virtual Switching System Overview Spanning Tree VSS (Physical View) VSS (Logical View) 10GE 10GE Si Si Si Si 802.3ad or PagP 802.3ad 802.3ad or PagP 802.3ad Access Switch or ToR or Blades Server Access Switch or ToR or Blades Server Access Switch or ToR or Blades Server Simplifies operational Manageability via Single point of Management, Elimination of STP, FHRP etc Doubles bandwidth utilization with Active-Active Multi-Chassis Etherchannel (802.3ad/PagP) Reduce Latency Minimizes traffic disruption from switch or uplink failure with Deterministic subsecond Stateful and Graceful Recovery (SSO/NSF) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 Virtual Switching System Architecture Virtual Switch Link (VSL) The Virtual Switch Link joins the two physical switch together and it provides the mechanism to keep both the chassis in sync A Virtual Switch Link bundle can consist of up to 8 x 10GE links All traffic traversing the VSL link is encapsulated with a 32 byte Virtual Switch Header containing ingress and egress switchport indexes, class of service (COS), VLAN number, other important information from the layer 2 and layer 3 header Control plane uses the VSL for CPU to CPU communications while the data plane uses the VSL to extend the internal chassis fabric to the remote chassis VS Header L2 Hdr L3 Hdr Data CRC Virtual Switch Active Virtual Switch Link Virtual Switch Standby 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

18 Virtual Switching System Unified Control Plane One supervisor in each chassis with inter-chassis Stateful Switchover (SSO) method in with one supervisor is ACTIVE and other in HOT_STANDBY mode Active/Standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized) Active supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online Insertion Removal, port management) CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards SF RP PFC Active Supervisor CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards VSL SSO Synchronization CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards SF RP PFC Standby HOT Supervisor CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 Virtual Switching System Dual Active Forwarding Planes Both forwarding planes are active Standby supervisor and all linecards including DFC s are actively forwarding VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 <snip> Switch 1 Slot 5 Processor Information : Current Software state = ACTIVE <snip> Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 5 Processor Information : Current Software state = STANDBY HOT (switchover target) <snip> Fabric State = ACTIVE Control Plane State = STANDBY Data Plane Active Switch1 Si Si Switch2 Data Plane Active 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 Virtual Switching System Architecture Virtual Switch Domain A Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is possible to have multiple VS Domains throughout the network VSS Domain 10 VSS Domain 20 VSS Domain 30 Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network. Various protocols use Domain-IDs to uniquely identify each pair Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 Virtual Switching System Architecture Multichassis EtherChannel (MEC) Prior to the Virtual Switching System, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switching environment, the two physical switches form a single logical network entity - therefore Etherchannels can now be extended across the two physical chassis Standalone VSS Both LACP and PAGP Etherchannel protocols and Manual ON modes are supported Regular Etherchannel on single chassis Multichassis EtherChannel across 2 VSS-enabled chassis 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 Virtual Switching System Architecture EtherChannel Hash for MEC Etherchannel hashing algorithms are modified in VSS to always favor locally attached interfaces Blue Traffic destined for the Server will result in Link 1 in the MEC link bundle being chosen as the destination path Link 1 Link 2 Orange Traffic destined for the Server will result in Link 2 in the MEC link bundle being chosen as the destination path 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 Virtual Switching System Inter Chassis NSF/SSO 2 Standby Supervisor takes over as Virtual switch Active Virtual Switch Standby initiates graceful restart Virtual Switching System Non Stop forwarding of packets will continue using hardware entries as Switch-2 assumes active role Virtual Switch Active Virtual Switch Hot Standby NSF aware neighbors exchange updates with Virtual Switch Active Switch1 Switch2 Switch Is down Virtual Switch Active 1 Virtual Switch Active incurs a supervisor outage Switch1 Virtual Switching System Switch Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 High Availability Dual-Active Detection If the entire VSL bundle should happen to go down, the Virtual Switching System Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc ) potentially causing communication problems through the network 3 Step Process Dual-Active detection (using one or more of three available methods - epagp, VLSP Fast Hello, IP BFD) Recovery Period - Further network disruption is avoided by disabling previous VSS active switch interfaces connected to neighboring devices. Dual-Active Restoration - when VSL is restored, the switch that has all it s interfaces brought down in the previous step will reload to boot in a preferred standby state Switch1 Recovery Standby Active VSL Switch2 Active 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 VSS Redundant Supervisor Support Why Redundant Supervisors Are Needed A Supervisor failure event will down the affected chassis decreasing the VSS bandwidth by 50% Certain devices may only single-attach to the VSS for various reasons Service Modules/Servers Geographic separation of VSS chassis Costs $$ Supervisor failure events therefore require manual intervention for recovery of the affected chassis Uplinks are not active when the Supervisor is in ROMMON mode Undeterministic outage time Relies on manual process to install and convert the new Supervisor with current VSS configuration Si Si 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 Virtual Switching System (VSS) Quad-Sup Control Plane Redundant supervisors fully boot Cisco IOS to RPR-WARM redundancy mode Switch-1 Switch-2 SSO Active RPR -Warm Si VSL STANDBY COLD SSO Hot-Standby RPR -Warm Si 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 Virtual Switching System (VSS) Quad-Sup- Data plane From data plane perspective the RPR-Warm supervisor operates similarly to a DFCenabled line card. Forwarding tables are in sync and data plane is active for module uplinks Switch-1 Switch-2 Active Active Si VSL STANDBY COLD Active Active Si 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 1 Virtual Switching System (VSS) Active Supervisor Hardware Failure Active VSS supervisor incurs a hardware failure Switch-1 SSO Active Si RPR-Warm SSO VSL STANDBY COLD Switch-2 SSO Hot Standby Si RPR-Warm Available Bandwidth 100 % 50% SW1 SW2 SW2 = Line Cards Active 1 Duration 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 2 Virtual Switching System (VSS) Active Supervisor Hardware Failure 1. SSO failover to the hot-standby supervisor in switch-2 2. Switch-1 reloads and comes back online % bandwidth is available during switch-1 reload R R = Reload Switch-1 Si Available Bandwidth 100 % 50% SW1 SSO VSL STANDBY COLD SSO Active RPR-Warm Si Switch-2 Si SSO = SSO Switchover SW2 SW2 SW2 = Line Cards Active 1 2 Duration 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 3 Virtual Switching System (VSS) Active Supervisor Hardware Failure 1. Switch-1 comes online 2. Previous RPR warm supervisor resumes SSO hot standby state 3. The failed supervisor boots up in RPR warm mode % Bandwidth is available leveraging both switches Switch-1 RPR Warm SSO Hot Standby Si VSL STANDBY COLD SSO Active RPR Warm Switch-2 Si Available Bandwidth 100 % 50% SW1 SW1 R = Reload SW2 SW2 SW2 SW2 = Line Cards Active Duration 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 VSS Software Upgrade Full Image Upgrade Bandwidth Availability Graph The following graphs illustrate the aggregate bandwidth available to the VSS Fast Software Upgrade bandwidth availability until 12.2(33)SXI Enhanced Fast Software Upgrade bandwidth availability 12.2(33)SXI and after 100% 100% 50% 50% SW2 SW1/SW2 SW1 At step 3 during RPR switchover, bandwidth will be dropped to 0% for 1-2 minutes 1 2 SW2 3 SW1 4 SW1 5 With EFSU, a minimum of 50% bandwidth is available throughout the software upgrade process 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 Virtual Switching System Enterprise Campus A Virtual Switching System-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture L3 Core Reduced routing neighbors, Minimal L3 reconvergence L2/L3 Distribution No FHRPs No Looped topology Policy Management Access Multiple active uplinks per VLAN, No STP convergence 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Virtual Switching System Data Center A Virtual Switching System-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree Single router node, Fast L2 convergence, Scalable architecture L2/L3 Core Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable L2 Distribution Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence L2 Access 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 Virtual Portchannel (vpc) BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 Feature Overview vpc Definition Allow a single device to use a port channel across two upstream switches Eliminate STP blocked ports and uses all available uplink bandwidth Dual-homed server operate in active-active mode Logical Topology without vpc Provide fast convergence upon link/device failure Reduce CAPEX and OPEX Available on all current and future generation cards Logical Topology with vpc 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 Feature Overview vpc Terminology vpc Peer-keepalive link vpc Domain - pair of vpc switches vpc Domain vpc vpc peer-link CFS protocol vpc peer vpc member port vpc peer - vpc switch, one of the pair vpc member port - one of the set of ports that form a vpc vpc - the combined port channel between the vpc peers and the downstream device vpc peer-link - link used to synchronize state between vpc peer devices, must be 10GbE vpc peer-keepalive link - the keepalive link between vpc peer devices (backup to the vpc peer-link) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

37 Single-Sided vpc root vpc on the N7k Root N7k01 N7k02 logical equivalent 2/9 2/10 2/9 2/10 Po51,2 2/1 2/2 2/1 2/2 N5k01 N5k Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 Double-Sided vpc root vpc on the N7k Root N7k01 N7k02 logical equivalent 2/9 2/10 2/9 2/10 Po51 2/1 2/2 2/1 2/2 Po10 N5k01 primary Peer Link N5k02 secondary regular STP priority 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 Attaching to a vpc Domain IEEE 802.3ad and LACP Definition: Port-channel for devices for devices dual-attached to the vpc pair Provides local load balancing for port-channel members STANDARD 802.3ad port channel Access Device Requirements STANDARD 802.3ad capability LACP or static port-channels Recommendations: Use LACP when available for graceful failover and mis-configuration protection Regular vpc member Portchannel port port 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 39

40 Attaching to a vpc Domain Dual Homed vs. Single Attached P S Primary vpc Secondary vpc P S P S 1. Dual Attached 2. Attached via VDC/Secondary Switch Orphan Ports P S P S 3. Secondary ISL Port-Channel 4. Single Attached to vpc Device 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 Layer 3 and vpc Designs Layer 3 and vpc Design Use L3 links to hook up routers and peer with a vpc domain Don t use L2 port channel to attach routers to a vpc domain unless you statically route to HSRP address If both, routed and bridged traffic is required, use individual L3 links for routed traffic and L2 port-channel for bridged traffic Switch Switch Po2 Po2 P P 7k1 Po1 7k2 P Routing Protocol Peer L3 ECMP P P Router Dynamic Peering Relationship P P Router 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Spanning Tree Recommendations STP Interoperability STP Uses: Loop detection (failsafe to vpc) Non-vPC attached device Loop management on vpc addition/removal Requirements: Needs to remain enabled, but doesn t dictate vpc member port state Logical ports still count Best Practices: Make sure all switches in you layer 2 domain are running with Rapid-PVST or MST (IOS default is non-rapid PVST+), to avoid slow STP convergence (30+ secs) vpc vpc STP is running to manage loops outside of vpc s direct domain, or before initial vpc configuration Remember to configure portfast (edge port-type) on host facing interfaces to avoid slow STP convergence (30+ secs) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 Spanning Tree Recommendations Port Configuration Overview Data Center Core N Network port E Edge or portfast port type - Normal port type B BPDUguard R Rootguard L Loopguard Primary vpc Secondary vpc Aggregation HSRP ACTIVE Primary Root N vpc Domain N R R R R R R R - R HSRP STANDBY Secondary Root Layer 3 Layer 2 (STP + Rootguard) Access L E E E E E B B B B B Layer 2 (STP + BPDUguard) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 HSRP with vpc FHRP Active/Active Support for all FHRP protocols in Active/Active mode with vpc No additional configuration required Standby device communicates with vpc manager produces to determine if vpc peer is Active HSRP/VRRP peer General HSRP best practices still applies HSRP/VRRP Active : Active for shared L3 MAC L3 L2 HSRP/VRRP Standby : Active for shared L3 MAC When running active/active aggressive timers can be relaxed (i.e. 2-router vpc case) 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 44

45 Feature Overview vpc and VSS Comparison Functionality VSS (Virtual Switching System) vpc (Virtual Port Channel) Multi-Chassis Port Channel Loop-free Topology STP as a fail-safe protocol Control Plane Single Logical Node Two Independent Nodes, both active Support for Layer 3 portchannels Control Plane Protocols Single instance Instances per Node 10GE ports in the Channel 8 16 Device Configuration Combined Configs Common Configs (w/ consistency checker) Non Disruptive ISSU Support 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 45

46 Layer 2 Multipath... and what about if tree is not necessary BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 46

47 Next step in model evolution - FabricPath Layer 2 Multipathing Finally removes Spanning Tree Protocol from the network after several evolutionary intermediate steps (STP+, VSS, vpc) Integrates legacy devices via vpc+ Increase bandwidth of L2 networks via multiple active links L3 multipathing is common in IP networks, similar principles and protocols applied to L2 Cisco FabricPath - available for Nexus 7000 and for Nexus 5500 Transparent Interconnection of Lots of Links (TRILL) Extensions to well-known protocols (IS-IS) Simple configuration 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 47

48 FabricPath Introduction BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 48

49 FabricPath IS-IS FabricPath IS-IS replaces STP as control-plane protocol in FabricPath network Introduces link-state protocol with support for ECMP for Layer 2 forwarding Exchanges reachability of Switch IDs and builds forwarding trees Improves failure detection, network reconvergence, and high availability Minimal IS-IS knowledge required no user configuration by default Maintains plug-and-play nature of Layer 2 STP BPDU STP BPDU FabricPath IS-IS STP FabricPath 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

50 Why IS-IS? A few key reasons: Has no IP dependency no need for IP reachability in order to form adjacency between devices Easily extensible Using custom TLVs, IS-IS devices can exchange information about virtually anything Provides SPF routing Excellent topology building and reconvergence characteristics 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 50

51 FabricPath and Classic Ethernet (CE) Interfaces Classic Ethernet (CE) Interface Interfaces connected to existing NICs and traditional network devices Send/receive traffic in Ethernet frame format Participate in STP domain Forwarding based on MAC table FabricPath interface CE interface Ethernet Ethernet FabricPath Header STP FabricPath FabricPath Interface Interfaces connected to another FabricPath device Send/receive traffic with FabricPath header No spanning tree!!! No MAC learning Exchange topology info through L2 ISIS adjacency Forwarding based on Switch ID Table 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 51

52 Basic FabricPath Data Plane Operation DSID 20 SSID 10 DSID 20 FabricPath interface DMAC B SMAC A SSID 10 DMAC B CE interface S10 Payload SMAC A Payload S20 Ingress FabricPath Switch Egress FabricPath Switch Payload DMAC B SMAC A SMAC A Payload FabricPath Core DMAC B DMAC B SMAC A Payload STP STP Payload SMAC A DMAC B MAC A MAC B Ingress FabricPath switch determines destination Switch ID and imposes FabricPath header Destination Switch ID used to make routing decisions through FabricPath core No MAC learning or lookups required inside core Egress FabricPath switch removes FabricPath header and forwards to CE 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 FabricPath Encapsulation 16-Byte MAC-in-MAC Header Classical Ethernet Frame DMAC SMAC 802.1Q Etype Payload CRC Original CE Frame Cisco FabricPath Frame Outer DA (48) Outer SA (48) FP Tag (32) DMAC SMAC 802.1Q Etype Payload CRC (new) 6 bits bits bits 8 bits 16 bits 16 bits 10 bits 6 bits Endnode ID (5:0) U/L I/G Endnode ID (7:6) RSVD OOO/DL Switch ID Sub Switch ID Port ID Etype Ftag TTL Switch ID Unique number identifying each FabricPath switch Sub-Switch ID Identifies devices/hosts connected via VPC+ Port ID Identifies the destination or source interface Ftag (Forwarding tag) Unique number identifying topology and/or multidestination distribution tree TTL Decremented at each switch hop to prevent frames looping infinitely 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 FabricPath MAC Table Edge switches maintain both MAC address table and Switch ID table Ingress switch uses MAC table to determine destination Switch ID Egress switch uses MAC table (optionally) to determine output switchport S10 S20 S30 S40 FabricPath MAC Table on S100 Local MACs point to switchports Remote MACs point to Switch IDs MAC IF/SID A e1/1 B e1/2 C S101 D S200 FabricPath S100 S101 S200 MAC A MAC B MAC C MAC D 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 FabricPath Routing Table FabricPath IS-IS builds and manages Switch ID (routing) table All FabricPath-enabled switches automatically assigned Switch ID (no user configuration required) Algorithm computes shortest (best) paths to each Switch ID based on link metrics Equal-cost paths supported between FabricPath switches S10 S20 S30 S40 FabricPath Routing Table on S100 One best path to S10 (via L1) Switch S10 S20 IF L1 L2 S30 L3 L1 L2 L3 L4 Four equal-cost paths to S101 S40 S101 L4 L1, L2, L3, L4 FabricPath S200 L1, L2, L3, L4 S100 S101 S Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Building the FabricPath Routing Table Switch IF Switch IF S20 L1,L5,L9 S10 L4,L8,L12 S30 L1,L5,L9 S20 L4,L8,L12 S40 S100 L1,L5,L9 L1 S10 S20 S30 S40 S30 S100 L4,L8,L12 L4 S101 L5 S101 L8 S200 L9 S200 L12 L5 L6 L7 L8 L1 L2 L3 L4 L9 L10 L11 L12 FabricPath S100 S101 S200 Switch IF Switch IF S10 L1 S10 L9 S20 L2 S20 L10 S30 L3 S30 L11 S40 S101 L4 L1, L2, L3, L4 MAC A MAC B MAC C MAC D S40 S100 L12 L9, L10, L11, L12 S101 L9, L10, L11, L12 S200 L1, L2, L3, L Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 FabricPath ECMP When multiple forwarding paths available, path selection based on ECMP hash function Up to 16 next-hop interfaces for each destination Switch ID Number of next-hops installed in U2RIB controlled by maximum-paths command under FabricPath IS-IS process (default is 16) Path selection based on hash function S1 S100 S Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Conversational MAC Learning FabricPath MAC Table on S300 MAC B C IF/SID S200 (remote) e7/10 (local) S300 FabricPath MAC Table on S100 S100 MAC C MAC IF/SID A e1/1 (local) B S200 (remote) FabricPath Core FabricPath MAC Table on S200 MAC A S200 MAC A B IF/SID S100 (remote) e12/1(local) C S300 (remote) MAC B 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 FabricPath Multidestination Trees Root for Root for Tree 1 S10 S20 S30 Tree 2 S40 Multidestination traffic constrained to loop-free trees touching all FabricPath switches Root switch assigned for each multidestination tree in FabricPath domain Loop-free tree built from each Root and assigned a network-wide identifier (Ftag) FabricPath S100 S101 S200 Support for multiple multidestination trees provides multipathing for multi-destination traffic Two trees supported in NX-OS release 5.1 S100 S20 S100 S10 S10 S101 S30 S40 S101 S20 Root Logical Tree 1 S200 S40 Root Logical Tree 2 S200 S Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 Multidestination Trees and Role of the Ingress FabricPath Switch Ingress FabricPath switch determines which tree to use for each flow Other FabricPath switches forward based on tree selected by ingress switch Root for Root for Tree 1 S10 S20 S30 Tree 2 S40 Broadcast and unknown unicast typically use first tree Hash-based tree selection for multicast, with several configurable hash options L5 L6 L7 L8 L1 L2 L3 L4 L9 L10 L11 L12 Multidestination Trees on Switch 100 FabricPath S100 S101 S200 Tree IF 1 L1,L2,L3,L4 2 L Cisco and/or its affiliates. All rights reserved. Cisco Public 60

61 S3 FabricPath Introducing VPC+ F1 L1 L2 VPC+ F1 CE VPC+ allows dual-homed connections from edge ports into FabricPath domain with active/active forwarding CE switch, Layer 3 router, dual-homed server, etc. S1 Physical F1 F1 po3 F1 F1 S2 Host A VPC+ requires F1 modules with FabricPath enabled in the VDC Peer-link and all VPC+ connections must be to F1 ports Logical S3 L1 L2 Host A S4 L1,L2 VPC+ creates virtual FabricPath switch for each VPC+-attached device to allow loadbalancing within FabricPath domain S1 F1 F1 VPC+ F1 F1 S2 F1 F1 Virtual Switch 4 becomes next-hop for Host A in FabricPath domain S4 po3 Host A 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 61

62 VPC+ Physical Topology Peer link runs as FabricPath core port Peer link and PKA required VPCs configured as normal S10 S20 S30 S40 VLANs must be FabricPath VLANs No requirements for attached devices other than channel support S100 FabricPath S200 MAC A MAC B MAC C 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 62

63 VPC+ Logical Topology Virtual switch introduced S10 S20 S30 S40 S1000 S100 FabricPath S200 MAC A MAC B MAC C 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 63

64 VPC+ and Active/Active HSRP With VPC+ and SVIs in mixed-chassis, HSRP Hellos sent with VPC+ virtual switch ID FabricPath edge switches learn HSRP MAC as reached through virtual switch Traffic destined to HSRP MAC can leverage ECMP if available Either VPC+ peer can route traffic destined to HSRP MAC DSID MC SSID 1000 DMAC 0002 HSRP Active HSRP Standby SVI SVI S10 S20 S30 S40 SMAC HSRP Payload S1000 S100 po1 FabricPath po2 S200 1/30 MAC A MAC B MAC C 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 64

65 FabricPath & Standards BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 65

66 IETF standard for Layer 2 multipathing Driven by multiple vendors, including Cisco RFC ready for standardization FabricPath capable hardware is also TRILL capable Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 What Is the Relationship between FabricPath and TRILL? a set of Layer 2 multipathing technologies FabricPath initial release runs in a Native mode that is Cisco-specific, using proprietary encapsulation and control-plane elements Nexus 7000 F1 I/O modules and Nexus 5500 HW are capable of running both FabricPath and TRILL modes 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 67

68 FabricPath & TRILL Feature Summary FS-link is a superset of TRILL Frame routing (ECMP, TTL, RPFC etc ) FabricPath Yes TRILL vpc+ Yes No FHRP active/active Yes No Multiple topologies Yes No Conversational learning Yes No Inter-switch links Point-to-point only Point-to-point OR shared Yes Base protocol specification is now a proposed IETF standard (March 2010) Control plane specification will become a proposed standard within months 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 68

69 Conclusion BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 69

70 L2 domain control protocol evolution STP is still most commonly used protocol and through the time it was enhanced and improved in many different areas Solutions based on MEC are removing some STP limitations but do not remove STP itself completely from the network L2 multipath protocols using different forwarding approach are popping up Co-existence of both approaches is expected to last long time 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 70

71 Twitter Talk2Cisco SMS Zveme Vás na Ptali jste se v sále LEO 1.den 17:45 18:30 2.den 16:30 17: Cisco and/or its affiliates. All rights reserved. Cisco Public 71

72 T-NET4/L2 Prosíme, ohodnoťte tuto přednášku Cisco and/or its affiliates. All rights reserved. Cisco Public 72

73

74 Backup slides BRKDCT Cisco and/or its affiliates. All rights reserved. Cisco Public 74

75 VSL Bandwidth Sizing & Considerations Si Si Si Si The VSL is an Etherchannel can include up to eight links VSL bandwidth should be greater than or equal to the largest bandwidth connection to a single attached device (downlink) Consider the bandwidth on a per VSS chassis basis Consider the bandwidth for any Service Modules and SPAN sessions Distribute the VSL interfaces across multiple modules for added resiliency Include at least one VSL interface from the Supervisor module for faster VSL bring-up during reloads 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 75

76 Putting It All Together Host A to Host B (1) Broadcast ARP Request Multidestination Trees on Switch 10 Root for Root for Tree 1 S10 S20 S30 Tree 2 S40 Ftag Tree IF 1 L1,L5,L9 2 L9 Multidestination Trees on Switch 100 DSID FF Ftag 1 SSID 100 DMAC FF SMAC A Payload L5 L6 L7 L8 L1 L2 L3 L4 L9 L10 L11 L12 DSID FF Ftag 1 SSID 100 DMAC FF SMAC A Broadcast Tree IF 1 L1,L2,L3,L4 2 L4 FabricPath MAC Table on S100 MAC A IF/SID e1/1 (local) Learn MACs of directly-connected devices unconditionally DMAC FF SMAC A Payload FabricPath S100 S101 S200 MAC A Don t learn MACs in flood frames Ftag Multidestination Trees on Switch 200 Tree FabricPath MAC Table on S200 MAC IF 1 L9 2 L9,L10,L11,L12 IF/SID MAC B Payload Payload SMAC A DMAC FF 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 76

77 Putting It All Together Host A to Host B (2) Unicast ARP Reply Ftag Ftag A Multidestination Trees on Switch 10 Tree Multidestination Trees on Switch 100 Tree IF 1 L1,L5,L9 2 L9 IF 1 L1,L2,L3,L4 2 L4 FabricPath MAC Table on S100 MAC A B IF/SID e1/1 (local) S200 (remote) If DMAC is known, then learn remote MAC DSID MC1 Ftag 1 SSID 200 DMAC A SMAC B Payload Payload SMAC B DMAC A S10 S20 S30 S40 FabricPath S100 S101 S200 MAC A L5 L6 L7 L8 L1 L2 L3 L4 Unknown A Multidestination Trees on Switch 200 Tree FabricPath MAC Table on S200 MAC IF 1 L9 2 L9,L10,L11,L12 B L9 L10 L11 L12 IF/SID e12/2 (local) MAC B DSID MC1 Ftag 1 SSID 200 DMAC A SMAC B Payload DMAC A SMAC B Payload 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 77

78 Putting It All Together Host A to Host B (3) Unicast Data S200 S200 B FabricPath Routing Table on S30 Switch FabricPath MAC Table on S100 MAC A B S200 FabricPath Routing Table on S100 Switch S10 S20 S30 S40 S101 S200 IF L11 IF L1 L2 L3 L4 L1, L2, L3, L4 L1, L2, L3, L4 IF/SID e1/1 (local) S200 (remote) DSID 200 Ftag 1 SSID 100 DMAC B SMAC A Payload DMAC B SMAC A Payload Hash S10 S20 S30 S40 FabricPath S100 S101 S200 MAC A L5 L6 L7 L8 L1 L2 L3 L4 S200 B FabricPath Routing Table on S30 Switch FabricPath MAC Table on S200 MAC A B IF S200 L9 L10 L11 L12 IF/SID S100 (remote) e12/2 (local) MAC B DSID 200 Ftag 1 SSID 100 DMAC B SMAC A Payload Payload SMAC A DMAC B 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 78