1 / 27

Resiliency Joint Techs Workshop July 19, 2005 - Vancouver, BC

Resiliency Joint Techs Workshop July 19, 2005 - Vancouver, BC. Debbie Montano Dir. of Research & Education Alliances dmontano@force10networks.com. Agenda. Who is Force10? Resiliency: Reliability Stability Security Fault Tolerance High Availability. What is Force10 about?. Leadership.

mills
Download Presentation

Resiliency Joint Techs Workshop July 19, 2005 - Vancouver, BC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ResiliencyJoint Techs WorkshopJuly 19, 2005 - Vancouver, BC Debbie Montano Dir. of Research & Education Alliances dmontano@force10networks.com

  2. Agenda • Who is Force10? • Resiliency: • Reliability • Stability • Security • Fault Tolerance • High Availability

  3. What is Force10 about? Leadership • Innovation • ASICs, Back Plane, 3-CPU architecture, hot-lock ACLs, ... • Simplicity • Easier network designs, predictable performance, hot-swap of components, DOS resilient, hitless failover, one software train … • Reliability • Distributed forwarding, fault isolation, ECC protected memory, modular software design, separation of control and data plane, automated testing, … Lowering TCO Peace of mind

  4. Supporting the Community • Internet2 Partner • I2 HOPI project • Supporting SC|05 • Scinet and Bandwidth Challenge • Supported SCxy for many years • Supporting iGrid and other events • Engaging with the Quilt (more soon) • Many R&E customers around the globe: • universities, energy sciences labs, supercomputing centers, research networks, exchanges, regional optical networks, gigaPOPs, etc., etc.

  5. Force10 Networks, IncLeaders in 10 GbE Switching & Routing • Founded in 1999, Privately Held • First to ship line-rate 10 GbE switching & routing • Pioneered new switch/router architecture providing best-in-class resiliency and density, simplifying network topologies • Customer base spans academic/research, data center, enterprise and service provider • Fastest growing 10 GbE vendor • April 2005: TeraScale E300 switch/router named winner of the Networking Infrastructure category for eWEEK's Fifth Annual Excellence Awards program.

  6. HOPI - Hybrid Optical Packet Infrastructure Fundamental Questions: How will the core Internet architecture evolve? What should the next generation Internet2 network infrastructure be? Examining a hybrid of shared IP packet switching and dynamically provisioned optical lambdas Modeling scaleable next-generation networks Force10 ParticipationInternet2 HOPI Project Internet2 Corporate Partner & HOPI project partner Providing five E600 switch/routers, being deployed in Los Angeles, DC, Chicago, Seattle & New York

  7. Internet2 HOPI Project

  8. Hybrid Optical Packet Infrastructure (HOPI) Node NLR 10 GigE Lambda NLR OpticalTerminal NLR OpticalTerminal OPTICAL Regional Optical Network (RON) OpticalCrossConnect Force10 E600 Switch/Router ControlMeasurementSupport OOB HOPI Node PACKET Abilene Network 10 GigE Backbone Abilene Network Abilene core router GigaPOP GigaPOP

  9. First Line-Rate 10 GbE Compact- Size System Shipped E300 First 48 GbE x 10 GbEPurpose Built Data Center Switch First >1200 GbEPorts Per Chassis First Line-Rate 672 GbE / 56 – 10 GbE Ports First Public Zero Packet Loss Hitless Failover Demo Nov 2003 First Line-Rate 10 GbEMid-Size SystemShipped E600 First Line-Rate 10 GbE System Shipped E1200 Sept 2004 April 2005 First Line-Rate 336 GbE Ports Demo March 2005 Nov 2003 Apr 2002 Oct 2002 Jan 2002 Force10 Firsts…

  10. TeraScale E-SeriesChassis-based 10 GbE Switch/Router Family

  11. TeraScale E-SeriesChassis-based 10 GbE Switch/Router Family Highest Density GigE and 10 GigE

  12. Force10 S50SwitchDesigned for High Performance Data Centers AC Power Supply inlet 2 Stacking Ports 2x10GbEXFP Module Redundant Power Supply Connector Slot FRONT VIEW • Performance & capacity to scale • Switching capacity of 192 Gbps, 20% more than competitive switches • Stack up to eight S50s in a virtual switch to simplify management • Core-like resiliency • Resiliency feature protects against stack breaks • Advanced link aggregation features REAR VIEW

  13. Top 500: Force10 List June 2005 • Force10 has 23 in the Top 500 list • 5 more than last year

  14. Top 500: Interconnect of Choice • Ethernet is the only inter-connect technology that has made substantial gains • Myrinet is down by over 10% • Infiniband has negligible gains

  15. Resiliency • What is it? • Ability to recover readily, bounce back • Fault Tolerant • Self Healing • Why should you care? • Lots of things attack and stress your switches/routers • Some malicious & some not, many outside your control • Need your network to continue running smoothly • Reliability & Security • How does one achieve resiliency? • Stay tuned…

  16. Route Processor Module – 3 CPUs

  17. RPM: 3 CPUs – Resiliency • Router Processor Module (RPM) • Handles all route & control processing • Optional Redundant RPM • 3 independent CPUs per RPM • 1 for: Switching (Layer 2) processes • 1 for: Routing (Layer 3) processes • 1 for: Local control & management • Process isolation with memory protection • Won’t have to reboot for: • Spanning tree loops creating Layer 2 MAC address floods • Route flaps • Distributed Denial of Services (DDoS) attacks

  18. Control Packet Rate Limiting • Denial of Service (DoS) attacks • Malicious attack designed to bring network to its knees • Flood system with useless traffic designed as control plane packets • Target control plane CPU – can overwhelm any CPU • Problem worse with 10 GigE links – more traffic! • Force10 Defense • Rate limit traffic to control plane CPUs • Queue & prioritize control plane messages • Throttle control plane when CPU utilization > 85% • With Access Control Lists (ACLs), can rate limit only specific traffic types, e.g. ICMP. • Ensure critical control messages get through

  19. ACLs Applied to Control Packets • Access Control Lists (ACLs) • Extensive ACLs can be applied to incoming control packets • Line Rate ACLs • No additional Latency – helps reduce overall route table convergence time • Fine Tune Packet Classification & Control Mechanisms

  20. Scalable Security

  21. Hot-LockTM ACL Technology • Must update Access Control Lists (ACLs) frequently • For comprehensive security • To prevent newly discovered or pending attacks • If the ACL updates open the gates, intruders with sophisticated port scanning technologies can enter your network while the security holes are open • Millions of packets could pass unchecked into you network.

  22. 2-Step ACL Update • Competing vendors use 2-step ACL update procedure • Creates security hole during the update • Higher speed interfaces, greater the risk

  23. 1-Step ACL Update • Force10 uses 1-step ACL update • Hot-Lock avoids removing ACL from the interface prior to ACL modification action • No security hole during ACL updates • No disruption of traffic during ACL updates

  24. Tolly Tested • Hitless Route Processor Module (RPM) Failover • From working to redundant RPM • E1200, 56 x 10 GigE ports • Snake confirguration • Throughput tests at various frame sizes (64, 1518 & 9252 bytes) • Issued “redundant force-fail RPM” 1 minute into tests • Line Rate Throughput, Zero Frame Loss, at any frame size

  25. Hitless Technology

  26. Tolly Tested • Hitless Switch Fabric Module (SFM) Failover • Supports 100% of line-rate zero-loss throughput when tested across 56 10-Gigabit Ethernet ports during a Switch Fabric Module failover, while passing over 1 Terabits per second of traffic. • Recovers from link outages in less than 2 milliseconds with a single Layer 2 flow, and less than 1 millisecond with 16 million Layer 3 flows, both well below the failover time usually reserved for SONTET/SDH links. • Maintains all BGP, OSPF and Telnet sessions even when hammered by a multiheaded Denial of Service attack. • Relies upon QoS facilities to ensure voice, video and data traffic types are handled according to policy parameters and with respect to latency sensitivity.

  27. Debbie Montano Director of Research & Education Alliances dmontano@force10networks.com Thank You www.force10networks.com

More Related