Campus High availability network -LAN

Campus High availability network -LAN

Construction of a Network with high Usability is one Kind of System Engineering Construction of a network with high usability is a system engineering which requires full consideration of network structure, security, management, optimization and so on : In network planning stage, there is need to carefully analyze the user requirements and service pattern, pinpointing networks usability s biggest effect on key points and connections In the network design stage, needs reasonably to plan the network architecture, provide redundancy design to the important connection points and links, uses the high usability technology, and give enough attention to the network security In network deployment stage, there is need to pay attention to the equipment software and hardware quality and the link quality After the network construction is completed, in maintenance stage, there is also need to use the appropriate network management tools to provide analysis for the network service traffic flow, and unceasingly optimized network, the improving the network usability level Moreover when doing the software and hardware edition upgrade and the new service deployment, it is needed to have a detailed plan beforehand, and prepare for emergency measures. www.h3c.com 2

Agenda Enterprise network solution design guideline Recommend enterprise network design module Best practice for high availability network design Case study

Challenges for Enterprise Networks Application server farm How to avoid single failure on the networks? How to manage/operate/control the network equipments located in different sites? How to make easy network expansion without any network interruption? Upgrading to IPv6 network smoothly? How to conciliate the different application with QOS technology? How to ensure the critical applications? How to improve working efficiency in lowest TCO? www.h3c.com 4

Best practice for network design Redundancy No single point of failure Firewall Internet MSR/AR Load balance OSPF S9512 S7506R VRRP xstp S3600 S5100 S3600 Supply chain User OA Server farm Management Financial R&D www.h3c.com 5

Best practice for network design Hierarchy High Speed National Network router F/W Optimized network structure Strictly defined functions of each layer Easy and clear management Efficient troubleshooting NMS S3628P Server Farm S7506R www.h3c.com 6

Best practice for network design B2.3 Modularization Application B2.2 Test LAB S5648 Convenient maintenance Ease to scale B2.1 Intranet server S9505 S9512 B1.4 S9512 B1.2 Confinement of failure area S5648 S9512 S9512 S9512 NMC Internet server B1.2 B1.1 Intranet www.h3c.com 7

Best practice for high availability design Intranet/ branch MS center IDC Server farm Core S9500 S7500 Aggregation S7500 S5600 Access S5600 S3610 S5100 S3100 IRF stack Star link Layer 3 to Desktop GE to Desktop www.h3c.com 8

Agenda Enterprise network solution design formula Recommend enterprise network design module Best practice for high availability network design Case study

Network Design Best Recommendations Layer 3 to Desktop Intranet/branch WAN IDC Core layer Aggregation Access OSPF protocol for the entire Network, no need for layer 2 protocol, simplified configuration management Broadcast domain is confined to the access ports, upper layers are not affected OSPF S9500 Fast convergence of network failure S7500 Test flow 2 Through ECMP and redundancy you can realize load sharing and thus increase network usability S3600 Application Test flow 1 Tester Full Layer 3 Network Tester www.h3c.com 10

Test Results Network Failure Access-Aggregation/Aggregation-Core Link failure/recovery Aggregation Layer Equipment Failure Core Layer Equipment Failure/ restart Aggregation Layer dual MCU interchange Aggregation link group failure/recovery Loading Hot patches to fix bugs Recovery 500ms 1sec 1sec 200ms <1sec 0 L3 to desktop Detail test entries www.h3c.com 11

Summary Redundancy link, nodes, devices, dual home design and real-time backup mechanism Triangle loop design and easy deployed ECMP Config OSPF correctly parameters such as LSA interval, interface linkdown interval, address distribute Propose L3 link connect between aggregation devices and config route entries summary and accelerate route entries convergence For small campus network( <50 nodes), only one OSPF area is enough, simplified configuration and ECMP support load balance For big campus network, deployed separate areas, deployed area 0 between core layer and aggregation layer. The aggregation device config as ABR, config NSSA area between access layer and aggregation layer Delivery route entries summary and route entries filter technology to limitation route entries OSPF deployed to access switch and deployed load balance with ECMP OSPF Area architecture support route summary and isolate failure areas Access switch deployed QOS technology and access policy improve LAN security www.h3c.com 12

Network design best recommendation L2 Access MSTP+VRRP Intranet/branch WAN IDC Core layer aggregation MSTP prevents L2 loops while supporting link load sharing VRRP master STP root OSPF MSTP+VRRP VRRP backup S9500 VRRP realizes gateway online backup, many VRRP groups realize load sharing S7500 Access S3100/S5100 Access Equipment have low L3 functions requirements,price is relatively lower Test flow 1 Application Tester Tester Test flow 2 VLAN 10 VLAN 20 Can use VLAN for layer 2 user isolation, VLAN members communication is convenient www.h3c.com 13

Network Design Best Recommendations-Layer 2 deployment VRID1 master VRID2 backup stp root Layer 2 trunk VRID1 backup VRID2 master aggregation MSTP+VRRP access VLAN MSTP VRRP Loop back-detection BPDU Guard VLAN2 VLAN20 STP edge port VLAN3 VLAN30 MAC and ARP limit STP Root guard Edge port BPDU protect Broadcast stormed control Dual home connected DLDP www.h3c.com 14

Test Result Network Failure Access-Aggregation link failure/recovery Aggregation Layer equipment failure Aggregation layer equipment switchover to the main equipment Aggregation layer-core layer link failure/recovery Core layer equipment failure Single Link failure(start DLDP) Recovery <1sec 3sec 500ms <1s <1s 2s VRRP and MSTP Detail test entries www.h3c.com 15

Summary Redundancy and trunk link Chassis switch full redundancy Deployed OSPF on aggregation and core layer Deployed STP and VRRP on access and aggregation device Access switch deployed secure and control policy improve LAN security DLDP detect link states www.h3c.com 16

Network Design Best Recommendations-3 Access and Aggregation IRF Intranet/branch WAN 数 据 IDC 中 心 IRF allows easy expansion and has cost advantage compared to box type equipment. Core layer 10G RPR S9500 1O GE RPR provides 50ms failure recovery guarantee Test flow 1 aggregation IRF access provides high access port density and load sharing, and simplified management Access Application Test flow 2 OSPF S5600 IRF S3600 IRF Distributed link aggregation provide load balancing between the equipment, and assures link failure protection Distributed forwarding mechanism improves forwarding capacity Tester Tester www.h3c.com 17

Test results Network Failure Access Stack group: single switch Addition/removal Access Stack group single equipment failure Access-Aggregation Stack group internal single link failure/recovery Aggregation-core stack group internal single link failure/recovery Core layer equipment failure Recovery <1s <5s <300ms <500ms 1s IRF Detail test entries www.h3c.com 18

Summary Deployed to campus or university network Ringed stack connect every devices Deployed OSPF to access layer Uplink use DLA to support availability uplink Stacked switch can support unitive upgrade as one chassis device Access switch deployed QOS technology and access policy improve LAN security www.h3c.com 19

Network Design Best Recommendations IV L3 Gigabit to Desktop Intranet/branch WAN 数 据 IDC 中 心 Entire Network cost is relatively high, satisfies many service types non-blocking switching Many kinds of broads within Chassis device S9500 Core layer Gigabit L3 access, can satisfy every service bandwidth requirements Test flow 1 OSPF Test flow 2 Flat L2 network architecture, easy configuration and management S7500 access application Tester Tester www.h3c.com 20

Test Result Network Failure Access Core layer link failure/recovery Core layer equipment failure Core layer equipment reboot Core layer equipment main control broad switch over Recovery <700ms <700ms <1s <50ms 2 layer high bandwidth Detail test entries www.h3c.com 21

Summary Deployed to high throughput, shorten latency, fast forwarding requirements environment. Chassis switch full redundancy with abundant interfaces and broad. Flat network and OSPF deployed to whole network 2 Layer architecture and fast convergence Easy deployed, management, scale Access switch deployed QOS technology and access policy improve LAN security www.h3c.com 22

Agenda Enterprise network solution design formula Recommend enterprise network design module Best practice for high availability network design Case study

Best practice technology recommendation 1 -Right redundant design Right redundant design Aggregation and core device commend hot standby design and dual uplink. Complex redundant design Complex redundant design will waste more links resource and bring routing protocol calculate complexity. www.h3c.com 24

Best practice technology recommendation 2 Ethernet link trunk Benefit for link trunk improve bandwidth link-aggregation group 4 link looked like 1 link link-aggregation group 1G 4G Fault recovery within 500ms traffic load balance within consists of links GE GE link-group link-group links backup each other, improve availability GE link-group GE link-group www.h3c.com 25

Best practice technology recommendation 3 ECMP (Equal Cost Multi Path ) Access ECMP Hash Source IP Destination IP Source MAC Destination MAC OSPF aggregation HASH calculate,load balance core Device load balance at L2-L3 traffic to avoid drop packets on single link when deployed ECMP. www.h3c.com 26

Best practice technology recommendation 4 - GR(Graceful Restart) Local node Restart protocol/command 1.May be I will standhere a moment and come back soon, please continue forwarding 2. I came back again 3.Routing information ACTIVE protocol/command ACTIVE Restoration!! 3.Routing information 2.I came back again 1.May be I will stand here a moment and come back soon, please continue forwarding ACTIVE Protocol/command Separated control panel and forwarding panel OSPF GR/RFC 4167, ISIS GR/RFC 3847, LDP GR/RFC 3036 BGP GR / draft www.h3c.com 27

Best practice technology recommendation 5 - -Virtual Router Redundancy Protocol A VRID1 master VRID2 backup internet Monitored interface VRRP VRID1 :10.1.1.1 VRID2:10.1.1.2 B VRID1 backup VRID2 master Load balance and redundant through configuration multiple VRRP groups GW:10.1.1.1 GW:10.1.1.1 GW:10.1.1.2 GW:10.1.1.2 Configure several VRRP groups, load balance the traffic. By adjusting the network node priority, VRRP master node can be controlled. Set hello packet interval on the master for shorten switch time. The device keep traffic stability and avoid unnecessary broken within un-occupy model The device avoid frequently switch through config delay interval in occupy model. Config uplink monitor is commended. www.h3c.com 28

Best practice technology recommendation 6 detect one way communication DLDP--Device Link Detection Protocol Hello Echo Normal Condition, through Hello\Echo packet exchange build the neighboring relation between equipments. Down When the port R fails, can not receive signal, it goes down at once. DLDP Down Down DLDP Down announce Device sent announce a special DLDP packet after port unable. The opposite port receive the packet and then DLDP down. DLDP detect within 2 seconds! www.h3c.com 29

Best practice technology recommendation 7 Hot patch function. Without reset device, fixed software bugs and upgrade software version. Administrator control fixed processing through Load/Active/Deactive/Run/Delete commands. 4 types conditions, make more active Hot path state switch graph www.h3c.com 30

Best practice technology recommendation 8 -- Smart Link Smart Link,L2 protocol,shift and recover within 200 ms 2 1 Smart Link Mornitor Link State down Smart Link 1 2 3 Up Link Down Link 4 Smart Link Redundant uplink group with port 1 and port 2 Port 1 forwarding packets and port 2 backup in generally. Port shift and forwarding packets with 200ms when port 1 unable. Smart Link+Mornitor Link Private technology Down link change to down state when uplink down. Cooperative between up device port and down device. www.h3c.com 31

Best practice technology 9 --Intelligent Resilient Framework Advantage of IRF technology IRF (Intelligent Resilient Framework) High reliability, reduce single point failure effect. High performance, distributed L2/L3 protocol processing. High management configuration, works like a Fabric One time software upgrade inside the stacked group. Hot swappable www.h3c.com 32

IRF - Recommend ring stack Recommend ring stacking to improve availability and load sharing with stack cable. aggregation access String stacking easy bring single failure when the single stack cable failed. www.h3c.com 33

Best practice technology recommendation 10 Resilient Packet Ring Mid & Small campus network recommended dual core backup model Core layer S9500 S7500 Large campus & high reliable network- RPR core ring network group. Core layer S9500 www.h3c.com 34

RPR- the best practice for ring network RPR(Resilient Packet Ring)is a kind of hardware-based protection ring technology. Characteristic: Reversed dual-ring topology Internal and external ring can transmit data frame and control frame Internal and external control frame contain data frame control information from different ring Advantage: Hardware fast protection,recovery time <50ms Work in physical layer, compatible to upper layer protocol Plug and play, outstanding expansibility fairness algorithm increase bandwidth utilization QoS guarantee www.h3c.com 35

Best practice technology recommendation 11 RRPP In the ring network condition, through the complete software innovation realization H3C proposed RRPP ( Rapid Ring protection Protocol ) technology. Core layer S9500 RRPP ring RRPP control VLAN Main node, Transition node Main port, slave node Polling mechanism Notice mechanism for link state change Failure recovery mechanism www.h3c.com 36

Agenda Enterprise network solution design formula Recommend enterprise network design module Best practice for high availability network design Case study

Industry and Commercial Bank of China ICBC is PRC's biggest state-owned commercial bank, with 18,000 business networks, 100 overseas branches and thousands of agents all over the world. ICBC has 2 data centers, the data centre in Shanghai is for processing and operation, the one in Beijing is for backup and recovery. in 2005, a first level branch data centre was established in each province to realize province to headquarters data centralization. The first level branch data centre consolidates the whole province's access services servers, OA servers, aggregation service platform, gateway platform, etc, with high requirements for performance, reliability, service segregation and security. H3C has constructed 18 of the provincial data centres. Admin Test Area OA S7500 S3600 Core Layer C4500/C6500 S9500 WAN Access area Producing Area Layer Two Inst. In city Inst. China HQ www.h3c.com 38

Thailand PSU Campus Network The project deployed S9512, S7500 and S5624P switches and AR46 routers S5624P supports IRF and PoE 100 M AR46-80 RouterGE 34 M 34 M Subsidiaries AR46-80 Router S8512 Switc h GE 10GE S9512 Switc h IRF S7506 Switc h S7506 Switc h GE GE GE GE S7506 Switc h 5 5 5 Server Farm Other Building Access Thailand www.h3c.com 39

University of Malaya University of Malaya is a most renowned university in Malaysia. The university applies technology to drive the studies and management to create a first-class teaching environment. H3C solutions not only can satisfy the requirements for converged network for Voice and Video over IP, but also offer rich functionalities and security. The backbone network migrated seamlessly from to 10GE from 155Mbps, giving many new applications and hotspots for the 750-acre campus. Malaysia www.h3c.com 40

Tsuneishi Corporation Office Network 25 S3628EIs are deployed at the office level to provide access for PC and IP phones, providing PoE for the IP phones IRF stacking technology is used to provide resiliency, performance and expandability for the network access Voice VLAN functions provide high quality of service for voice calls S3928P-EI-PWR POE IRF Distributed Link Aggregation IRF S3928P- EI-PWR IP Phone IP Phone PC Backbone Network PC S3928P-EI-PWR IRF IRF S3928P-EI- PWR Voice VLAN IP Phone IP Phone Japan PC PC www.h3c.com 41

Hangzhou H3C Technologies Co., Ltd. www.h3c.com