120 likes | 265 Views
The role of networking in the Dynamic Data Center. Niels Friis-Hansen Senior IT Specialist, CCIE IBM Communication & Collaboration. What are we ultimately trying to solve?.
E N D
The role of networking in the Dynamic Data Center Niels Friis-Hansen Senior IT Specialist, CCIE IBM Communication & Collaboration
What are we ultimately trying to solve? Provide consolidated and virtualized computing and storage resources to increase device utilization, improve system performance, and reduce power requirements and overall costs. SHARED STORAGE 1 SHARED COMPUTING RESOURCE … DEDICATEDAPPLICATION COMMONAPPLICATION SHAREDAPPLICATION DEDICATEDAPPLICATION SERVER ACCESS SECURITY Provide secure and flexible data center core network based on defined community groups using highly virtualized and shared networking platform and security resources to increase network utilization, improve performance, and reduce power consumption and overall costs. SHAREDSERVS DEDICATED SERVS DEDICATED SERVS COMMONSERVS 2 VN VN VN VN ACCESS SECURITY ACCESS SECURITY INTERNET MPLS VPN MPLS VPN MPLS VPN USER USER USER Provide secure yet flexible network access to specific services based on defined community groups (employees, partners, suppliers, customers, guests). USER 3
SRVR SRVR SRVR NIC HBA NIC NIC HBA HBA Consolidation and virtualization of server and storage resources will increase the performance demands on the data center network • Consolidation and virtualization of server and storage resources will increase the performance demands on the data center network. • Increased server and storage utilization rates will increase the demands on the network to support new, more dense traffic patterns at the access layer • As traffic from multiple virtual servers is combined on a single physical link bandwidth utilization will increase. SERVER/BLADE SERVER … SRVR SRVR LAN SW HBA LAN ACCESSSW SAN SW LAN ACCESSSW SAN SW LAN ACCESSSW SAN SW LAN ACCESSSW SAN SW
Server consolidation and virtualization involves a local LAN switch and maybe a virtual switch which presents networking challenges • Individual logical servers on a single physical server may communicate amongst themselves without entering the traditional network, representing a loss of control. • How extensive a topology should exist within the hypervisor? • How well does the logical switch interact with the physical access switch? • Can the logical switch support network virtualization (i.e., 802.1q, MPLS) such that segmentation remains intact? • Which operational domain owns the virtual switch – the server or the network team? • How well does the virtual switch handle the traditional functions delivered by the an access switch (e.g., multicast, port mirroring, security features)? SERVER/BLADE SERVER … SRVR SRVR LAN SW HBA LAN ACCESSSW SAN SW LAN ACCESSSW SAN SW VIRTUAL SERVER … SRVR SRVR VLAN VLAN VLAN LAN SW HBA LAN ACCESSSW SAN SW LAN ACCESSSW SAN SW
VIRTUALIZED SERVER(S) … SRVR SRVR SRVR CNA NIC NIC Storage virtualization and convergence pushes a transformation in organizations' storage and network infrastructures • Direct-attached storage is gradually giving way to network-attached storage (NAS) and storage area networks (SAN). • Mobility features of virtualization increases the resiliency given the disk is no longer associated with a single physical machine. • Fibre Channel has been the undisputed standard of choice as an interconnect in the data center • The arrival of 10 Gigabit Ethernet with FCoE threatens to challenge that - a protocol converging storage to Ethernet networks. • Although organizations will start migrating to Ethernet, Fibre Channel will still have a significant footprint in the data center given prior investments in the technology. SERVER/BLADE SERVER … SRVR SRVR LAN NIC/SW HBA LAN ACCESSSW SAN SW LAN ACCESSSW SAN SW CONVERGED LAN/SAN ACCESS SW CONVERGED LAN/SAN ACCESS SW SAN STORAGE SAN
SRVR NIC HBA Increasing the distance between the user and the application can adversely impact user application response time • Data traveling across copper or fiber optic links is limited to the speed of light. • As the distance between the client and the user is increased the latency increases due to physical distance, serialization delay, WAN link congestion and hardware resource availability. • Applications that transmit a large number of small packets or that have a high number of application turns per transaction (“chatty applications”) are particularly susceptible to latency • WAN optimization solutions can aid in relieving some of the negative effects of long transmission distances but latency and WAN link bandwidth as well as traffic prioritization still need to be evaluated. SERVER/BLADE SERVER … SRVR SRVR LAN NIC/SW HBA LAN ACCESSSW LAN ACCESSSW LAN ACCESSSW LAN ACCESSSW CE RTR MPLS WAN MPLS VPN LATENCYBANDWIDTH CE RTR LAN PC PC
In a virtualized and shared environment, secure network segmenting becomes more and more important SERVER/BLADE SERVER • Network has to provide secure segmenting for different user communities and groups. • The network must support the segmentation policies set by the corporate security policies. • Consequently, secure segmenting with virtualized resources has to happen in layer 2 and layer 3. • Firewalls and other security devices will need to be evaluated to insure that they are compatible with new traffic patterns • Routing domains must be kept separate … SRVR SRVR SRVR LAN NIC/SW SERVER LAN ACCESS L2 VN VN VN DATACENTER SECURITY SERVICES IP CORE L3 VN VN VN ACCESS SECURITY SERVICES MPLS WAN VN VN VN CE RTR REMOTE LAN ACCESS L2 VN VN VN PC
Access control to specific services should be based on defined policies and community groups as the enterprise edge blurs SERVER/BLADE SERVER • Remote and mobile application access will drive the need for heightened network access as well as user and device security. • Successful authentication will determine network and server privileges. • User access control is generally part of the each stage of the implementation. • Increasing remote network access drives the need for login and client side device screening prior to providing systems access. … SRVR SRVR SRVR LAN NIC/SW SERVER LAN ACCESS L2 VN VN VN DATACENTER SECURITY SERVICES IP CORE L3 VN VN VN ACCESS SECURITY SERVICES INTERNET MPLS WAN VN VN VN CE RTR FIXED MOBILE/WIRELESS REMOTE LAN ACCESS L2 VN VN VN PC PC
Another approach…what are the different planes of the network and nodes? • Management plane defines how the nodes are managed. • Service plane offers network services like security, or application forwarding. • Control place is responsible for specifying how the forwarding plane forwards the packets. • Forwarding plane is responsible for the transport of the packets. MANAGEMENT PLANE SERVICE PLANE CONTROL PLANE FORWARDING PLANE
What does Dynamic Data Center mean to the services plane? • Services Plane includes • Security – firewalls, security zones, intrusion detection and prevention • Application forwarding – server load balancing, SSL acceleration, WAN optimization, XML gateways, caching • Operations – traffic probes • Virtualized services deliver much like virtualized servers • One big physical node partitioned into multiple logical nodes • Appliance vs. integrated packaging options (i.e., switch modules) • Location independence requirement • Centralized intelligence and policy management simplifies operations and regulatory compliance MANAGEMENT PLANE SERVICE PLANE SECURITY SERVICES APPLICATION FORWARDING OPERATIONS CONTROL PLANE IP CORE L3 LAN ACCESS L2 FORWARDING PLANE IP CORE L3 LAN ACCESS L2
What does Dynamic Data Center mean to the management plane? MANAGEMENT BODIES • Control visibility and administrative capabilities to the appropriate logical resources rather than physical • Solutions highly dependent on vendor and product implementations • Examples: • VLANs and MPLS VPNs virtualizes the forwarding and control planes, but do not provide separate management planes – i.e., there is a single logical/physical node • Products have started coming to market with virtualized management planes • Cisco Catalyst Service Module contexts (Firewall, Application Control) • Juniper JUNOS Virtual Router capabilities and features A B C MANAGEMENT PLANE A A B C C A SERVICE PLANE SECURITY SERVICES APPLICATION FORWARDING OPERATIONS CONTROL PLANE IP CORE L3 LAN ACCESS L2 FORWARDING PLANE IP CORE L3 LAN ACCESS L2
Switch and specialized device sprawl Switch and specializeddevice virtualization Network Networkvirtualization Network services provisioning Server and storage provisioning Server network access virtualization Server/Storage Server and storagedevice virtualization Server and storage sprawl Scale-out complexity Consolidation Virtualization Dynamic Networks for dynamic infrastructures must become flexible, responsive and managed together with the rest of the IT infrastructure Vision without action is a daydream Action without vision is a nightmare