Network Design Best Practices

Network Design Best Practices Building a Next Generation & Future Proofed Network Infrastructure Salim Mohamad Ghani Head of Technical Consultant, HP Networking Division Hewlett-Packard Company salim.mghani@hp.com / 013-3441213 24 March 2011 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

Agenda Introduction Network Design Fundamentals Design Consideration Summary / Q&A HP Restricted To be Shared ONLY under NDA

The New HP Networking ProCurve

HP Completes 3Com Acquisition, Creates New Networking Powerhouse Gartner, 27 April 2010 Gartner Recommends: HP networking should be considered for every network refresh situation in all midsize and large organizations the new HP networking organization represents a major force in enterprise networking HP is THE Clear Alternative! Gartner market share based on Q4 09 port shipment data

MAGIC Quadrant: Enterprise LAN (Global), 2010 Figure 1. Magic Quadrant for Enterprise LAN (Global) HP Positioned in Gartner s Leaders Quadrant The Gartner Magic Quadrant is copyrighted June 2010 by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the Leaders quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Magic Quadrant graphic was published by Gartner, Inc., as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP Networking. Source: Gartner (June 2010)

The Word is Out About HP Networking Cisco-free data center architecture fully deployed on HP TCO advantages driving network refresh across BMW Next-generation 1M-node mobility network with joint innovation Enterprises are clearly asking for more choice when looking at networking solutions, The combination of increasing expectations for a more agile infrastructure to meet rapidly changing business demands and the more challenging economic climate requires fresh innovation, strong alternatives and a more business-centric approach to network design. Mark Fabbi, vice president and distinguished analyst, Gartner Inc.

Portfolio breadth and depth Edge to Core, Enterprise to SMB ADVANCED ESSENTIAL VALUE SECURITY Modular Switches HP A12500 HP A9500 HP A7500 Top of Rack Switches HP A5810 HP A5820 HP A6600 Server Blade Switch HP A6120 Fixed Port Switches HP A5800 HP A5500 HP A5120 HP A36x0 HP A3100 HP Intellijack Routers HP A8800 HP A6600 HP A-MSR 50 HP A-MSR 30 HP A-MSR 20 HP A7000 WLAN HP A-WX5004 Controller HP A-WA2xxx Access Points HP A3000 Wireless Switches HP A9000 Access Points HP A8760 Access Point HP A7760 Access Point Management IMC NNMi NA Modular Switches HP E8200 HP E5400 HP E4200 Fixed Port Switches HP E5500G HP E4800G HP E3500G HP E2910G HP E4500G HP E25x0G HP E4200G HP E5500 HP E3500 HP E4500 HP E2610 HP E4210 HP E2810 HP E25x0 WLAN HP E-MSM7xx Controllers HP E-MSM4xx Access Points HP E-MSM3xx Access Points HP E-M110 Access Point HP E-MSM317 Access Point Unified Communications HP UC Applications HP VCX Connect Platform HP VCX Enterprise Platform HP VCX Gateways HP 3x00 IP Phones Management PCM/PCM+ IDM NIM TMS zl Module Web Managed Switches HP V19x0 HP V1810 HP V1700 Unmanaged Switches HP V14x0 HP V2124 HP V408 WLAN/WAN HP V1xx Wireless Routers IPS HP S5100N HP S2500N HP S1400N HP S660N HP S330 HP S110 HP S10 HP Core Controller Management SMS HP SMS Controller Advanced: For customers with large/complex deployments seeking advanced, full featured networking technology to drive competitive advantage with lower cost of ownership. Essential: For customers seeking essential proven technology that s affordable and easy to use while providing scalability for future needs. Value: For value-conscious customers seeking reliable and easy-to-use connectivity solutions. Security: For companies that require world-class network Security solutions to proactively stop threats and deliver business continuity Note: x in a product series name indicates multiple series numbers are available

Change the Rules of Networking HP Innovative IRF Technology 7x Threat Discovery HPN TCO vs. Legacy Simpler Architecture - Reduce complexity - Better performance - Easier to manage More Secure - Discover more threats - Automate updates - Day-zero protection 66% lower TCO - Infrastructure - Power, space - Downtime

Agenda Introduction Network Design Fundamentals Design Consideration Summary / Q&A HP Restricted To be Shared ONLY under NDA

Introduction Designing Campus LAN The traditional network design approach follows a structured systems analysis and design process similar to that used to build application systems. The network analyst met with users to determine the needs and applications. The analyst estimated data traffic on each part of the network. The analyst designed link speed needed to support this traffic and obtains cost estimates. Identify key features for each layer 10-10

LAN Design Goals Frequent goals of network design: Functionality - the network must work Scalability - the network must be able to grow Adaptability - network must be able to adapt to new technologies Manageability - network must facilitate network monitoring and management

Network Design Methodology A systematic, step-by-step approach: Gathering the users requirements and expectations Analysing requirements Designing the Layer Physical Layer & Network Design Layer Networking Design Key Features Security, IPv6, etc Documenting the logical and physical network implementation

Challenges for Enterprise Campus Networks Application server farm How to manage/operate/control the network equipments located in different sites? How to make easy network expansion without any network interruption? Upgrading to IPv6 network smoothly? How to avoid single failure on the networks? How to conciliate the different application with QOS technology? How to ensure the critical applications? How to improve working efficiency in lowest TCO?

Network Needs + TCO

Best Practice for Network Design 1) Redundancy Internet - No single point of failure - Increase performance Firewal l MSR - Load balance OSPF S7500 E VRRP S7500 E xstp 5500 G 4800G 4200G Supply chain User OA Server farm Management Financial R&D 15

Best Practice for Network Design 2) Hierarchy - Optimized network structure - Strictly defined functions of each layer - Easy and clear management - Efficient troubleshooting National High Speed Network NMS 5500G router F/W 7750 Server Farm 16

Best Practice for Network Design 3) Modularization - Convenient Maintenance B2.2 Test LAB B2.3 Application S5648 - Easy to scale - Confinement of failure area B2.1 Intranet server S9505 S9512 B1.4 S9512 B1.2 S5648 S9512 S9512 S9512 NMC Internet server B1.2 Intranet B1.1 17

Network Design Layers Application server farm Server aggregation Core Layer Distribution Layer Access Layer Clients 18

2 Tier Collapsed Backbone Application server farm Core Layer Access Layer Clients 19

3 Tier Collapsed Backbone Application server farm Server aggregation Core Layer Distribution Layer Access Layer Clients 20

Physical Layer Options Typically Ethernet Campuses will be designed using the following physical media UTP Category 5/5 Enhanced/6/6A/7 Connectivity to the Desktop, Server Farm, Interswitch connectivity within the same wiring closet Fibre Multimode Fibre (50 micron/62.5 micron), Single Mode Fibre (9micron) Campus Backbone, Building Backbone, Server Farm 21

Better cabling - Why does this increase performance? Downtime is expensive Heartier cabling is less susceptible to problems Recabling is expensive and requires downtime Retransmissions increase latency and network traffic loads Auto-negotiation due to poor cabling can keep expensive electronics from performing as expected External noise such as factory machines are not an issue with shielded systems Initial investment is 5-7% of network costs, but poorly installed cabling is 70% of network problems! Any time you revisit your cabling you are investing in LABOR the most costly factor!

Ethernet Technologies and Media Technology Mode Speed Media Distance Connector Fast Ethernet 100BASE-T Half Duplex/Full Duplex 100Mbps UTP/STP 100m RJ-45 100BASE-FX HD/FD 100Mbps MMF/SMF 2Km/15Km SC/ST Gigabit Ethernet 1000BASE-T Full Duplex 1000Mbps UTP 100m RJ-45 1000BASE-SX Full Duplex 1000Mbps MMF 220-440m SC/LC/MTRJ 1000BASE-LX Full Duplex 1000Mbps MMF 550m SC/LC/MTRJ Conditioned Launch cable reqd 1000BASE-LX Full Duplex 1000Mbps SMF 5Km-10Km SC/LC/MTRJ 1000BASE-LH70 Full Duplex 1000Mbps SMF 70Km SC/LC/MTRJ 10G Ethernet 10GBASE-CX4 Full Duplex 10Gbps Twinaxial 15m microgigacn 10GBASE-LX4 Full Duplex 10Gbps MMF/SMF 240m-10km SC/LC 10GBASE-SR Full Duplex 10Gbps MMF 26m-300m SC/LC 10GBASE-LR Full Duplex 10Gbps SMF 10km SC/LC 10GBASE-ER Full Duplex 10Gbps SMF 40km SC/LC 10GBASE-T Full Duplex 10Gbps UTP Cat6,/6A/7 55-100m RJ-45 23

Core Layer The Core Layer is typically implemented at the main campus Data Centre The main interconnecting area for the campus backbone linking distribution layer switches and/or access layer switches Separation of the Core and Distribution enhances the scalability of the campus network especially in layer 3 centric designs The Core layer could also provide Server Aggregation provided capacity exists and network topology allows 24

Key Requirements of Core Layer High Performance non-blocking Gigabit switching High performance Centralised forwarding Distributed forwarding capabilities in modular systems Scalable architectures capable of accommodating higher bandwidth, more ports, advanced functionality Multilayer switching capabilities ASIC based multilayer switching Hardware based ACLs Advanced QoS capabilities for Convergence Multiple priority queues : Minimum 4 Multilayer traffic classification and prioritisation Remarking for outgoing traffic Rate limiting Future proofing capabilities 10G support 25

Distribution Layer The goal of the Distribution layer aggregate wiring closets provide greater segmentation across the campus provide higher throughput for localised traffic May be omitted in smaller networks Can provide connectivity for distributed fileservers High availability at the Distribution Layer extends overall fault tolerance Distribution layer switches could be co-located at the Access Layer, or at a dedicated wiring closet 26

Key Requirements for the Distribution Layer High Performance Gigabit switching for aggregating multiple wiring closets Support for many Link Aggregation groups Media flexibility to accommodate cabling infrastructure Quality of Service and Traffic prioritisation Multiple Priority Queues minimum 4 Multilayer traffic classification and traffic prioritisation Ability to identify and remark existing traffic priority before it transverses the campus backbone Multilayer switching capabilities Routing support for larger distributed internetworks Hardware availability and network availability features 27

Access Layer The wiring closet on each floor connecting: End stations Printers, IP phones, Wireless Access Points, Distributed Servers Fixed configuration or modular Ethernet switches Typically Layer 2 devices or Layer 2+ devices 10/100 or Gigabit Ethernet LAN technologies Appropriate point for Power over Ethernet (PoE) support 28

Key Requirements at the Access Layer Quality of Service and prioritisation Multiple Priority Queues minimum 4 Multilayer traffic classification Prioritisation with 802.1p & DiffServ /IP ToS Rate Limiting capabilities for bandwidth allocation Authentication and Authorisation of end stations Network Login 802.1X RADA MAC Authentication for non-802.1x devices Authorised MAC addresses Enforcement of security policies Device availability capabilities Backup and Restore Network availability features for 29 resilient designs

Additional Design Layers Secondary design layers may be defined across the campus WAN Perimeter Internet Perimeter/DMZ Storage Area Network May interface directly to the Core Layer or be logically and physically separated Consider connectivity to these secondary layers in terms of: Performance Congestion Logical connectivity Define each layer on a separate broadcast domain greater control and security 30

Agenda Introduction Network Design Fundamentals Design Consideration Summary / Q&A

Best Practices for 21st Century Network Services & Business Drivers The need for speed and new services continue Demand for 10GE & high performance fabrics, security / app optimization Continued high cost / complexity / expansion Power & Cooling, management costs Consolidation, virtualization, automation and in-depth security From many distributed smaller/regional to larger centralized models Security in-depth to protect confidentiality and reduce risk Movement towards SOA, Web Services, e Businesses Google, Amazon, IBM, Microsoft cloud computing, SaaS

Identify Key Features LAN Switch Security DHCP Security DHCP Snooping, DHCP Trekker, etc Loop Guard, Root Guard, DOS prevention Management & Monitoring Network Quality Analyzer Traffic Analyzer - Sflow, IPFIX, Netflow, etc Ease of Management Stacking/Virtualization Technology Clustering Technology

Simplifying Design & Operations Resilient Virtual Switch Fabric with HP IRF N physical devices seen as one logical device N devices sharing the same topology information Protocols see on single hop -> simplified design Active/Active Model for L2 & L3 No STP/RSTP/MSTP/VRRP All links active at all times Pre TRILL implementation Ultra Fast Failover 20 times faster than RSTP/MSTP Geographically Distributed Limited by Ethernet/Fiber optical budget (10GE: 70kms) Physical SW 1 Physical SW 2 + LOGICAL SWITCH = One single IP/configuration file for management Simplified Operations OPEX reduction Consistent approach across product portfolio S12500, 9500E, 7500E, S5800, S5820x, etc

End-to-End Intrusion Prevention System Access Aggregation Protect Core Network Core Perimeter (1.5 100Mbps) Protect WAN Perimeter Internet Protect Major Zones VPN Protect Remote Offices DMZ Data Center Windows & Linux Blades Shared TapeShared Storage Protect Web Servers & Apps Protect Enterprise Servers, Apps & Data 10Mbps 1Gbps 1Gbps 10Gbps 1Gbps 10Gbps nx1gbps nx10gbps 35

NEW!! TippingPoint Secure Virtualization Framework Full Physical & Virtual Segmentation 1. Isolate Physical Hosts IPS Platform & VLAN Translation 2. Isolate Virtual Hosts through offload to IPS appliance vcontroller & IPS Platform Offload inspection to high performance IPS Platform appliance IPS Platform Virtual DC Hosts Hosts ERP 2. vcontoller & IPS Isolate VMs and Hosts HR Apps Virtual Machines DB Web Apps CRM vcontroller vips Hypervisor-VM Safe Kernel VDI 3. vips Isolates VMs and Hosts 3. Isolate Physical and Virtual Hosts natively from within the VM vips Inspection scales with DC expansion Core Shared Tape Shared IPS Platform Storage ERP 1. IPS VLAN Translation Isolates Physical Servers CRM HR Apps DB Physical DC

New!! IMC Data Center Orchestration Data Center Topology Management Providing network physical topology, room location topology, room topology and chassis topology Virtual resource management Manage VM, vnics, vswitch in physical servers VM Topology, VM Resources VM topology VM 1 vnic 1 VM 2 VM 10 VM 20 vnic 2 vnic 10 vnic 20 P NIC1 & 2 vswitch A vswitch B P NIC 1 & 2 Virtual Network Management IRF Physical Topology Virtual network resource topology: IRF topology, VM topology, physical topology, root-cause analysis Dynamic migration of network configuration policies; VCenter move VM service - IMC moves network configuration VM Configuration, Mobility; ACL, Security, QoS

Energy Efficient Features Innovation on all fronts Customer Configurable HW Standards based Energy Savings Gen 2 ASIC Power Savings Low power Phy Per Slot and LED power management Turn off Lasers in 10G optics Energy Efficient Ethernet (802.3az) Dynamic Clock gating Static Clock gating Dynamic Frequency Control Improved visibility In system power reporting for v2 zl modules and ASICs * Energy Savings vary from 20% to 40% based on type of module HP Restricted To be Shared ONLY under NDA Up to 40% Energy Savings on Module*

Longevity Future Proof your network Life time Warranty Future Proof your network with hardware support Performance will meet your future growing needs Support for 3 rd Party Integration Integrated Wired/wireless deployments Industry Leading Security with TippingPoint Products Single SW image across the family of products Single Pane of Management HP Restricted To be Shared ONLY under NDA

Cloud Computing --- Star to Cloud 40

Datacenter Network Evolution V1.0 V2.0(Today) V3.0(Tomorrow Traditional basic network architecture Virtualization and service scheduling DC ) DC integrated with unified switching capability Service integration High-performance exchange architecture Preliminary service integration LAN IPC IP-SAN Expandable IRF access VRF end-to-end virtualization Virtualization Chassis IRF Box IRF Full-DC scheduling and exchange Multi-level service queue Extra-large scheduling buffer Full-10GE DC architecture 10GE network 10GE security deployment 10GE storage End-to-end virtualization Full-DC IRF Network virtualization instance DC with unified switching capability 40G&100G CCE/FCOE EVB Infrastructure evolved and enhanced continuously

Collapsed Multitier Network Design Data Center Core Data Center Core FW LB NAM FW LB NAM FW LB IPS NetStream FW LB IPS NetStream Web servers FW LB FW LB App servers FW FW WEB Servers App Servers DB Servers DB servers Expanded multitier Design Collapsed Multiitier Design

Server Farm Multitier Network Design Campus Core Core Layer A1250 0 Aggregation Layer Access Layer A95E A75E FW LB SSL NAM A55EI / A5800 / A5810 FW LB SSL NAM aggregation2 aggregation3 aggregation4 A75E NIC Teaming access mainframe NIC Teaming cluster Blade Server Pass Through Blade serve

Agenda Introduction Network Design Fundamentals Design Consideration Summary / Q&A HP Restricted To be Shared ONLY under NDA

Summary Efficient Campus Network Design is key to performance, business continuity and scalability Multi-tiered network design provides significant benefits in terms of scalability and fault tolerance Business Continuity is delivered by introducing high availability capabilities across all network design layers Campus Network Designs can be optimised to support Convergence applications by taking into account service performance parameters, traffic prioritisation and support for multicast Pervasive Network security addresses multiple threats, at multiple network design areas and through a variety of mechanisms Integrated, single pane of management help managing and operate network infrastructure much easier 45

Thank you.

Let s do amazing.