IP Fabric Reference Architecture

Similar documents
Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

BESS work on control planes for DC overlay networks A short overview

Network Virtualization in IP Fabric with BGP EVPN

EXTREME VALIDATED DESIGN. Network Virtualization in IP Fabric with BGP EVPN

Ethernet VPN (EVPN) in Data Center

IP fabrics - reloaded

Solution Guide. Infrastructure as a Service: EVPN and VXLAN. Modified: Copyright 2016, Juniper Networks, Inc.

Unicast Forwarding. Unicast. Unicast Forwarding Flows Overview. Intra Subnet Forwarding (Bridging) Unicast, on page 1

Traffic Load Balancing in EVPN/VXLAN Networks. Tech Note

Internet Engineering Task Force (IETF) Request for Comments: N. Bitar Nokia R. Shekhar. Juniper. J. Uttaro AT&T W. Henderickx Nokia March 2018

Contents. EVPN overview 1

Introduction to External Connectivity

Designing Mul+- Tenant Data Centers using EVPN- IRB. Neeraj Malhotra, Principal Engineer, Cisco Ahmed Abeer, Technical Marke<ng Engineer, Cisco

Extreme Networks How to Build Scalable and Resilient Fabric Networks

Cloud Data Center Architecture Guide

Provisioning Overlay Networks

Building Data Center Networks with VXLAN EVPN Overlays Part I

Data Center Configuration. 1. Configuring VXLAN

Configuring VXLAN EVPN Multi-Site

HPE FlexFabric 5940 Switch Series

Building Blocks in EVPN VXLAN for Multi-Service Fabrics. Aldrin Isaac Co-author RFC7432 Juniper Networks

Virtual Extensible LAN and Ethernet Virtual Private Network

Technical Brief. Achieving a Scale-Out IP Fabric with the Adaptive Cloud Fabric Architecture.

Implementing VXLAN in DataCenter

VXLAN EVPN Multihoming with Cisco Nexus 9000 Series Switches

Spirent TestCenter EVPN and PBB-EVPN AppNote

Multi-site Datacenter Network Infrastructures

Virtual Hub & Spoke with BGP EVPNs

VXLAN Design with Cisco Nexus 9300 Platform Switches

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

Configuring VXLAN EVPN Multi-Site

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Hochverfügbarkeit in Campusnetzen

H3C S6520XE-HI Switch Series

Configuring VXLAN EVPN Multi-Site

VXLAN Deployment Use Cases and Best Practices

DCI. DataCenter Interconnection / Infrastructure. Arnaud Fenioux

Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note

H3C S7500E-X Switch Series

Internet Engineering Task Force (IETF) ISSN: A. Sajassi Cisco J. Uttaro AT&T May 2018

VXLAN Multipod Design for Intra-Data Center and Geographically Dispersed Data Center Sites

EVPN Multicast. Disha Chopra

Creating and Managing Admin Domains

VXLAN Cisco and/or its affiliates. All rights reserved. Cisco Public

Intended status: Standards Track. Cisco Systems October 22, 2018

Huawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.

Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)

Segment Routing on Cisco Nexus 9500, 9300, 9200, 3200, and 3100 Platform Switches

EVPN for VXLAN Tunnels (Layer 3)

DNA SA Border Node Support

Provisioning Overlay Networks

VXLAN EVPN Multi-Site Design and Deployment

Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay

Pluribus Data Center Interconnect Validated

Building Blocks for Cloud Networks

VXLAN Overview: Cisco Nexus 9000 Series Switches

Cisco Dynamic Fabric Automation Architecture. Miroslav Brzek, Systems Engineer

Higher scalability to address more Layer 2 segments: up to 16 million VXLAN segments.

WAN. Core Routing Module. Data Cente r LAB. Internet. Today: MPLS, OSPF, BGP Future: OSPF, BGP. Today: L2VPN, L3VPN. Future: VXLAN

Cisco Virtual Topology System Release Service Provider Data Center Cisco Knowledge Network. Phil Lowden (plowden) October 9, 2018

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

www. .org New Quagga fork with open development and community Martin Winter

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

MPLS VPN--Inter-AS Option AB

Verified Scalability Limits

Attilla de Groot Attilla de Groot Sr. Systems Engineer, HCIE #3494 Cumulus Networks

MPLS VPN Inter-AS Option AB

Border Provisioning Use Case in VXLAN BGP EVPN Fabrics - Multi-Site

Open Compute Network Operating System Version 1.1

Configuring VXLAN Multihoming

Implementing DCI VXLAN Layer 3 Gateway

EXTREME VALIDATED DESIGN. Extreme IP Fabric Architecture

Verified Scalability Limits

VXLAN Design Using Dell EMC S and Z series Switches

Configure EVPN IRB EVPN IRB

SP Datacenter fabric technologies. Brian Kvisgaard System Engineer CCIE SP #41039

Automating Cloud Networking with RedHat OpenStack

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Cisco ACI Multi-Pod and Service Node Integration

Cisco ACI Multi-Pod Design and Deployment

EVPN Overview. Cloud and services virtualization. Remove protocols and network simplification. Integration of L2 and L3 services over the same VPN

Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers

EVPN Command Reference

Deploying VMware Validated Design Using OSPF Dynamic Routing. Technical Note 9 NOV 2017 VMware Validated Design 4.1 VMware Validated Design 4.

ACI Transit Routing, Route Peering, and EIGRP Support

Deploy Application Load Balancers with Source Network Address Translation in Cisco DFA

Cisco Nexus 7000 Series NX-OS VXLAN Configuration Guide

EVPN Routing Policy. EVPN Routing Policy

Cisco Dynamic Fabric Automation Architecture

LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager

Network Configuration Example

SharkFest 18 US. BGP is not only a TCP session

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

VXLAN Technical Brief A standard based Data Center Interconnection solution Dell EMC Networking Data Center Technical Marketing February 2017

Contents. Introduction. Prerequisites. Requirements. Components Used

Net2Cloud -- SD-WAN IETF 103

Feature Information for BGP Control Plane, page 1 BGP Control Plane Setup, page 1. Feature Information for BGP Control Plane

MPLS design. Massimiliano Sbaraglia

Cisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System

Transcription:

IP Fabric Reference Architecture Technical Deep Dive jammon@brocade.com

Feng Shui of Data Center Design 1. Follow KISS Principle Keep It Simple 2. Minimal features 3. Minimal configuration 4. Configuration repeatability 5. Automate everything 2

Reference Architecture After experimentation and extensive testing, Microsoft chose to use an end-toend routed network infrastructure with External BGP (EBGP) [RFC4271] as the only routing protocol for some of its DC deployments Source:draft-ietf-rtgwg-bgp-routing-large-dc-01 Authors P. Lapukhov@ Facebook A. Premji@ Arista Networks J. Mitchell, Ed@ Microsoft 3

IP Fabric: Reference Architecture L3 CLOS SPINE 40G ECMP CORE L3 GATEWAY LEAF Border Leaf Border Leaf Controller s Rack 1 ToR per Rack server directly connected Leaf Uplink port count on the leaf switch determines the max # of spine switches Spine Spine switch port count determines the max # of leaf switches Edge Core or Wan connectivity always through Leaf switch layer

IP Fabric Underlay 5

OSPF Underlay Control Plane 6

OSPF Underlay Control Plane SPINE ASN 1234 OSPF CORE LEAF Border Leaf Border Leaf OSPF across Leaf and Spine Single Area or Multiple areas w/ Spine area 0 Default route into OSPF at Core ABR Summary filtering Minimal rack level policy control Simpler configuration

ibgp Underlay Control Plane 8

ibgp Underlay Control Plane ebgp ibgp SPINE RR RR RR RR ASN 1234 ASN 655XX CORE LEAF Border Leaf Border Leaf One ASN across Leaf and Spine Each Spine as RR No ibgp between Spines Default-information originate@ CORE BGP add-path enabling BGP multi-path updates at RR Remove private-as at CORE Rack level policies at prefix-level RR: bgp next-hop-self

ebgp Underlay Control Plane (Draft Lapukhov) 10

ebgp Underlay Control Plane 2 Tier Topology w/ ebgp SPINE ASN 655XX ebgp ASN 1234 ibgp CORE LEAF Border Leaf Border Leaf ASN 64YY1 ASN 64YY2 ASN 64YY3 ASN 64YY4 ASN 64YY5 ASN 64YY6 Public ASN at Core/Edge One Private - ASN per Rack One Private - ASN for SPINE ebgp session between Leaf-Spine IP Address Optimization using /31, /127 _OR_ IP unnumbered Allows BGP policies per TOR IPv4/IPv6 Remove private AS at CORE Default-information originate @CORE 4 Byte ASN for Scale

Layer 2 Overlay 12

L2 Overlay Choice IP Fabric L2-Extension Partner-Specific Network Virtualization NSX Standards Based Network Virtualization BGP-EVPN 13

Solutions IP Fabric with L2 Extension Powered by Brocade IP Fabric IP Fabric L2 Extension L2 extension between racks using VxLAN. CORE Border Leaf Border Leaf

Open Automation Suite in action IP Fabric L2 Extension L2 Extension Build IP Fabric Build CORE Border Leaf Border Leaf

Solutions IP Fabric with Controller Based Overlays Powered by Brocade IP Fabric IP Fabric Underlay for Controller Based Overlays As underlay for controller based overlays CORE Border Leaf Border Leaf

EVPN Control Plane Highlights Based on Industry standard (Multi-vendor Interoperability) RFC 7432 https://tools.ietf.org/html/rfc7432 (EVPN - MPLS) RFC 7209 https://tools.ietf.org/html/rfc7209 (Requirements for EVPNs) https://tools.ietf.org/html/draft-ietf-bess-evpn-overlay-01 (EVPN - VXLAN) Minimizes BUM Network Flooding through MAC/IP Host/subnet routes and ARP suppression on VTEP s Optimal East-West and north-south traffic leveraging underlay ECMP Workload mobility with distributed anycast functionality with no changes in workload L3 Configuration VTEP peer discovery and Authentication Supporting Intra Subnet VxLAN Bridging and L3 Inter Subnet VxLAN Routing Multi-tenancy using VxLAN in Data Center using BGP-VRF 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 17

BGP EVPN Constructs EVPN Instance a.k.a. MAC VRF VLANs assigned to an EVPN Instance RD, Import and Export Route-Target communities configured for the EVPN instance Ethernet Segments and Ethernet Segment Identifier Route Types ES and ES-AD Routes MAC Routes MAC-IP Routes Inclusive Multicast Routes Prefix Routes Spine switches do not need EVPN instance configuration Spine switches propagate EVPN routes without importing them. 18

ebgp Underlay + BGP Overlay(EVPN) Controller-less VxLAN Overlay SPINE Auto VTEP Discovery L2 VNI & Multi-tenancy (Intra Subnet w/ VxLAN) L3 VNI and Multi-tenancy (Inter Subnet Routing w/ VxLAN) LEAF 40G EVI Mac/ IP EVI Mac/ IP EVI Single Pass in ASIC: VxLAN [De] Encapsulation + Routing Supports IPv4 & IPv6 ebgp Underlay ebgp Overlay

EVPN: Host NLRI Learning and Distribution Control Plane Signaling. 2 MAC Host IP VNI VTEP MAC-1 IP-1 VNI-1 VTEP-1 1 Data Plane Learning MAC-1 (Mac table) IP-1 (VRF IP table) 3 BGP Update: MAC-1 IP-1 VNI-1 VTEP-1 VTEP-1 MAC-1 IP-1 VLAN-1 / VNI-1 4 MAC Host IP VNI VTEP MAC-1 IP-1 VNI-1 VTEP-1 4 BGP Update: 4 BGP Update: MAC-1 MAC-1 IP-1 IP-1 VNI-1 VTEP-1 VNI-1 VTEP-1 VTEP-3 VTEP-4 4 MAC Host IP VNI VTEP MAC-1 IP-1 VNI-1 VTEP-1 5 5 Install Host Information Install Host Information MAC-3 MAC-4 MAC-1 (Mac table) MAC-1 (Mac table) IP-3 IP-4 IP-1 (VRF IP table) IP-1 (VRF IP table) VLAN-3/ VNI-3 VLAN-1/ VNI-1

Use Case: Intra-Subnet Bridging L2 Bridging VxLAN Encap Packet Egress SrcMac VTEP-1 DstMac S1-4 SrcIP VTEP-1 DstIP VTEP-4 VNI VNI-1 SrcMac: MAC-1 DstMac: MAC-4 SrcIP: IP-1 DstIP: IP-4 S1 S2 S3 S4 Ingress VTEP De-encapsulates the VxLAN Packet, Checks the MAC table for DstMac: MAC-4 and Switches Mac Table:: MAC-1 VLAN-1 Port 1/0 MAC-4 VNI-1 VTEP 4 Route Table; VTEP-4 S1, S2, S3, S4 VTEP-1 SrcMac: MAC-1 DstMac: MAC-4 SrcIP: IP-1 DstIP: IP-4 MAC-1 IP-1 VLAN-1 / VNI-1 VTEP-4 MAC-4 IP-4 VLAN-1/ VNI-1 Mac Table: MAC-1 VNI-1 VTEP 1 MAC-4 VLAN-1 Port 1/0 Route Table: VTEP-1 S1, S2, S3, S4

Use Case: L2 Bridging & Mult-Tenancy SrcMac VTEP-1 DstMac S1-4 SrcIP VTEP-1 DstIP VTEP-4 VNI VNI-1 Overlapping VLAN- IDs possible VxLAN Encap Packet Egress SrcMac: MAC-1 DstMac: MAC-4 SrcIP: IP-1 DstIP: IP-4 SrcMac VTEP-1 DstMac S1-4 SrcIP VTEP-1 DstIP VTEP-4 VNI VNI-5 SrcMac: MAC-5 DstMac: MAC-6 SrcIP: IP-5 DstIP: IP-6 S1 S2 S3 S4 Mac Table:: MAC-1 VLAN-1 Port 1/0 MAC-4 VNI-1 VTEP 4 MAC-5 VLAN-1 Port 9/0 MAC- 6 VNI-5 VTEP4 VTEP-1 VTEP-4 Mac Table: MAC-1 VNI-1 VTEP 1 MAC-4 VLAN-1 Port 1/0 MAC- 6 VLAN-1 Port 6/0 MAC-5 VNI-5 VTEP-1 Route Table; VTEP-4 S1, S2, S3, S4 MAC-1 IP-1 VLAN-1 / VNI-1 MAC-5 IP- 5 VLAN-1 / VNI-5 MAC-4 IP-4 VLAN-1/ VNI-1 Route Table: VTEP-1 S1, S2, S3, S4 MAC-6 IP-6 VLAN-1 / VNI-5

L3 Multi-Tenancy w/ VxLAN VxLAN Based L3 Multi- Tenancy VRF + L3 VNI Standards based Interop S1 S2 S3 S4 L3-VNI L3-VNI Single Protocol Instance for multiple VRF. L3 VNI VRF L3 VNI VRF L3 VNI VRF L3 VNI VRF L3 VNI VRF L3 VNI VRF No MPLS complexity RT/RD Import Export Policies supported Scale TBD Tenants/TOR

Use Case: Inter-Subnet Routing Symmetric Integrated Routing and Bridging VxLAN Encap Packet Egress SrcMac GW-MAC DstMac S1-4 SrcIP VTEP-1 DstIP VTEP-4 VNI L3 VNI SrcMac: GW-MAC DstMac: RTR-MAC4 SrcIP: IP-1 DstIP: IP-4 S1 S2 S3 S4 Egress VTEP routes packet over L3 VNI and into VNI-B at egress since DstMac is RTR-MAC4 in the inner packet. Destination VNI-B then bridges packet based on DstMAC/IP Ingress VTEP routes packet from source VNI to L3 VNI (Unique to Tenant). DstMac in the inner header is the egrees VTEP router Mac address VNI A L3 VNI VTEP-1 GW MAC RTR MAC-1 MAC-1 IP-1 VLAN-1 / VNI-1 SrcMac: MAC-1 DstMac: Anycast-MAC SrcIP: IP-1 DstIP: IP-4 L3 VNI VNI B VTEP-4 GW MAC RTR MAC-4 MAC-4 IP-4 VLAN-4/ VNI-4 SrcMac: GW-MAC DstMac: MAC-4 SrcIP: IP-1 DstIP: IP-4 Egress VTEP bridges in destination VNI for DstMac

Redundant connections into EVPN - simplified Multi-homing / Ethernet Segment Identifier - ESI Configure / auto derive an ESI Autodiscover PEs attached to ES Elect designated forwarder (per VLAN) Split-horizon (impacts data plane) VTEP-1 VTEP-3 MAC-4 IP-4 VLAN-1/ VNI-1 ESI VTEP-4 MPLS: ESI-label VXLAN: Track source IP-addresses and filter Aliasing: Associate remote MAC with all PEs announcing the same ES MAC-1 IP-1 VLAN-1 / VNI-1

ARP/ND Suppression ARP/ND Suppression enabled on a per VLAN. BGP EVPN derived ARP/ND Entries installed in the ARP/ND Suppression Cache. Leaf switches intercept ARP/ND requests from servers Generate ARP/ND response if destination IP found in ARP/ND suppression cache Flood over VxLAN tunnels only if not found 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 27

Conversational ARP/ND More hosts in IP Fabric than the leaf switch can hold in HW BGP EVPN Control plane capable of learning lot more MAC-IP (ARP/ND) routes than HW capacity Leaf switch should install only those host routes in HW for which there are active flows If Host Route is available and HW space is available, host route is programmed in HW Age out ARP/ND host entries from HW on inactivity 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 28

Layer 3 Gateway 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 29

L3 Gateway VRRP-E SPINE protocol vrrp-extended interface ve 10 ip address 10.10.10.2/30 vrrp-group 1 virtual-ip 10.10.10.100 LEAF-1 LEAF-3 protocol vrrp-extended interface ve 10 ip address 10.10.10.102/30 vrrp-group 1 virtual-ip 10.10.10.100 Same IP Subnet across Leafs Same VRRP-E Virtual IP on Leaf switches across VxLAN Tunnel VRRP-E Short Path forwarding at Leaf. 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY

L3 Gateway Redundancy Anycast Gateway SPINE Anycast-gw IP 10.10.10.1 Anycast Mac CAFEC0FFEE00 Anycast-gw IP 10.10.10.1 Anycast Mac CAFEC0FFEE00 LEAF CORE L3 GATEWAY Anycast Gateway IP is configured on the leaf switches (just as Virtual IP) Anycast Gateway MAC address configured to be the same on all leaf switches` 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY

ASN 655X1 ASN 655X2 ASN 655XZ Underlay Control Plane 3 Tier Topology w/ ebgp ebgp ibgp SUPER SPINE CORE SPINE ASN 64YY1 ASN 64YY2 ASN 64YY3 ASN 64YY4 ASN 64YY5 ASN 64YY6 ASN 64YY7 ASN 64YY8 Comp ute Comp ute DC POD 1 Comp ute Comp ute Spine ebgp Peering across Spine and Super Spine ECMP Multipath Comp ute Comp ute DC POD 16 Comp ute Comp ute Super Spine CORE directly connected to Super Spine Default-information originate@core to Super Spine Reference: Facebook Data Center Architecture

Summary Many DC architectures exist there is no one size fits all IP fabrics are one robust alternative IP fabrics definitely need automation for provisioning and operations EVPNs are one way to provide L2-overlay networks 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 33

Thank you 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback