Professional Documents
Culture Documents
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 History of the Modern Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 application Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Server Platform Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Infrastructure Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 operational Models Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 types of Data Centers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 transactional Production Data Center Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Content and Hosting Services Production Data Center Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 High-Performance Compute (HPC) Production Data Center Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Enterprise It Data Centers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Small and Midsize Business It Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 the New Role of the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Physical layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 top of Rack/Bottom of Rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 End of Row . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Middle of Row . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Cloud Data Center Network Design Guidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Physical Network topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Single tier topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14 Multitier topologies (access-Core) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 access-Core Mesh Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Resiliency Design and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 application Resiliency Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 application Resource Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Critical application Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Server link Resiliency Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Server link Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Network Device Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Virtual Machine Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Network Device Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Hot-Swappable Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Unified In-Service Software Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Unified ISSU Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Redundant Switching Fabric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Redundant Routing Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Network oS Resiliency and Reliability Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Routing and Forwarding on Separate Planes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Modular Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Single Code Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Graceful Routing Engine Switchover (GRES) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Nonstop active Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Nonstop Bridging/Nonstop Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Network Resiliency Designs and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 access-Core Inverse U loop-Free Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Multichassis link aggregation Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Redundant trunk Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Virtual Chassis at the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 layer 3 Routing Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Multiple Spanning tree Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
MPlS at Core level for large Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 agility and Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Virtual Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 logical Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Virtual Chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 VlaNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Security Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 MPlS VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Capacity Planning, Performance, and Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 throughput . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 oversubscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 latency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Modular Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Port Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Software Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Solution ImplementationSample Design Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Scenario 1: Enterprise Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41 Scenario 2: transactional Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 about Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Table of Figures
Figure 1. top of rack deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Figure 2. Virtual Chassis in a top of row layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Figure 3. Dedicated Virtual Chassis daisy-chained ring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Figure 4. Virtual Chassis braided ring cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Figure 5. Extended Virtual Chassis configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Figure 6. End of row deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Figure 7. Middle of row deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Figure 8. Single tier network topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Figure 9. access-core hub and spoke network topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Figure 10. access-core inverse U network topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Figure 11. access-core mesh network topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Figure 12. application resource pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Figure 13. Critical application resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Figure 14. Server link resiliency overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Figure 15. Separate control and forwarding planes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Figure 16. Resiliency with access-core inverse U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Figure 17. Multichassis laG configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Figure 18. RtG configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Figure 19. Virtual Chassis core configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Figure 20. layer 3 configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Figure 21. MStP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Figure 22. MlPS design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Figure 23. Network with logical systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Figure 24. VPlS switching across data centers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Figure 25. agility designs for the data centers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Figure 26. traditional versus virtual appliance architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Figure 27. Simplified data center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Figure 28. Use Case: Enterprise data center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Figure 29. Use Case: transactional data center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Introduction
Data centers have evolved over the past several decades from single point, concentrated processing centers to dynamic, highly distributed, rapidly changing, virtualized centers that provide myriad services to highly distributed, global user populations. a powerful new cloud computing paradigm has emerged in which users request and receive information and services dynamically over networks from an abstracted set of resources. the resources are somewhere out there in the cloud. Users dont care where or how the resources are provided; they only care that their applications, data, and content are available when needed, automatically, and at the desired level of quality and security. as demands for cloud computing services grow and change at an ever increasing pace, it becomes critical for data center planners to address both current and evolving needs, and to choose a flexible, dynamic cloud data center design that can effectively meet the complex challenges of the global information age. to aid in this process, it will be helpful to look back at how applications, computing platforms, infrastructure, and operations have changed since modern data centers were first introduced, and what those changes mean for todays data center designers. we will find a common themethat the network is the key to the new data center and the most critical element to consider in data center design.
Scope
at the beginning of this guide, we review the history of modern data centers. the remainder of this guide introduces the design principles, physical layouts, network topologies, and protocols that provide the foundation of the cloudready data center network. we present a comprehensive set of guidelines for data center design, and consider how the guidelines can be applied in practice to two different data center typesan enterprise data center and a transactional data center. Finally, we describe how to use Juniper products and solutions to design data centers that fully realize the promise of cloud computing. this Design Guide is intended for the following personnel: Customers in the enterprise and public sector Service providers Juniper partners It and network industry analysts Individuals in sales, network design, system integration, technical support, product development, management, and marketing who have an interest in data center design
the 1990s saw the explosion of Internet communications and the full arrival of the global information age. ordersof-magnitude increases in bandwidth, ubiquitous access, powerful routing protocols, and dedicated hardware allowed applications to break out of the single computer or single server model. applications started to function in multiple tiers, in which each tier provided specialized application services. the application tier performed application processing, drawing from the storage tier, while the presentation tier supported user interaction through a web interface. application development relied on standard languages (Java), tiers communicated with each other using standard protocols (tCP/IP), and standard presentation protocols (HttP) provided support across many types of platforms and web browsers. Backend processing became modular, with greatly increased communications within laNs and waNs. application evolution has since seen the rise of service-oriented architectures (Soas), in which each application client handles a piece of information collected from multiple systems, and multiple servers may deliver a single service. Each application is delivered as a menu of services, and new applications are constructed from existing applications in a process known as mashup. For example, a credit transaction application may be constructed from a set of applicationsone that handles the user interaction, another that performs a credit check, and another that processes the actual transaction. Each application may have an independent web presence that resides in multiple locations. with Soas, large, custom, single purpose applications have been replaced by smaller, specialized, generic functions that provide services to multiple applications. For example, an application service provider may offer a single credit check application to other application providers. and full applications, which consist of multiple single purpose applications, are now offered as a service to users. For example, a company no longer needs to purchase equipment and software to provide customer relationship management (CRM) functionality. Instead, it can purchase CRM services from a company such as Salesforce that in turn depends on other specialized application functions. all of these developments result in complete dependence of applications on the network: within the data center, between data centers, and between data centers and users. as application demand increases, more nodes must be added to the compute cycle and all nodes must be interconnected and remain synchronized. application users now have high expectations of availability, performance, and overall user experience, and support for quality of service (QoS) and service-level agreements (Slas) are a must. the network must be able to offer predictable performance and quality, while handling increasingly complex communication flows and patterns.
Infrastructure Evolution
In addition to individual platform evolution and the introduction of machine virtualization, there has been an evolution in how physical servers and network elements are designed and deployed. on the server side, the advent of virtualization and low cost x86-based servers has led to the introduction of blade servers and server clusters. a blade server is a chassis that houses individual blade machines that are connected by an internal Ethernet switch. Server clusters use a back channel Infiniband connection that allows separate physical servers to operate as a single node. to support these configurations, the network must extend itself at the control level to communicate with the proprietary networks within the blade server or cluster. on the network side, converged I/o and Converged Enhanced Ethernet (CEE) are driving changes in how servers and storage systems connect within the data center. Converged I/o allows a server to have fewer physical interfaces, with each interface supporting multiple logical interfaces. For example, within a blade server, a few physical interfaces may support bridge connections, laN connections, and compute connections for a variety of protocols. the evolving CEE standards effort is focused on adding lossless transport capabilities to Ethernet communications with the goal of extending converged I/o to server/storage links. the physical communications infrastructure is also undergoing significant changes. as the current standard of 1/10 Gbps for communication within the data center grows to 40/100 Gbps over the decade, data centers will need to rely more and more on fiber capacity and will need to develop cost-effective cabling plans.
Design Considerations
In the face of exponentially increasing complexity in compute and networking systems, it becomes critical to design data centers that reduce complexity. Juniper addresses this concern with an approach and products that greatly simplify data center design, deployment, and operation. the Juniper strategy optimizes designs in the following dimensions, each of which enables data centers to meet important application delivery objectives: 1. Simplify. Simplifying the data center network means minimizing the number of network elements required to achieve a particular design, thus reducing both capital and operating costs. Simplifying also means streamlining data center network operations with consistently implemented software and controls. 2. Share. Sharing the data center network means intelligently (and in many cases dynamically) partitioning the infrastructure to support diverse applications and user groups, and interconnecting large pools of resources with maximum agility. In many cases, this involves powerful virtualization technologies that allow multiple logical operations to be performed on individual physical entities (such as switches, routers, and appliances). 3. Secure. Securing the data center network extends protection to support the rich, distributed architectures that many applications currently use. this requires a robust, multidimensional approach that enhances and extends traditional perimeter defenses. Increasing the granularity and agility of security policies enables trusted sharing of incoming information and resident data within the data center, while complementing the functions embedded in operating systems and applications. 4. Automate. automating means the ability to capture the key steps involved in performing management, operational, and application tasks, and embedding task execution in software that adds intelligence to the overall data center operation. tasks can include synchronizing configurations among multiple disparate elements, starting and stopping critical operations under various conditions, and diagnosing or profiling operations on the dimensions that are important for managers to observe. with this high-level design framework in mind, we can now discuss the individual functional components of the cloud data center and their associated requirements and enabling technologies.
Physical Layout
Planning the physical data center layout is an important first step in designing the data center. the data center is usually divided into multiple physical segments that are commonly referred to as segments, zones, cells, or pods. Each segment consists of rows or racks containing equipment that provides compute resources, data storage, networking, and other services. In this section, we consider various physical layout options. Major factors to consider include cabling requirements, cable length restrictions, power and cooling requirements, operations, and management. after the basic segment is specified, the same physical layout can be replicated across all segments of the data center or in multiple data centers. this modular design approach improves the scalability of the deployment, while reducing complexity and enabling efficient management and operations. the physical layout of networking devices in the data center must balance the need for efficiency in equipment deployment with restrictions on cable lengths and other physical considerations. there are trade-offs to consider between deployments in which network devices are consolidated in a single rack versus deployments in which devices are distributed across multiple racks. adopting an efficient solution at the rack and row levels ensures efficiency of the overall design as racks and rows are replicated throughout the data center. this section considers the following data center layout options: top of rack/bottom of rack End of row Middle of row
with top of rack/bottom of rack layouts, it is easy to provide switching redundancy on a per rack basis. However, note that each legacy device must be managed individually, which can complicate operations and add expense since multiple discreet 24- or 48-port devices are required to meet connectivity needs. Both top of rack and bottom of rack deployments provide the same advantages with respect to cabling and switching redundancy. top of rack deployments provide more convenient access to the network devices, while bottom of rack deployments can be more efficient from an airflow and power perspective, because cool air from under floor HVaC systems reaches the network devices in the rack before continuing to flow upward. top of rack/bottom of rack deployments have some disadvantages, however. Because the devices serve only the servers in a single rack, uplinks are required for connection between the servers in adjacent racks, and the resulting increase in latency may affect overall performance. agility is limited because modest increases in server deployment must be matched by the addition of new devices. Finally, because each device manages only a small number of servers, more devices are typically required than would otherwise be needed to support the server population. Juniper has developed a solution that delivers the significant benefits of top of rack/bottom of rack deployments while addressing the above mentioned issues. the solution, Virtual Chassis, is described in the next section.
Virtual Chassis
Junipers approach of virtualizing network devices using Virtual Chassis delivers all of the benefits of top of rack/ bottom of rack deployments while also reducing management complexity, providing efficient forwarding paths for server-to-server traffic, and reducing the number of uplink requirements. a single Virtual Chassis supports up to 10 devices using cross-connects. From a management perspective, multiple devices become one logical device. this approach simplifies management by reducing the number of logically managed devices, and it offers agile options for the number and deployment of uplinks. It also allows servers to support network interface card (NIC) teaming using link aggregation groups (laGs) with multiple members of the same Virtual Chassis configuration. this increases the total server network bandwidth, while also providing up to 9:1 server link redundancy. Figure 2 illustrates a Virtual Chassis using two devices in a top of rack deployment.
Uplink
Uplink
RE0 RE1
64 Gigabit Ethernet Dedicated Virtual Chassis 10-Gigabit Ethernet Uplinks RE0 RE1 Virtual Chassis Master Virtual Chassis Backup
10
Juniper supports flexible placement of EX4200 devices as part of a Virtual Chassis configuration. Possible deployments include members in a single rack, across several racks, in the same wiring closet, or spanning wiring closets across floors, buildings, and facilities. when interconnecting devices through dedicated Virtual Chassis ports, the physical distance between two directly connected devices may not exceed 5 meters, which is the maximum Virtual Chassis port cable length. a Virtual Chassis configuration can be extended by using uplink ports configured as Virtual Chassis ports to allow a greater distance between two directly connected member devices. there are three cabling methods for interconnecting devices in a Virtual Chassis configurationdaisy-chained ring, braided ring, and extended Virtual Chassis configuration, as described in the following subsections. we recommend that devices in a Virtual Chassis configuration be connected in a ring topology for resiliency and speed. a ring configuration provides up to 128 Gbps of bandwidth between member devices. Daisy-Chained Ring In the daisy-chained ring configuration, each device in the Virtual Chassis configuration is connected to the device immediately adjacent to it. Members at the end of the Virtual Chassis configuration are connected to each other to complete the ring topology. Connections between devices can use either Virtual Chassis port on the back of a device (for example, VCP 0 to VCP 0 or VCP 0 to VCP 1). the daisy-chained ring configuration provides a simple and intuitive method for interconnecting devices. the maximum height or breadth of the Virtual Chassis is 5 meters.
5m
22.5m
11
Extended Virtual Chassis Configuration the extended Virtual Chassis configuration allows the interconnection of individual Virtual Chassis members or dedicated Virtual Chassis configurations across distances of up to 40 km with redundant fiber links. this configuration is used when deploying a Virtual Chassis configuration across wiring closets, data center racks, data center rows, or facilities. In this configuration, optional EX-UM-2XFP or EX-UM-4SFP uplink modules or fixed small form-factor pluggable transceiver (SFP) base ports in the EX4200-24F are used to interconnect the members of the Virtual Chassis. Multiple uplinks can be used for additional bandwidth and link redundancy. Note: Beginning with Juniper Networks Junos operating system 9.3, the 24 fixed Gigabit Ethernet SFP base ports in the EX4200-24F device can be configured as Virtual Chassis ports to extend Virtual Chassis configurations.
Gigabit Ethernet or 10-Gigabit Ethernet Virtual Chassis Extension Virtual Chassis Location #1
48PoE
44 45 46 47 01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
48PoE
44 45 46 47
EX4200 Series
01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
48PoE
44 45 46 47 01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
EX4200 Series
40 41 42 43
48PoE
44 45 46 47
EX4200 Series
01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
48PoE
44 45 46 47 01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
EX4200 Series
40 41 42 43
48PoE
44 45 46 47
EX4200 Series
01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
48PoE
44 45 46 47 01 23 45 67 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
EX4200 Series
40 41 42 43
48PoE
44 45 46 47
12
traditional modular chassis devices have commonly been used in end of row deployments, where cable lengths are relatively long between servers and network devices. Cable lengths may exceed the length limits for 10GbE/40GbE connections, so careful planning is required to accommodate high-speed network connectivity. Device port utilization is suboptimal with traditional chassis-based devices, and most consume a great deal of power and cooling, even when not fully configured or utilized. In addition, these large chassis-based devices may take up a great deal of valuable data center space.
Middle of Row
a middle of row deployment is exactly like an end of row deployment, except that the devices are deployed in the middle of the row instead of at the end. this configuration provides some advantages over end of row deployment, such as the ability to reduce cable lengths to support 10GbE/40GbE server connections. High-density, large form-factor devices are supported, fewer uplinks are required in comparison with top of row deployments, and a simplified network topology can be adopted. the EX4200 line and EX8200 line support middle of row deployments.
Network Devices
EX8200
1G 10G MIXES 1G X X X X X X
X X
End of row
10G MIXES 1G
Middle of row
10G MIXES
13
table 1 lists Juniper Networks products and shows how they support the physical layouts that we have discussed. Each product has been designed for flexibility and easy integration into the data center. EX8200 line of Ethernet Switches delivers the performance, scalability, and carrier-class reliability required for todays high-density enterprise data center and campus aggregation and core environments, as well as highperformance service provider interconnects. EX8200 Ethernet line cards are specifically designed to optimize enterprise applications. EX4200 Ethernet Switch combines the high availability and carrier-class reliability of modular systems with the economics and flexibility of stackable platforms, delivering a high-performance, scalable solution for data center, campus, and branch office environments. offering a full suite of l2 and l3 switching capabilities as part of the base software, the EX4200 satisfies a variety of high-performance applications, including branch, campus, and data center access deployments as well as GbE aggregation deployments. the high-performance Juniper Networks QFX3500 Switch addresses a wide range of deployment scenarios, which include traditional data centers, virtualized data centers, high-performance computing, network-attached storage, converged server I/o, and cloud computing. Featuring 48 dual-mode small form-factor pluggable transceiver (SFP+/SFP) ports and four quad small form-factor pluggable plus (QSFP+) ports in a 1 U form factor, the QFX3500 Switch delivers feature rich layer 2 and layer 3 connectivity to networked devices such as rack servers, blade servers, storage systems, and other switches in highly demanding, high-performance data center environments. For converged server edge access environments, the QFX3500 is also a standards-based Fibre Channel over Ethernet (FCoE) transit Switch and FCoE to Fibre Channel (FCoE-FC) Gateway, enabling customers to protect their investments in existing data center aggregation and Fibre Channel storage area network (SaN) infrastructures.
14
Figure 8 shows a single tier topology that has been architected for resiliency. Each device has internal resiliency capabilities, and the devices are connected through multiple redundant links.
Compute
IP Storage
15
Figure 9 shows the access-core hub and spoke design. the EX8200, EX4200, and QFX3500 can serve as access devices, and the EX8200 line, Juniper Networks MX480 and MX960 3D Universal Edge Routers can serve as core devices. this design is very commonly deployed, as it produces highly resilient and scalable networks.
Compute
IP Storage
16
EX Series/ MX Series
EX Series/ QFX3500
Compute
IP Storage
17
Figure 11 includes a partial access-core mesh configuration on the left and a full mesh configuration on the right.
Layer 3 Layer 2
Layer 3 Layer 2
Compute
IP Storage
Compute
IP Storage
18
application resource pools are an effective resiliency solution; however, they may require synchronous state and data replication among the nodes in the resource pool to ensure that the application instances remain synchronized. when designing such a solution, it is important to plan for any synchronous coordination and load balancing, as well as to consider the associated performance, connectivity, and latency effects.
19
EX Series/ QFX3500
Link resiliency
Standby link
Active-active LAG
Standby link
VM
VM Compute
VM VM Mobility
VM
VM Compute
VM
20
Minimizing single points of failure is of major importance in the data center because modern service-level guarantees and five nines uptime requirements preclude the traditional practice of scheduled downtime for maintenance. In some cases, maintenance window provisions in requests for proposal (RFPs) have disappeared altogether. Globalization is also a significant factorwith multiple customers and teams working around the clock, there are no off peak traffic periods for the always-on network. the bottom line is this. Modern network operating systems must enable in-service router changes and upgrades.
Hot-Swappable Interfaces
the routing community took the first step towards facilitating unified ISSU when vendors introduced hot-swappable interfaces for network devices. Many routers, including all of those in Junipers product line, no longer need to be reset to insert or remove an interface card. Instead, the box dynamically recognizes the new interface and begins to communicate with it immediately. New components can thus be inserted and removed from the router without taking the system down.
21
22
Control Plane
Route Processes RIB Management Processes Kennel FIB Security
Forwarding Plane
FIB Layer 2 Processing Interfacces
Modular Software
the division of labor between control and forwarding planes has its parallel in the next essential architectural characteristic of Junos oSits fundamental modularity. a key advantage of modularity is the inherent fault tolerance that it brings to the software. Each module of Junos oS runs in its own protected memory space and can restart independently, so one module cannot disrupt another by scribbling on its memory. If there is a software problem with Junos oS production code, the problem can be quickly identified, isolated, and fixed without an interruption in service. Junos oS automatically restarts failed modules without having to reboot the entire device. the modular Junos oS design is in stark contrast to monolithic architectures in which the operating system consists of a large single code set. In a monolithic architecture without isolation between processes, a malfunction may cause a full system crash, as one failure creates memory leaks and other problems that affect many other processes. the device must restart to correct the problem, putting the platform out of service for the restart period.
23
Juniper Networks methodologically enhances the single Junos oS source base through a highly disciplined development process that follows a single release train. Developers ensure a single consistent code set for each feature, and the result is well understood, extensively tested code. the Junos oS testing process includes repeated testing with automated regression scripts. Developed over many years, these test scripts are key pieces of Juniper Networks intellectual property. through the extensive testing of each Junos oS release, bugs and other problems are likely to be found and corrected by Juniper engineers before customers ever see the new version. Because the same code runs across all Juniper Networks routers, each feature provides a common user experience on all devices. a BGP or oSPF configuration works the same way on a branch router as it does in the core of a service provider network, and also uses the same diagnostic and configuration tools. when a network rolls out on multiple Juniper platforms, a single operations team already has the knowledge required to configure and monitor all of the new devices. this kind of efficiency can significantly reduce a networks operating expense.
24
During the grace period, it is assumed that the node that is not routing is forwarding traffic and preserved stateoften called nonstop forwarding. the graceful wait interval is configurable by the user and negotiated between the nodes. It is usually several seconds long. During the graceful wait interval, the traffic is not supported by active routing, so a restarting nonstop forwarding node could potentially send traffic to a destination that is no longer validoften called blackholing traffic. other considerations associated with graceful restart include the following: Each neighbor is required to support the graceful restart protocol extensions. Graceful restart must stop if the network topology changes during the grace period. In some cases, it is not possible to distinguish between link failure and control plane failure. Routing reconvergence could exceed the grace period, for example if router X has hundreds of BGP peers or protocol interdependencies that complicate the reconvergence process. there is no widespread industry acceptance of graceful restart. the requirement for all nodes to be running the graceful restart extensions is particularly bothersome in a multivendor, multichassis environment, and even more difficult when a different organization controls each peering router. In addition, during the graceful restart period, router X is not removed from the network topology, and the topology is therefore frozen. this means that graceful restart should only be used when the network is stablea circumstance that is difficult to guarantee. a better solution is required, one that is transparent to network peers, does not require peer participation or allow adjacencies or sessions to drop, and has a minimal impact on convergence. the RE switchover should also be allowable at any point, no matter how much routing is in flux.
25
NSR allows a routing platform with redundant Routing Engines to switch over from a primary RE to a backup RE without alerting peer nodes that a change has occurred. Nonstop bridging extends these benefits to the l2 protocols implemented in Ethernet switching. together, these features enable RE switchover that is transparent to neighbors, maintaining l2 and l3 stability for supported platforms and protocols. Because NSR does not disrupt protocol adjacencies, the RE switchover is transparent to neighbors. Even if the routing topology changes during the switchover, routing remains stable.
26
Access Tier
QFX3500
pNIC1 pNIC1 pNIC2 pNIC2
27
Figure 17 shows a laG configuration with MX Series devices at the core tier. the figure shows an 802.3ad laG link between the core devices. the connection can also be an l3 link.
802.3ad LAG 802.1q Trunking
28
802.1q Trunking
802.1q Trunking
Access Tier
pNIC1
pNIC2
pNIC1
pNIC2
LAG
LAG
LAG
LAG
29
Edge
MX Series
Core
EX Series MX Series
SRX5800
ECMP
Access
30
the access and core devices can run standard routing protocols, including oSPF or RIP, or use static routing. For dynamic routing, the protocols can take advantage of Bidirectional Forwarding Detection (BFD). the BFD protocol, which was developed at Juniper Networks, is a simple, high-speed hello protocol that verifies connectivity between pairs of systems. BFD neighbor systems negotiate a peer relationship, and each neighbor specifies how quickly it can receive BFD packets. BFD rates can be specified in sub-millisecond increments. BFD is extraordinarily useful because it places a minimal load on network devices, markedly improves failure detection times, and reduces latency within the router and between the router and its neighbors. with nonstop active routing enabled, BFD session state is saved on both the master and backup Routing Engine. when an RE switchover occurs, BFD session state does not need to be restarted, and peer routers continue to interact with the routing platform as if no change had occurred. the layer 3 approach provides the highest link utilization, with optimized network paths determined by the routing protocols. Because operation is at l3, loops are not a concern. the broadcast domain is limited to the pair of access devices; however with Virtual Chassis deployment, a VlaN restricted within an access device does not limit the VlaN to a single rack or row. Up to 10 EX4200 switches can be flexibly deployed as part of the Virtual Chassis within the row, across the row, or across the data center location. with this agile deployment, Virtual Chassis extends the VlaN within the data center even when the VlaN is limited to a single pair of access devices.
31
Figure 21 shows an example MStP implementation. this design is typically used for legacy compatibility.
Edge
MX Series
Core
SRX5800
MSTP
Access
32
MPlS provides the most efficient method to extend a network segment across a data center location using l3 VPN technology, which supports dynamic discovery and minimizes operational configuration. as shown in the following figure, each data center network segment consists of a two-tier network architecture (access-core). Each segment connects to an MPlS-enabled network through a pair of edge tier devices. Juniper Network M Series Multiservice Edge Routers and MX Series 3D Universal Edge Routers support MPlS and can be dedicated for edge functions or consolidated for core/edge functions based on scale and performance requirements. the MPlS network consists of an MPlS core network and MPlS edge network. the core network transports MPlS labeled packets and the MPlS signaling protocol to dynamically distribute labeling and traffic forwarding information. It can also support traffic engineering capabilities to provide service guarantees for application traffic. the two major protocols used for signaling lSPs are lDP and RSVP. the IEtF does not specify particular signaling for dynamic lSPs. Each has a unique function and purpose. a simpler protocol with hop-by-hop signaling and interior gateway protocol (IGP) path dependency, lDP offers ease of configuration and troubleshooting. RSVP provides granular traffic engineering capabilities. It reserves whole end-to-end paths and can provide its own path selection. Implementing RSVP requires manual configuration for each lSP at the ingress mode. In contrast, by simply enabling lDP, lSP connectivity occurs among all routers. the following is a detailed explanation of this process. the MPlS edge provides the mapping of local network segment to MPlS network segment. the local segment can be identified by a VlaN or set of VlaNs. It also provides automatic discovery and signaling to extend the segments across the MPlS network to other data center network segments. For MPlS VPN signaling, MP-iBGP is used. Using MP-iBGP label edge router (lER) acquires reachability information about a given VPN network through the BGP community and VPN-IPv4 family. Data center designers can also take advantage of route reflector support of iBGP to support large scale MPlS deployments that support autodiscovery and signaling to simplify operations when new VPNs or sites are introduced. this capability significantly reduces the operational effort.
MPLS
MX Series
MX Series
EX8200
QFX3500
EX4200
EX8200
33
MPlS traffic engineering allows end-to-end QoS experience as well as fast network convergence (~50 ms) in case of network connection failures. this increases the transparency of network failures for applications and minimizes or eliminates disruption in application services. the MPlS backbone can also be extended to enterprise waN connections. this improves application delivery over the cloud network and meets performance and high availability requirements for application delivery and increased business productivity. the MPlS network provides the needed traffic separation and segmentation to permit creation of virtual network links to support on-demand resource allocation. Simple and transparent, MPlS automatically handles many of the details involved in segmenting and transmitting traffic. MPlS technologies are fast enough to respond to demand, faulttolerant, and able to provide fast convergence and recovery time. as an industry leader in the development and deployment of MPlS, Juniper Networks leads the way in making it possible for enterprises and service providers to implement network architectures and services based on MPlS. the MX Series provides a wide range of MPlS features and functionality powered by Junos oS.
Logical Systems
a logical system is a partition of a physical router and can contain multiple routing instances and routing tables. traditionally, a service provider network design required multiple layers of switches and routers to transport packet traffic between customers. as seen on the left side of Figure 23, access devices are connected to edge devices, which are in turn connected to core devices.
Network topology without logistical systems
(eight separate physical devices)
34
this complexity can lead to challenges in maintenance, configuration, and operation. to reduce such complexity, Juniper supports logical systems. logical systems perform a subset of the actions of the main router and have their own unique routing tables, interfaces, policies, and routing instances. as shown on the right side of the figure, a set of logical systems within a single router can handle the functions previously performed by several small routers. with Junos oS, you can partition a single router into multiple logical devices that perform independent routing tasks. Because logical systems perform a subset of the tasks once handled by the main router, logical systems offer an effective way to maximize the use of a single routing or switching platform.
Virtual Routers
Virtual routers enable you to maintain resources for multiple devices within a single device. In the router case, it is most important to maintain separate routing tables for each virtual router so the virtual routers are isolated from each other. you can allocate which routing protocols and which interfaces on a device will participate as part of each virtual router.
Logical Routers
a logical router is a partition of a physical router and can contain multiple routing instances and routing tables. logical routers perform a subset of the actions of a physical router with their own unique routing tables, interfaces, policies, and routing instances. a set of logical routers within a single router can handle the functions previously performed by several small routers. a logical router can contain multiple virtual router routing instances. logical routers enhance agility in the data center by supporting expansion and reconfiguration through straightforward application of routing policies within the logical routers.
Virtual Chassis
a feature of the EX4200 devices, Virtual Chassis allows the interconnection and operation of switches as a unified, single, high bandwidth device. In a Virtual Chassis configuration, all member switches are managed and monitored as a single logical device. this approach simplifies network operations, allows the separation of placement and logical groupings of physical devices, and provides efficient use of resources. Management of the Virtual Chassis configuration is performed through the master switch. a Virtual Management Ethernet (VME) interface allows remote management by connecting to the out-of-band management port of any member switch through a single IP address. Data center staff can easily add devices to a Virtual Chassis without disrupting operations or modifying the underlying infrastructure.
VLANs
By logically segmenting traffic according to organization, function, or resource usage, data center operators can segment traffic for efficient traffic flow without changing the physical equipment configuration. Security policies and broadcast activity can be set up on a per VlaN basis, and changes in usage patterns can be readily accommodated by changes in VlaN assignment. VlaNs are highly scalable within and across data centers
Security Zones
Security zones are logical entities to which one or more interfaces are bound. with many types of Juniper Networks devices, you can define multiple security zones to meet specific network needs. on a single device, multiple security zones divide the network into segments to which you can apply various security policies to satisfy the needs of each segment. Security zones are the building blocks for policies. Security zones provide a means of distinguishing groups of hosts (user systems and other hosts such as servers) and their resources from one another in order to apply different security measures to them. Security zones can also be defined to perform specific functions, such as management zones for host management interfaces. Security zones enhance agility by allowing data center operators to apply fine granularity to network security design without deploying multiple security appliances.
35
MPLS VPNs
By adopting MPlS open standards and large-scale efficiency to support network virtualization for interconnected networks between data center locations, data center designers can extend network segments across data center locations using l3 VPN technology, which supports dynamic discovery and minimizes operational configuration. Figure 24 shows how VPlS supports switching across data centers. In this example, each of two data centers has several server and storage pools that are connected to EX Series access devices in a Virtual Chassis arrangement and in turn to MX Series core devices. Upstream, the core devices also provide MPlS waN connectivity to the outside world, including a second data center. VRRP is included for redundancy at the core level.
Core
MX Series
MX Series
EX Series
EX Series
Virtual Chassis
Virtual Chassis
Mirroring VLAN 1
Mirroring VLAN 2
Mirroring VLAN 1
Mirroring VLAN 2
Data Center 1
Data Center 2
36
Zone 1
Zone 2
VLANs
MPLS-VPN
VPLS-VPN
Zone 3
Data Center
Security zones
DMZ Architecture simplifcation: Consolidated Web Firewalls (SRX5800) Consolidated Scalable, High-Performance Routers App (MX960)
SRX5800
EX Series MX Series
SRX5800
EX Series/ QFX3500
37
Challenges include the following: Users require rapid secure access to large volumes of distributed data for multitiered applications. Numerous interconnections in the traditional, layered physical data center architecture lead to network utilization inefficiencies. the data center designer can address these challenges in the following ways: Improve secure access to large volumes of distributed data by moving from a traditional, layered physical architecture to a virtual architecture Improve network utilization with a collapsed two-tier network architecture the simplified virtual architecture shown on the right of Figure 26 shows a decoupling of the network architecture from the application deployment architecture. any-to-any connectivity is provided between the end users and application services. this is achieved with the introduction of a virtualization layer that essentially decouples the network resource and the application services. Decoupling allows applications to be transparent to the underlying network resources. after decoupling, network service virtualization can be mapped into virtual security zones or trust zones in the Juniper Networks SRX Series Services Gateways, providing the same or higher levels of security than the traditional architecture. Figure 27 shows a simplified data center in which the network resources and applications are decoupled. Core MX Series routers connect to SRX Series platforms that have virtual security services configured in independent security zones. the top of rack deployment is configured to use Virtual Chassis. the waN edge connects the data center to the outside world.
WAN Edge
M Series
M Series
Mapping of VLANs to Security Zones Map VRFs on core to routing instances on SRX Series Establish adjacency between VRFs on core Trac between networks runs through SRX Series by default or ltered on MX Series IP VPN
VRF #1 VRF #2
EX Series MX Series
VRF #1 VRF #2
SRX5800
IPS #1 Firewall #1 NAT #1
NAT #1
VLANs
Access Layer
EX4200 Series
HR
Finance
Guest
Departments
Trunk
VPN
Server VLAN
38
Data for different departments (for example, human resources, finance, or guest) is hosted in different data center servers. the traffic to and from the departments is separated by different VPNs. a virtual routing and forwarding table (VRF) can be configured to send specific VPN traffic to virtual security zones that contain intrusion prevention system (IPS), Network address translation (Nat), and firewalls. other VPN traffic can be directed to destinations without further processing. Multiple security zones can apply specific policies for the VPN traffic, which may traverse multiple security zones inside the SRX Series before being sent to its destination VPN.
Throughput
Each network device has a maximum capacity, or throughput, which is the maximum rate at which it can pass traffic across the backplane and to interface cards. total throughput depends on the interface capacity (10GbE or 40GbE/100GbE in the near future). the back plane capacity determines the forwarding capacity of the device and typically scales to a few terabytes. Data center designers should consider the non-blocking performance of the device to calculate the maximum achievable network throughput.
Oversubscription
oversubscription refers to the relationship between available capacity and the potential demands for that capacity. For example, if an application serves 100 users and the available throughput supports 50 simultaneous users, then access to the application is oversubscribed at a ratio of 2:1. traditionally, oversubscription was acceptable because links were typically underutilized and the application server itself was the bottleneck. with virtualization, link utilization is much higher, and it is more likely that link capacity will max out with oversubscription. whether oversubscription becomes a significant problem depends on the nature of the application, the expected number of simultaneous access sessions, application performance requirements, and predictions on how these metrics will change over time. the data center designer should take all of these factors into account in capacity planning. Specifically, to reduce oversubscription, the core tier should be non-blocking and provide line-rate (wire-rate) forwarding.
Latency
latency refers to the delays that occur in the network due to a variety of factors, including number of links, processing, and buffering. Even the smallest individual delays can contribute to poor user perception of performance and loss of productivity. we have previously discussed the advantages of multitier designs, which support scalability and resiliency. an unintended consequence of these designs can be increased latency, because traffic from one server to another must pass through the access layer tier to the core tier and then back down to the access tier to reach the destination server. Data center designers can reduce latency and increase performance in multitier designs by deploying Junipers Virtual Chassis at the access tier. Server-to-server traffic within the Virtual Chassis domain does not need to travel up the core tier. as shown in Figure 28, traffic can flow between the servers in Rack 1 and Rack 2 through the Virtual Chassis without traveling up to the core.
39
Modular Scalability
we previously discussed virtualization techniques and how they allow data center operators to add and move resources without adding or reconfiguring physical devices. Even with maximal use of virtualization techniques, it will be necessary to add physical capacity to support growth. Juniper products are based on modular designs and support easy addition of physical capacity on demand, without service disruption. Designers should specify chassis capacity to support long-term growth, allowing data center operators to add additional cards to the chassis as needed.
Port Capacity
Port capacity, combined with throughput, determines the volume of traffic that a network device can support. Juniper products are highly scalabledesigned with multiple 1GbE and 10GbE ports for highly scalable port capacity. Designers can add or reconfigure ports to be consistent with objectives for throughput, latency, and performance.
Software Configuration
In addition to the equipment considerations discussed in this section, software sizing is an important factor in planning for capacity, performance, and scaling. the MaC table, routing table, aRP table, number of multicast routers, and number of access control lists (aCls) all control the amount of traffic that can pass through a device. other factors include the number of supported VlaNs, virtual routers, logical routers, and logical systems. Designers should plan for sufficient capacity for all of these elements.
40
to thrive in todays dynamic and complex world, the company needs a simple, secure, easy to operate, and no compromise data center networking solution. Requirements operational simplicity through simplified design Simplified services integration High-performance network Reduced total cost of operation. Now lets look at the details of these requirements. the data center network must deliver high performance to meet burgeoning bandwidth requirements for high-performance compute clusters, reduce application response time, and increase network efficiency. Network performance to support applications must be seamless across multiple data centers and incorporate high availability features for resiliency. the It organization must continually work to improve productivity while remaining under tight budgetary constraints. to meet these challenges, the organization should adopt a data center design that incorporates operational simplicity with a single network operating system and a standard management interface. a simplified design that eliminates spanning tree complexity will improve network performance, reduce latency, and increase operational efficiency. with the simplified data center design, security must not be compromised. Simple and effective security services integration is needed to meet intra-data center security and compliance requirements. the It organization is squeezed between growing demands for data center services and ever tightening budgets. It is necessary to adopt designs and products that meet technical requirements while also reducing total cost of operation. the It organization can also address cost and environmental issues by adopting strategies that reduce power consumption and waste. Design Physical device placement. the data center has some applications that run on virtual servers with a 1GbE connection and is also transitioning to a 10GbE compute environment with highly virtualized servers. we choose the top of rack deployment model. the top of rack deployment is recommended because it reduces cabling complexity. this deployment also provides an economical solution for 10GbE server connectivity. Physical network topology. the enterprise depends on business applications that must be highly available to application users. the resiliency of It infrastructure is essential and critical. the access-core mesh described in access-Core Mesh Design earlier in this guide provides dual homed connectivity from each access device to two core devices. this topology is recommended because it provides the needed resiliency while also supporting legacy single homed server deployments. logical network topology. as we have chosen access-core full mesh deployment, it is beneficial to provide load balancing across both uplinks from access. this design reduces oversubscription while making efficient use of network bandwidth. this is achieved by configuring layer 3 routing between the access and core tiers. the EX Series switches deployed at the access tier support full l3 functionality, which is leveraged in this design to provide high performance with a very low oversubscription ratio and highly resilient network design. a pair of access devices is interconnected, and VRRP is configured to provide default gateway redundancy. EX4200 Virtual Chassis. the data center runs high-performance compute cluster-based applications with computing resources that span multiple racks. Virtual Chassis is recommended because it provides efficient communication, supporting multiple racks with high-speed backplane connectivity. Because the high-speed backplane connections are used for intra-cluster communication, uplinks can be used primarily for user-to-server communication, thereby reducing oversubscription. QFX3500. the design uses QFX3500 switches to support the 10GbE server environment with non-blocking, low latency network connections.
41
EX8200 line. the design uses EX8200 line of high-performance switches as non-blocking core platforms to avoid network congestion, reduce oversubscription for access tier-to-core tier network connections, and reduce application response times. SRX3600. a cluster of Juniper Networks SRX3600 Services Gateway high-performance security platforms is integrated at the core tier to provide security services for intra-data center communication and meet compliance and security requirements. Figure 28 shows the enterprise data center design.
Edge
MX Series
Core
SRX3600 Cluster
EX4200
L2/L3 Boundary
QFX3500
Access
Figure 28. use Case: Enterprise data center Scenario 2: Transactional Data Center
this company is a major player in the financial services industry. with automated computation and trading essential to financial services profitability, the level of dependence on high-speed computation and market data feeds from a variety of sources is increasing. at high scale, every microsecond and nanosecond in a transaction count for profit or loss, and there is no tolerance for downtime. the company must be able to deliver line-rate data with the highest levels of security and assurance. Supporting transactions, market data, and algorithmic trading applications at the network level involves a challenging set of technical requirements. the compute infrastructure involves applications through platform drivers to the physical networking devices that are deployed across multiple data center locations. For the compute infrastructure to operate efficiently, performance at all levels must be highly predictable and reliable. In the transactional compute space, the speed at which market data is delivered from the source to the trader or system is critical for timely decisions, and the speed at which decisions arrive at the target exchange affects the relative advantage of the request. the variation between different transaction round trip times is also significant. the
42
company needs an infrastructure with low variation (or jitter) that can translate into a predictable and fair trading system that delivers the same high-performance experience to all clients. Moreover, the high speed and low variability must be maintained as the transactional applications are deployed across multiple data center locations to support high availability and disaster recovery. any solution must also be easily scalable to allow for continued growth in client population and applications. the company is looking for a data center design that can support the required speed, predictability, low variability, and reliability to successfully implement its trading platforms, algorithmic trading applications, and market data distribution systems. with the inherent complexity of the companys networking infrastructure, it is essential to adopt simplified data center design principles and a simplified and effective management solution. while the companys It organization does have some budgetary flexibility to deploy a comprehensive solution, it must still control total cost of operations to ensure that the major focus remains on delivering the services that contribute directly to the companys bottom line. Requirements: low latency, high-performance network High resiliency network, including l2 extension across data centers operational simplicity Reduced cost of operations Now lets look at the details of these requirements. the transactional data center is less burdened by legacy equipment than a typical enterprise data center, so the data center design can focus on optimizing connectivity in the 10GbE environment with heavy use of virtualization. latency must be minimized at every level, and attention must be paid to the number of links and the amount of traffic redirection. the design must be more predictable and less fluid than in situations where latency and variability are not critical. there is no tolerance for downtime in the transactional data center, so the design must support high availability while reducing complexity (such as spanning tree complexity). the network must meet bandwidth requirements for highperformance compute clusters to reduce application response times and increase network efficiency. l2 connectivity is required to support the transactional applications that are deployed across multiple data centers to meet high availability and disaster recovery requirements. a design that incorporates the operational simplicity of a single network operating system and a standard management interface is necessary to allow the It staff to focus on the performance-related aspects of the data center network without having to continually address multiple operating systems and management interfaces. although the transactional data center is typically not as subject to operational cost considerations as a standard enterprise data center, keeping total costs under control allows the organization to meet the primary data center performance objectives. this can extend to reduction of power and waste in the physical data center environment. Design: Physical device placement. the top of rack design reduces cabling complexity and limits latency of server-to-access device connections. It is recommended to support the 10GbE server environment. Physical network topology. In the financial transaction network, performance and latency are the key requirements. we need to design the network to provide deterministic low latency with high resiliency. logical network topology. the access-core inverse U design provides a pair of access devices, each of which is connected to different core devices for resiliency. the network architect can minimize latency through configuration of active and standby links on a fixed set of access and core devices. this simplifies the network design and provides a deterministic low latency for transaction data flows. QFX3500. the design uses QFX3500 devices to provide connectivity in the 10GbE server environment with nonblocking, ultra low latency network connections. EX8200. the design uses EX8200 high-performance devices to serve as non-blocking core platforms to reduce network congestion, oversubscription from the access tier to core tier network connections, and application response times.
43
MX960. the design uses the MX960 to provide inter-data center connectivity with advanced routing capabilities such as MPlS/VPlS to extend the l2 connection across multiple data center locations. advanced QoS and traffic engineering capabilities are used to meet the performance requirements for data replication and application cluster communication. SRX3600. the SRX3600 high-performance security platform cluster is connected to the MX960 to provide secure access from the waN. Figure 29 shows the enterprise data center design.
Edge
MX Series
Core
EX8200 MX960
Access
QFX3500
Summary
with the development of cloud computing, the network has become the cornerstone of the information age infrastructure. Everything now depends on network communicationswithin data center systems, between data centers, and between data centers and users. over the past decade, network complexity has grown exponentially in tandem with the growth in demand for global 24x7x365 services. Distributed processing, logical systems, virtual machines, multitier architectures, and inter-data center communications all place extreme burdens on traditional networking infrastructures, and new approaches are essential to the introduction and success of cloud data centers. as a visionary leader in cloud computing, Juniper Networks is uniquely positioned to deliver the most innovative, comprehensive, efficient, and cost-effective solutions to the challenges faced by cloud data center designers. Designers can select from the complete Juniper family of access and core network devices to create flexible physical layouts and topologies that meet their most exacting requirements. By including Virtual Chassis in the mix, designers can enhance resiliency and high performance, even as they simplify the overall network topology.
44
Resiliency is integral to Juniper data center solutions at all levels, including the application, server, network device, network oS, and physical levels. Designers can choose from a robust set of optimized resiliency designs that operate consistently across all of the Juniper products. Simplicity and modularity are designed into all Juniper solutions. Beginning with individual segments that are optimized for performance and reliability, designers can create data centers of any size and connect multiple data centers for capacity and resiliency. Protocol solutions such as MPlS can be used to interconnect data center network segments within a single data center location or across multiple locations. Finally, Junos oS ties everything together with a common code base, modular design, nondisruptive upgrades, and a growth path that can effectively meet all of the emerging challenges and opportunities of the new world of cloud computing.
Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda avenue Sunnyvale, Ca 94089 USa Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net
APAC Headquarters Juniper Networks (Hong kong) 26/F, Cityplaza one 1111 kings Road taikoo Shing, Hong kong Phone: 852.2332.3636 Fax: 852.2574.7803
EMEA Headquarters Juniper Networks Ireland airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 EMEa Sales: 00800.4586.4737 Fax: 35.31.8903.601
to purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.
Copyright 2011 Juniper Networks, Inc. all rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenoS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. all other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
8020014-002-EN
Feb 2011
45