Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 用 Nexus 设计数据中心 - Deploying OTV in Datacenter.

Similar presentations


Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 用 Nexus 设计数据中心 - Deploying OTV in Datacenter."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 用 Nexus 设计数据中心 - Deploying OTV in Datacenter

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Agenda  OTV 介绍  OTV 典型部署模式  路径优化( Path Optimization )

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 数据中心二层扩展需求  业务需求  Disaster Avoidance  Business Continuance  Workload mobility  多点数据中心 灾备中心如 2 地 3 中心 原有数据中心由于早期设计机房空间、电力、制冷、性能容量的限制 ,需要新增数据中心灵活扩展 建多点物理位置分散的数据中心提供更高可靠性保障,同时实现用户 访问的流量更好的在数据中心之间分担,获得更好的访问性能

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 Traditional Layer 2 Extension EoMPLS VPLS Dark Fiber

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 Overlay Transport Virtualization (OTV) O V Overlay - A solution that is independent of the infrastructure technology and services, flexible over various inter-connect facilities Transport - Transporting services for layer 2 Ethernet and IP traffic Virtualization - Provides virtual stateless multi-access connections T OTV is a “MAC in IP” technique to extend Layer 2 domains OVER ANY TRANSPORT

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6 OTV Control Plane MAC Address Advertisements (Multicast-Enabled Transport)  Every time an Edge Device learns a new MAC address, the OTV control plane will advertise it together with its associated VLAN IDs and IP next hop.  The IP next hops are the addresses of the Edge Devices through which these MACs addresses are reachable in the core.  A single OTV update can contain multiple MAC addresses for different VLANs.  A single update reaches all neighbors, as it is encapsulated in the same ASM multicast group used for the neighbor discovery. Core IP A IP B West East 3 New MACs are learned on VLAN 100 Vlan 100MAC A Vlan 100MAC B Vlan 100MAC C IP C South-East VLANMACIF 100MAC AIP A 100MAC BIP A 100MAC CIP A 4 OTV update is replicated by the core OTV Update OTV Update 3 OTV Update 3 2 VLANMACIF 100MAC AIP A 100MAC BIP A 100MAC CIP A 4 3 New MACs are learned on VLAN 100 1

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Transport Infrastructure OTV Data Plane: Inter-Site Packet Flow OTVOTVOTVOTV MAC TABLE VLANMACIF 100MAC 1Eth 2 100MAC 2Eth 1 100MAC 3IP B 100MAC 4IP B MAC 1  MAC 3 IP A  IP B MAC 1  MAC 3 MAC TABLE VLANMACIF 100MAC 1IP A 100MAC 2IP A 100MAC 3Eth 3 100MAC 4Eth 4 Layer 2 Looku p 5 IP A  IP B MAC 1  MAC 3 Layer 2 Looku p 1 Encap 2 Decap 4 MAC 1  MAC 3 West Site West Site MAC 1 MAC 3 East Site East Site 1.Layer 2 lookup on the destination MAC. MAC 3 is reachable through IP B. 2.The Edge Device encapsulates the frame. 3.The transport delivers the packet to the Edge Device on site East. 4.The Edge Device on site East receives and decapsulates the packet. 5.Layer 2 lookup on the original frame. MAC 3 is a local MAC. 6.The frame is delivered to the destination. 3 6 IP AIP B

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 Source OTV OTV Data Plane: Multicast Data Multicast State Creation Receiver OTV IP A IP B West East OIL-List GroupIF Gs  GdOverlay Client IGMP snoop 2 Client IGMP report to join Gs 1 IGMPv3 report to join (IP A, Gd), the SSM group in the Core. 3.2 Receive GM-Update Update OIL 4 SSM Tree for Gd From Right to Left 1.The multicast receivers for the multicast group “Gs” on the East site send IGMP reports to join the multicast group. 2.The Edge Device (ED) snoops these IGMP reports, but it doesn’t forward them. 3.Upon snooping the IGMP reports, the ED does two things: 1.Announces the receivers in a Group-Membership Update (GM-Update) to all EDs. 2.Sends an IGMPv3 report to join the (IP A, Gd) group in the core. 4.On reception of the GM-Update, the source ED will add the overlay interface to the appropriate multicast Outbound Interface List (OIL). It is important to clarify that the edge devices join the core multicast groups as hosts, not as routers! GM-Update 3.1 Multicast-enabled Transport

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 Source OTV OTV Data Plane: Multicast Data Multicast Packet Flow Receiver OTV IP A IP B WestEast IP C Receiver South OTV OIF-List GroupIF Gs  GdOverlay Encap 2 Looku p 1 IPs  Gs IP A  Gd IPs  Gs Transport Replication 3 IP A  Gd IPs  Gs IP A  Gd IPs  Gs 4 4 IP A  Gd IP s  Gs Decap 5 5 Multicast-enabled Transport

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 OTV Control Plane Neighbor Discovery (Unicast-Only Transport) 1.One of the OTV Edge Devices (ED) is configured as an Adjacency Server (AS)*. 2.All EDs are configured to register to the AS: send their site-id and IP address. 3.The AS builds a list of neighbor IP addresses: overlay Neighbor List (oNL). 4.The AS unicasts the oNL to every neighbor. 5.Each node unicasts hellos and updates to every neighbor in the oNL. IP A Site 1 Site 2 Site 3 Site 4 Site 5 Unicast-Only Transport IP B IP C IP D IP E Adjacency Server Mode Site2, IP B Site3, IP C Site4, IP D Site5, IP E oNL Site 1, IP A Site 2, IP B Site 3, IP C Site 4, IP D Site 5, IP E * A redundant pair may be configured

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11  OTV adds a 42 Byte IP encapsulation  The OTV shim header contains VLAN ID, Overlay number and CoS  The OTV Edge Devices do NOT perform packet fragmenting and reassembling. A packet failing the MTU is dropped by the Forwarding Engine  Make sure that [xB + 42B] < DCI MTU… where x = Size of original packet OTV Encapsulation Consideration 42 Byte encapsulation 6B 2B 20B 8B DMACSMAC Ether Type IP Header Original Frame 4B CRC VLAN OTV Shim 802.1Q DMAC SMAC Et h Payload 802.1Q To S CoS VLAN ID, CoS

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 OTV Automated Multi-homing Per-VLAN Load Balancing  The detection of the multi-homing is fully automated and it does not require additional protocols and configuration  The Edge Devices within a site discover each other over the “otv site vlan”.  In each site OTV elects one of the Edge Devices to be the Authoritative Edge Device (AED) for a subset of the extended VLANs  In a dual-homed site the VLANs will be split in odd and even VLANs  The AED: forwards traffic to and from the overlay advertises MAC addresses for any given site/VLAN Transport OTV OTV OTV OTV AED MAC TABLE VLANMACIF 100MAC 1IP A 101MAC 2IP B IP A IP B

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 OTV Layer 2 Fault Isolation  STP isolation – No configuration required No BPDUs forwarded across the overlay STP remains local to each site Edge device internal interfaces behave as any other switchport  Unknown unicast isolation – No configuration required No unknown unicast frames flooded onto the overlay Assumption is that end stations are not silent Option for selective unknown unicast flooding (for certain applications)  Proxy ARP cache for remote-site hosts – On by default On ARP request for remote host, request forwarded through OTV and initial ARP reply generated by that host OTV edge device snoops ARP replies and caches data Subsequent ARP replies proxied by local OTV edge device using ARP cache

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 MAC Mobility OTV AED OTV OTV OTV MAC X Server Moves MAC X Local MAC = Blue Remote MAC = Red AED OTV MAC X AED OTV West East MAC X AED MAC X OTV OTV East OTV OTV West AED OTV OTV MAC X East AED detects MAC X is now local. AED advertises MAC X with a metric of zero MAC X EDs in site West see MAC X advertisement with a better metric from site East and change them to remote MAC address. MAC X

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 OTV VDC  Two different deployment models are considered for the OTV VDC:  OTV Appliance on a Stick  Inline OTV Appliance OTV VDC Models Join Interface Internal Interface OTV Appliance on a Stick OTVVDC Common Uplinks to Transport For Layer3 and DCI L2 L3 SVIs Inline OTV Appliance Uplinks to the Layer3 Transport Dedicated Uplink for DCI OTVVDC L2 L3 SVIs  No difference in OTV functionality between the two models  The Inline OTV Appliance requires availability of Core downstream links

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16 Aggregation Core Access OTV Edge Device at the Aggregation  DC Core performs only Layer 3 role  ARP, STP and unknown unicast domains isolated between PODs  Inter or Intra-DC LAN extension provided by OTV  Ideal for single aggregation block topology VPC OTV VDC VPC OTV VDC SVIs Recommended for Greenfield Join Interface Internal Interface Virtual Overlay Interface OTV at the Aggregation w/ L2-L3 Boundary

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 17 OTV Edge Device at the Core Option 1 – Dedicated devices to perform OTV  Physical devices or VDCs carved out from the Nexus 7000 deployed in the core  Separated infrastructure to provide Layer 2 extension and Layer 3 connectivity services  VLANs extended from Agg Layer Recommended to use separate physical links for L2 & L3 traffic Loop-free hub-and-spoke Layer 2 topology OTV at the DC Core with L2–L3 boundary at the Aggregation OTVOTV VPC Aggregation L3 L2 VPC VSS Easy deployment for Brownfield Access Dedicated Uplinks for Layer 3 Dedicated Uplinks for DCI

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 18 OTV Edge Device at the Core Option2 – Common Devices for DCI and Layer 3  Easy deployment for brownfields  DC Core devices perform Layer 3 and OTV functionalities  HSRP Localization at each POD  VLANs extended from Agg Layer Recommended to use separate physical links for L2 & L3 traffic Loop-free hub-and-spoke Layer 2 topology STP and L2 broadcast Domains not isolated between PODs OTV at the DC Core with L2–L3 boundary at the Aggregation VPC OTVOTV Aggregation L3 L2 Core Access VPC VSS Carries Only the OTV extended VLAN Easy deployment for Brownfield Common Uplinks for DCI and Layer 3

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 19  Easy deployment for Brownfield  L2-L3 boundary in the DC core  DC Core devices performs L2, L3 and OTV functionalities Requires a dedicated OTV VDC into core Nexus  OTV deployed in the DC core to provide LAN extension services to remote sites  Intra-DC LAN extension provided by bridging through the Core VSS/vPC recommended to create an STP loopless topology Storm-control between PODs Deploy OTV at the Core OTV at the DC Core with L2–L3 boundary at the Core

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 20  Only AED forwards the traffic to and from OTV Overlay  DCI traffic hashed to OTV Edge (non-AED) device will have to traverse the vPC Peer- Link between the two DCI Edge switches Warning  Single vPC Layer at the Aggregation.  Provides good level of resiliency with the minimum amount of ports.  DCI traffic is always forwarded directly to the OTV AED device (mac-address- table) Aggregation Layer DCI Edge Layer AED N7K1-VDCA N7K2-VDCA N7K1-VDCB N7K2-VDCB Aggregation Layer DCI Edge Layer AED N7K1-VDCA N7K2-VDCA N7K1-VDCB N7K2-VDCB OTV VDC Two possible approaches

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 21 Path Optimization  The approach is to use the same HSRP group in all sites and therefore provide the same default gateway MAC address.  Each site pretends that it is the sole existing one, and provide optimal egress routing of traffic locally.  OTV achieves Edge Routing Localization by filtering the HSRP hello messages between the sites, therefore limiting the “view” of what other routers are present within the VLAN.  ARP requests are intercepted at the OTV edge to ensure the replies are from the local active GWY. Egress Routing Localization – OTV Solution L2 L3 Active GWY Site 2 Active GWY Site 1 FHRP Hellos ARP traffic is kept local West East

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 22 Filtering Configuration for HSRP Localization ip access-list hsrp 10 permit udp any /32 eq permit udp any /32 eq 1985 ip access-list all-ips 10 permit ip any any vlan access-map hsrp-localize 10 match ip address hsrp action drop vlan access-map hsrp-localize 20 match ip address all-ips action forward vlan filter hsrp-localize vlan-list mac-list hsrp-vmac seq 10 deny c07.ac00 ffff.ffff.ff00 mac-list hsrp-vmac seq 20 deny c9f.f000 ffff.ffff.f000 mac-list hsrp-vmac seq 20 permit route-map hsrp-filter permit 10 match mac-list hsrp-vmac otv-isis default vpn overlay redistribute filter route-map hsrp-filter Filters HSRP packets in OTV VDC Step2: Filters VIP MAC advertisements in OTV ip access-list otv-hsrp-filter 10 deny udp any /32 eq deny udp any /32 eq permit ip any any interface x/y description [ OTV internal interfacs] ip port access-group otv-hsrp-filter Step 1: VACL Option or Port ACL Option HSRPv2 To be applied in the OTV VDC

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 23 Distributed Workload Mobility DCI LD vMotion State Created Firewall  FHRP localization is not possible, because request and reply need to pass through the same service device pair  Source NAT for symmetric flow  Traffic incurs DCI latency LB Firewall LB Outbound Traffic with Services Before vMotion After vMotion SNAT N7K1-VDCA N7K2-VDCA N7K3-VDCA N7K4-VDCA

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 24 Distributed Workload Mobility  Route Health Injection makes use of ACE Load Balancer to inject /32 host route once Virtual Machine moves Inbound Traffic using RHI DCI RHI /32 Load Balancer LD vMotion Before vMotion After vMotion N7K3-VDCA N7K4-VDCAN7K1-VDCA N7K2-VDCA

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 25 Path Optimization Ingress Routing Optimization with LISP PrefixRoute Locator (RLOC) A, B A, B …… C, D C, D Core Pod A … Ingress Tunnel Router (ITR) Pod N A B C D Egress TR (ETR)RLOCs: Extended Subnet ( /24) EIDs: End-point host ID (EID) Route Locator (RLOC) Ingress Tunnel Router (ITR) Egress Tunnel Router (ETR) 1)ITR consults directory to get Route Locator (RLOC) for the destination End-point ID (EID) 2)ITR IPinIP encapsulates traffic to send it to the RLOC address 3)ETRs receive and decapsulate traffic IP_DA= A IP_DA = Here RLOC routes only Granular reachability information for hosts in extended subnet If a host moves, its mapping is updated No end-host state in routing tables 1 Encap 2 Decap 3 OTV

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 26 OTV 在企业网的应用  部门位置分散,需要按照部门划分 VLAN  在园区移动办公  网络迁移  集团单位骨干网为下属单位提供二层通道  等等

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 27 Challenges with LAN Extensions Real Problems Solved by OTV  Extensions over any transport (IP, MPLS)  Failure boundary preservation  Site independence / isolation  Optimal BW utilization (no head-end replication)  Resiliency/multihoming  Built-in end-to-end loop prevention  Multisite connectivity (inter and intra DC)  Scalability  VLANs, sites, MACs  ARP, broadcasts/floods  Operations simplicity South Data Center North Data Center North Data Center Fault Domain LAN Extension Only 5 CLI commands

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 28 OTV 现阶段不足之处  IETF draft ,还未形成正式标准 IETF draft  Convergence time ( 3s-30s )  目前支持的 Site 比较少,不适合汇聚层的部署  SVI limitation  目前 Per-VLAN AED 流量负载平衡问题  目前 backbone 必须支持组播

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 29


Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 用 Nexus 设计数据中心 - Deploying OTV in Datacenter."

Similar presentations


Ads by Google