microsoft power point - event qatar 1st nov building a campus lan only]

8/3/2019 Microsoft Power Point - Event Qatar 1st Nov Building a Campus LAN Only]

1/66

2010 Hewlett-Packard Development Company, L.P. Theinformation contained herein is subject to change without notice

1

HP NetworkingBurhan Abu [email protected]+974 33 101 383


2/66

Topics of Discussion

High Availability what is it and why we need it?

High Availability problems to solve

High Availability how to make it?

2 Internal Use Only. HP Confidential.


3/66

What

Five nines 99.999% - 5 minutes in a year downtime

Service availability (always on, internet dial tone)

Absolute reliability and survivability


Data integrity and protection


4/66

Why

Internet centralized service model

Many people rely on network delivered service (service dependency)

Around the clock operation no maintenance time.


Carrier-grade systems a buzzword

Business downtime costs a lot of money


5/66

Problem

Equipment and software not reliable enough

MTBF and MTTR availability = (MTBF + MTTR)/MTTR

Complex systems combination of MTBF of components


MTTR for HW/SW automatic recovery (reboot) still bad

Mean Time To RepairMean Time Between Failures


6/66

How

No single point of failure hardware, software, network

Redundancy for hardware

Warm restarts for software (problematic) so better rely on hardware


redundancy as well


7/66

Redundancy Types

Load sharing, Load balanced, Active/Active, hot standby, coldstandby

1:1, 1:N, M:N


Chain redundancy versus block redundancy


8/66

Network challenges

Faults and Fault isolation

Failures result of faults

Ways to recover redundancy hot failover


Hardware failover switching HW resources (network, fans, CPUs)

Software failover applications, protocols, databases etc


9/66

Design principles

Hot swappability support to replace faulty units (FRUs)

Resource (equipment and software modules) model and

management


Logging, trace, reporting of failures/switchovers Checkpointing (data mirroring or synchronization) initially and

continuously

Provisioning redundancy state, software upgrades, different

versions.


10/66

Challenges of the Enterprise Campus Network


Solution


11/66



12/66

Best Design Model of Enterprise Campus Network

WAN/Branches

Core LayerHierarchical


Convergence

Layer

Access Layer

Service Layer

Modular

Expandable

Redundant


13/66

Hierarchical The hierarchical network architecture design, and strict definition of the functionsof different layers1. Access layer -The first-layer access of the network achieves L2/L3 access, QoS, broadcast storm

suppression, edge port, access security authentication, VLAN, link binding, 802.1x, and PoE/PoE+.2. Convergence layer Converges traffic from the cable distribution room and executes policies. It can

provide functions such as first-hop gateway, route summary, load balancing, fast convergence, QoS,and the protection of core access users.

3. Core layer-Network backbone. It features high-speed data switching, high capacity, reliability, fast

Hierarchical Structure Design of Enterprise Campus Network


convergence, an ease o ne wor expans on.

Modular Divide topological regions according to architectural regions.

Expandable According to service development requirements, expand the network through thesimple replication of modular units

Redundancy design Provide redundancy protection to equipment and links


14/66


Introduction to Non-Stop Forwarding Technology (NSF)Link ReliabilityLink Aggregation TechnologyRRPP TechnologySmart Link TechnologyDLDP Technology


High Reliability Networking TechnologiesVRRPEquivalent RouteBFDIP FRRIRF


15/66

None Stop Forwardin



16/66

NSF schematic diagram


Forwarding Information Base


17/66

NSF schematic

As an important HA technology on the service plane, NSF ensures non-stop data forwarding when thecontrol plane of the switch fails, for example, fault-triggered restart or routing oscillation, thuspreventing various streams of the network from being impacted. To support NSF, a device shouldmeet the following two requirements:

The device should adopt the distributed architecture, with data forwarding separate from control,and support dual MPUs. When an active/standby switchover takes place, the standby MPU must


save orwar ng en r es orwar ng p ane success u y.

Status (control plane) of some protocols can be saved.

For OSPF, IS-IS, BGP, LDP and other complicated protocols, it costs a lot or it is impossible tocompletely back up complicated status of the control plane. In contrast, by partly backing up someprotocol status (or not backing up protocol status) and the help of adjacent devices, session

connections on the control panel are not reset in the case of active/standby switchover so thatforwarding is not interrupted.


18/66

GR schematic diagram



19/66

GR schematic

The technology for not resetting the control plane is called graceful restart (GR) of routing protocols,

which shows that forwarding is not interrupted when routing protocols are restarted. The core of the

GR mechanism is when the routing protocol of a device is restarted, it informs adjacent devices of

keeping the neighbor relationship and routes to the device stable for a certain period.

After the routing protocol is completely restarted, the adjacent devices help the device to synchronize


the routing information and restore the routing information of the device to the state before the

restart within the shortest time.

During the entire protocol restart, network routes and forwarding are kept highly stable.

The packet forwarding path is not changed in any way. The whole system can forward IP packets

continually. The HP A-Series series switches support GR for OSFP/BGP/IS-IS/LDP/RSVP. When

the active/standby switchover of MPUs takes place, the peer device continues keeping the protocol

neighbor relationship with the local device, thus avoiding network oscillation and guaranteeing

network stability.

Label Distribution Protocol (LDP)Resource Reservation Protocol(RSVP)


20/66


Link Reliability

Link Aggregation Technology

RRPP Technology

Smart Link Technology



21/66

Link A re ation Technolo



22/66


Link aggregation/trunking/bonding technology. The essence of the technologyis that a number of physical links between two devices are combined into a

logical data channel, called an aggregated link. Two physical links between

switches form an aggregated link. Logically the link is a totality. The internal


-

level services.


23/66


The physical links within the aggregation jointly complete the tasks of datatransmitting/receiving, and provide backup to each other. As long as the

aggregation has a normal member, the whole transmission link will not fail. If

Link 1 fails, data tasks of Link 1 are rapidly transferred to Link 2 and data


.


24/66

RRPP Technolo


2


25/66

RRPP Technology (Rapid Ring ProtectionProtocol)

Dedicated to Ethernet rings, RRPP is a link layer protocol, which avoids broadcaststorm caused by data loops on a complete Ethernet ring. When one link on theEthernet ring is cut off, RRPP rapidly restores communication path between nodes onthe ring network.

Most MANs and enterprise networks are ring networks to guarantee high reliability.


, .

Currently, STP and RRPP are common technologies used to solve loop problems on L2networks. STP applications are relatively mature, but convergence is accurate tosecond. As a link layer protocol dedicated to Ethernet loops, RRPP supports fasterconvergence than STP. In addition, convergence time supported by RRPP is irrelativeto the number of nodes on the ring network. RRPP can be applied to the networks withlong diameters.

The HP Switches supports RRPP multiple instances and establishment of multipleRRPP networks, thus meeting the flexibility requirements of networking.


26/66

RRPP Technology

Polling mechanism is that for master nodes on the RRPP ring to actively detect health of the ring

network.

The master node regularly sends Hello packets from its master port, which are transmitted on the ring

by passing each transmit node in turn. If the loop is healthy, the secondary port on the master node

receives the Hello packets before the timer expires and the master node keeps the blocking status


of the slave port. If a loop is cut off, the secondary port on the primary node cannot receive Hello

packets before the timer expires, the master node removes the blocking status of data VLAN on thesecondary port and sends a Common-Flush-FDB packet to notify all transmit nodes of updating

their own MAC entries and ARP/ND entries.

filtering databaseNeighbor Discovery


27/66

RRPP Technology

When discovering one of their ports in the RRPP domain is down, a transmit node, an edge node, or

an auxiliary edge node sends a Link-Down packet immediately to the master node. After receiving

the Link-Down packet, the master node removes the blocking status of the data VLAN on its

secondary port and sends the Common-Flush-FDB packet to notify all transmit nodes, edge nodes,

and auxiliary edge nodes of updating their own MAC entries and ARP/ND entries. After each node


, .

In addition, RRPP can be configured on an aggregation group and link reliability is guaranteed byaggregation and RRPP.


28/66

Smart Link Technolo


2


29/66


A Smart Link group is also called a flexible link group. Each Smart Link group containstwo ports only. One is an active port and the other is a standby port. Normally, only oneport is in active state, while the other port is blocked, in standby state.

When the link of the active port fails, the Smart Link group automatically blocks this portand the standby port is switched over to be an active port. For example, the port is


. ,

an aggregation group and link reliability is guaranteed by aggregation and Smart Link.

Smart link meets the requirement for rapid link convergence and also backs upactive/standby links for redundancy and rapidly migrates active/standby links. In thenetworking with two uplinks, when the active link fails, the device automatically

switches over traffic to the standby link, thus backing up links for redundancy.

Operations, Administration, and Maintenance


30/66


The main characteristics are as follows:

Dedicated to two uplinks

Rapid convergence (accurate to sub-second)

Simple configuration, which facilitates user operation

When a Smart Link is switched over, MAC address forwarding entry and ARP/ND entry on each device on the network may not be


. ,should be provided. Currently, two update mechanisms are available:

Automatically update MAC address forwarding entries and ARP/ND entries by traffic. This mode is applicable to interconnection to thedevices (including the devices of other vendors) that do not support Smart Link. It should be triggered by upstream traffic.

A Smart Link device sends Flush packets from a new link. This mode requires upstream devices to identify Flush packets on the SmartLink and update MAC address forwarding entries and ARP/ND entries.

When the original active link is failed over, the port is still in standby state without link status switchover, thus keeping traffic stable.This port is switched to be active only after next link switchover.

Smart Link supports multiple instances. In different Smart Link instances, one port can assume different roles. For example, in

instance 1, a port is an active port, while in instance 2, the port is a standby port. In this case, traffic load of different instancescan be balanced between ports.


31/66

DLDP Technolo



32/66

DLDP Technology

A special phenomenon occurs during actual networking, namely, unidirectional link.

Unidirectional link means that the local end can receive the packets sent by the peer

end over the link layer, but the peer end cannot receive the packets sent by the local

end. Unidirectional link leads to a series of problems, such as loop in spanning tree

topology.


Take fiber as an example. A unidirectional link is classified into two cases: fibers are

cross-connected; one fiber is disconnected or one fiber is cut off. Crossed fibers referto the fibers which are connected reversely. Hollow lines indicate that one fiber is not

connected or one fiber is cut off.

Cross-connect of fibersne sconnecte er

or one broken fiber


33/66

DLDP Technology

DLDP can monitor link status of fibers or copper twisted pairs. If a unidirectional link exists, DLDP

automatically disables related ports or notifies users of manually disabling them according to userconfiguration to prevent network problems.

DLDP is a link layer protocol, which is used together with the protocols at the physical layer to monitor


.signals and faults. DLDP identifies peer devices and a unidirectional link, and disables an

unreachable port.

DLDP and the automatic negotiation mechanism at the physical layer work together to detect anddisable physical and logical unidirectional connection. If the links at both local end and remote endcan work properly at the physical layer, DLDP detects whether these links are properly connectedand whether two ends can properly exchange packets at the link layer. This detection cannot beimplemented by the automatic negotiation mechanism.


34/66

DLDP Technology

DLDP has the following two working modes:

Common mode: In this mode, once the aging timer of a neighbor expires, one

Advertisement packet with RSY tag/label is sent concurrently when the neighbor entry

is deleted.


Enhanced mode: In this mode, once the aging timer of a neighbor expires, the

enhanced timer is started. Every one second, one Probe packet is sent to actively

detect the neighbor. Eight Probe packets are continuously sent. If an Echo packet from

the neighbor is not received when the Echo wait timer expires, the device is disabled.

Enhanced DLDP mode


35/66

DLDP Technology

In common mode of DLDP, the system can identify one type of unidirectional link only:

cross-connected fibers.

In enhanced mode of DLDP, the system can identify two types of unidirectional links. One

is cross-connected fibers, and the other is one disconnected fiber or one broken fiber.


,

forced rate and forced full duplex modes. Otherwise, even if DLDP is enabled, DLDP isinvalid. When the unidirectional link of the latter type occurs, the port that has optical

signal at the receive end is disabled, while the port that does not have optical signal at

the receive end is inactive.


36/66

High Reliability Technology of Network

Network reliability technologies include the following:VRRP

Equivalent route

BFD


FRR, including IP FRR, MPLS TE FRR


37/66

VRRP



38/66

VRRP: Virtual Router Redundancy Protocol

Virtual Router

Switch A


Switch C

Switch B


39/66

VRRP Parameters

VRRP priority Range: 0-255 (0 and 255 are not configurable)

If a router is the IP address owner: its priority becomes 255


Preemptive Non-preemptive

Authentication mode

simple

md5


40/66

Master / backup

Virtual Router

Switch AMaster

Virtual IP address:

10.1.1.1/24

10.1.1.2/24

Host A


Switch CBackup

Switch B

Backup

10.1.1.3/24

10.1.1.4/24

Host B

Host C


41/66

Virtual

Router 3

Virtual

Router 1

Virtual

Router 2

Load Balancing

Switch A

Host A

Master Backup Backup


Switch C

Switch B

Host B

Host C

Backup

Backup

Master

Backup

Backup

Master


42/66

Equivalent Route


4


43/66

Equivalent Route

The HP A-Series series switches support equal-cost multi-path routing (ECMP). Each route supports

eight equivalent paths for load balancing of IP or MPLS traffic and also supports Hash loadbalancing by driving traffic. ECMP minimizes occurrence of disordered packets. After path

switchover, traffic is rapidly switched over to other active links, thus guaranteeing service reliability.



44/66

BFD

44 Internal Use Only. HP Confidential.4


45/66

BFD

BFD is a network wide unified detection mechanism for fast detecting and monitoring the connectivity of network links or IP route

forwarding. To improve the existing network performance, the adjacent protocols should be able to fast detect acommunication fault, thus quickly establishing a backup channel to restore communication.

BFD: Defined by the IETF, BFD rapidly detects faults of nodes and links. By default, the handshake time is 10ms. BFD

enables detection with light load and short duration. BFD can detect any medium and any protocol layer in real time. The

detection time and overhead range are wide.


BFD can detect faults on any type of channel between systems, including direct physical link, tunnel, MPLS LSP, multi-hop

routing channel and indirect channel.

BFD detection results can be applied to IGP fast convergence and FRR.

BFD protocol has been accepted and recognized by the industry and deployed widely.


46/66

BFD: Bidirectional Forwarding Detection

The HP A-Series series switches fully support BFD for VRRP/BGP/IS-IS/OSPF/RSVP/VPLS PW/static

routing. On the basis of the dual planes (control plane and forwarding plane) of the traditional coreswitch, the switches adopt the unique design of the detection plane.

The plane monitors network faults. It helps to implement 30ms fault detection and 50ms service

switchover, ensuring that services are not interrupted. The detection plane and the control plane &


forwarding plane are independent from each other and will not affect each other.

They provide carrier-class equipment reliability and network reliability to users. A test shows that BFD

switchover time of the HP A-Series is shorter than 50ms.


47/66

IP FRR: Fast ReRoute



48/66

IP FRR: Fast ReRouteThe interruption of traffic transmission caused by a link or node fault on the network is restored only when the route is re-

converged on the new topology. During the time interval between interruption and restoration, the packets that can reach thedestination by penetrating the faulty part will be lost or undergo a loop. The route convergence process consists of thefollowing aspects:

1. Fault detection time

2. Re-propagation time of the routing information (including the generation and propagation time of LSA/LSP)

3. Route calculation time (including the time for LSDB route calculation after the change)

-


.

Currently, a number of new technologies are used in fast convergence of routing protocols. For example, shorten fault detectiontime by BFD, lessen the time for re-propagating routing information by Fast Flood, and decrease the time for routecalculation by ISPF and PRC. As a result, route convergence is greatly quickened. Currently, in the case of 10,000 routes,traffic interruption time caused by a network fault can be within one second.

However, voice, video and other new network services pose more stringent requirements on the traffic interruption time. A largenumber of carriers hope to control the traffic interruption time caused by network faults within 50 ms or less. Thisrequirement cannot be satisfied by the traditional routing protocol fast convergence technologies.

At present, the new method that is being researched for meeting such a requirement is to calculate backup route in advance. In

other words, when detecting a fault, a router does not disseminate route information or calculate a route at once.


49/66


Instead, the router replaces the failed route with the backup route to

directly rectify the fault locally. During the process when the whole

new route completes re-convergence, the pre-determined backup

route is used for forwarding. In this case, traffic interruption time


which is equal to the sum of the time for detecting an adjacent fault

and the time for replacing the failed route with a backup route is

greatly shortened. The new technology of using local preset repair

path to provide protection for the failed link or router is called IP FRR.


50/66


The basic principle for IP FRR, Normally, the routing table of Switch B indicates

that the packets with the destination of Switch E should be forwarded by Switch D.In addition, a backup path is added to the routing table of Switch B, that is, thepackets with the destination of Switch E can be forwarded by Switch C. Whendetectin a link fault between Switch B and Switch D Switch B forwards the


packets with the destination of Switch E to the backup next-hop Switch C.


51/66

IRFv2 Overview



52/66

IRFv2 - OverviewNo need for

MSTP+VRRP


Common

networkingIRFv1 IRFv2


53/66

IRFv2 Overview (2)



54/66

SwitchSRPU #2

Operational Planes in Standalone Switches

MGMT

CTRL

FWD

Stackable Switches Chassis-based Switches

SRPU #1MGMT

(Master)CTRL

(Active)FWD-Crossbar

(Active)

MGMT(Slave)

CTRL(Standby)

FWD-Crossbar(Backup or Load Sharing)

MGMT CTRL


(Proxy) (Proxy)

LPU # 2MGMT

(Proxy)

CTRL

(Proxy)

FWD

LPU # 3MGMT

(Proxy)CTRL

(Proxy)FWD

LPU # NMGMT

(Proxy)

CTRL

(Proxy)FWD


55/66


56/66

Daisy ChainIRFv2: Members, Roles and Topology

Master Slave Slave Slave

IRF-port 1 IRF-port 2 IRF-port 1 IRF-port 2 IRF-port 1 IRF-port 2


Slave Slave

IRF-port 1 IRF-port 2

IRF-port 1IRF-port 2




57/66

IRFv2 IRF Connections IRFv2 systems are connected

using any 10 GbE interface:

CX4

SFP+

XFP

1

2


Inexpensive Local Connection

cables are available for CX4,

SPF+ and XFP ports.


58/66

Buildin and Maintainin IRF



59/66

Steps to Build an IRF

1. Assign a high IRF priority to the device you want to be the master

and ensure its Member ID is 1.

irf member member-idpriority 32


2. Assign a Member ID to each on of the other devices and reboot

them.

irf member current-member-id renumber new-

member-id


60/66

Steps to Build an IRF (2)3. Configure the IRF-ports in each device, save the configuration and turn

them off. This step varies slightly between different product families

In the HP 4800G/HP S5500-EI:

irf member 1 irf-port 1port 2


In the HP S5800/S5820X and in the HP S7900E/HP S7500E

interface ten-gigabit port-id

shutdown

irf-port 1/1

port group interface ten-gigabit port-id

interface ten-gigabit port-id

undo shutdown


61/66

Steps to Build an IRF (3)4. Save the configuration of each device and turn them off.

5. Connect the IRF links to build the IRF fabric.

Note: IRF-port 1 of one device must be connected to IRF-port 2 of the next device. Connecting IRF-ports of the

same number will prevent the devices to recognize each other as members of the same IRF.

6. Turn on the unit that needs to be the master Member-id=1


Wait until the boot process is complete before turning on the next device. This will guarantee that this unit will

become the master.

7. Repeat the process for each member (turn on and wait). This step is called device

insertion. Always turn on a device connected to other devices that are already up and

running.


62/66

IRF Merge: Master Election

1. The current master wins, even if a new member has a higher priority.

(When a new member is added, IRF merge does not happen.)

2. A member with a hi her riorit wins.


3. A member with the longest system up-time wins. (The precision of

the system up-time is ten minutes.)

4. A member with the lowest bridge MAC address wins.


63/66

IRF Split: MAD

BlockedPort


Broken

IRF Link

Device inRecovery state

Device inNormal state


64/66

MAD Detection Protocols MAD can be configured to use BFD or LACP as the IRF split detection protocol.

MAD/LACP:

Uses a distributed Bridge Aggregation interface connected to a 3rd device to exchange MAD

information


To support this function LACP has been extended with MAD specific TLV fields.

MAD/BFD:

a special VLAN with ports in each member must be configured

and each member device must be configured with an MAD IP address. These addresses are invisible

for the rest of the network and no routing interface can be attached to an MAD/BFD enabled VLAN.


65/66

MAD: Collision Handling and FailureRecovery

Collision Handling

The part that contains the device with the lowest member-id remains in Normal state and the othergoes into Recovery state.

The ports of a device in recovery state become blocked.

The administrator can exclude some orts from becomin blocked.


Failure Recovery

When the IRF link is back online, the IRF system detects that the IRF-ports are up and triggers the

Recovery process.

During the recovery, the part of the IRF that was in recovery state is rebooted to be re-inserted into

the IRF.


66/66

Thank You!

2010 Hewlett-Packard Development Company, L.P. Theinformation contained herein is subject to change without notice

66

microsoft power point - event qatar 1st nov building a campus lan only]

Documents