Upload
sergey-marunich
View
5.224
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Chris YoungCCIE CISSP H3CSE MCSE TCSE ITIL v3 FoundationSolutions Architect, HP Networking
networking together.
HPN A-Series
DATA CENTER FRAMEWORK
Fully Virtualized
Best in Class
Performance
Standard Based Unified
Fabric
•Comware Integrated Security•OSN Security Modules•FW, SLB, SSL, VPN•Application Awareness•Best in Class IPS with TippingPoint Integration
•Higher Density 10G•10GE -> 40GE ->100GE• Core: today 6.6 Tbps ready for 13.3 Tbps•Stackable ToR: 14 to 216 10GE ports
•IEEE, IETF, ANSI/ETSI•3Com: 802.3 chair•Executing on a FCoE phased approach starting with I/O consolidation
•Resilient Virtual Switching Fabric (IRF)•Hot Patching•NSF/GR – Hitless Failover•Bidirectional Forwarding Detection (VRRP/OSPF/BGP/MPLS with <50ms)
•Network & Security fully virtualized•802.1Q / QinQ•VRF/VRF lite•MPLS/MPLS VPNs/VPLS•Virtual Firewall
•VMware VMsafe API (TP/Reflex)•VMware vCenter/IMC integration• Virtual Edge Bridging/VEPA
Ultra
ResilientHighly
Secure
• Single Pane Management (IMC)• IMC Modules for DC Orchestration• Efficient architectures (Power & Cooling)•Complete Visibility (sFlow/Netflow)Lower TCO
By Design
Resilient Virtual
SwitchingFabric
Virtualized L2 Function
Virtualized L3 Function
Unified & Simplified
Management
Distributed Link Aggregation
Virtualized Multiservice
RESILIENT VIRTUAL SWITCHING FABRIC WITH COMWARETHE FOUNDATION OF OUR DC REFERENCE ARCHITECTURES
4
SIMPLIFYING DESIGN & OPERATIONSRESILIENT VIRTUAL SWITCH FABRIC WITH IRF – N physical devices seen as one logical device
• N devices sharing the same “topology” information• Protocols see on single hop -> simplified design
– Active/Active Model for L2 & L3• No STP/RSTP/MSTP/VRRP• All links active at all times• “Pre TRILL” implementation
– Ultra Fast Failover• 20 times faster than RSTP/MSTP
– Geographically Distributed• Limited by Ethernet/Fiber optical budget (10GE: 70kms)
– One single IP/configuration file for management• Simplified Operations – OPEX reduction
– Consistent approach across product portfolio• A12500, A9500E, A7500E, A5800, A5820x, etc.
+
=
Physical SW 1
LOGICAL SWITCH
Physical SW 2
5
WHAT IS IRF?EXTENDING BOTH CONTROL & DATA PLANES ACROSS MULTIPLE DEVICES– Single Chassis
– CP learns first packet and programs I/O via dedicated path (usually GE) (one path per CPU)
– ASICs forward traffic based on local information
– CP to CP synchronization via dedicated path (separate GE path)
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
CP
Slave CPUActive CPU
CP
Backup data
Synchronization
• IRF Domain
• Master learns first packet and programs all I/Os via IRF links
• ASICs forward traffic based on local information
• Hitless Master Failover• CP to CP synchronization via IRF
links (10GE path)• L2, L3 IPv4, L3 IPv6, etc…
CP
CP
AMB
SMB
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
Interface
board
CP
SMB
CP
SMBBackup data
6
RESILIENT VIRTUAL SWITCHING FABRIC: ARCHITECTURE SIMPLIFICATION
IP address Peer
9 segments,42@IP addresses (including Loop back interface)Any link failure will cause topology change
Dynamic Routing Area
Multi-routing AreaLarge Number of DevicesComplex Routing DesignInconsistent in and out path
Only 2 segments,11 IP address (including Loop backInterface)
Link failure will not cause topology change
Simple Routing Area
Few logical nodes, point to point routing neighbor
Single logical link between Layers
Simplified Forwarding Path
BEFORE AFTER
7
HORIZONTAL STACKING WITH FLEX CHASSIS TECHNOLOGYNO SINGLE POINT OF FAILURE FOR YOUR SERVERS CONNECTIVITYEASIER TO DEPLOY & MANAGE
IRF links = 40 Gbps * 2 = 160 Gbps FD
AggregationStatic/Dynamic (802.3ad)
CHANGING THE RULES OF NETWORKING
Before IRF
STP / RSTP / MSTP
VRRP
Active / Standby
Trunking / LACP in point to point mode
Failover time incompatible with business critical applications
Different failover technologies for different layers
Different technologies for different protocols / phased approach for different protocols
After IRF
STP / RSTP / MSTP run passively
No VRRP Required
Active / Active (L2 / L3)
Distributed Trunking / LACP in Point to Multipoint
<50ms Failover Times
Consistent approach for every layer
Consistent approach for every protocol
Unicast / Mcast / IPv4 / IPv6, etc…
Network simplicity
9
IRF COMPETITION & COMPARISONHP IRF Cisco VSS Cisco vPC Juniper VC
Maturity >10 years (XRN) Recent Recent Recent
Management One IP per IRF domain
One IP, limited to 2 boxes (6500 only)
Each Chassis still managed separately
One IP for up to 10 devices
Recovery Time <50ms (Most time way less!)
~300ms (per Network World)
~TBD Sub second
Implementation CONSISTENT across the product line
6500 only with specific HW (1440 Sup). Not compatible with N7000 (vPC)
Nexus 7K Only Available on the edge (EX4200), roadmap for core (EX8216)
Protocol Support IPv4, IPv6, MPLS Phased approach with limitations
Only Layer 2, HSRP/VRRP Still Required for L3
Phased approach with limitations
Additional Cost None – Included in ComWare
VSS Specific Supervisors and VSS License Required
Base, Enterprise and Advanced Licenses required
Advanced License Required
10 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
HPN A-Series Enterprise Switching Portfolio Overview
HP DATA CENTER SWITCHING PORTFOLIOCOMWARE + IRF + VIRTUALIZATION (L2/L3/MPLS/VPLS)
Edge/ToRLayer
AggregationLayer
Core Layer
S5820X (10GE) - IRF
S12500
S7500E
S5800 (GE) - IRF
S9500E
S9500E
12
HP A12500: 6.6 TBPS – 2.2 BPPS - TODAY.
– 128 10GE Line Rate L2, L3 IPv4, L3 IPv6, MPLS
– Performance validated by Spirent with Test Center using RFC2544• 64 bytes packets
– Unicast/Multicast
– Typical Latency <10us• Associated to small Jitter
– Combined to lower power consumption• ~80W per 10GE line rate
13
14
RELIABILITY MODEL
Software Reliability
System Reliability
Hardware Reliability
• Redundant backup for power supply
• Redundant backup for themain control
• Redundant backup for the switching network board
• Logical/physical separation between the control plane and forwarding plane
• Fan redundancy • All module are hot
swappable• Link aggregation (200*12)
• BFD for VRRP • BFD for OSPF• BFD for static route• BFD for BGP• OAM
• Resilient Virtual Switching Fabric (IRF)
• L2/L3 HA with NSF+GR (OSPF, BGP, MPLS)
• Configuration restoration • Hot patching• IRF based software
upgrade
15
HP A9500
– The HP A9500 is a state-of-the-art Enterprise Core Modular family
– Supports up to 192 ports 10 Gigabit and 576 ports Gigabit (fiber or copper)
– Future-proofed (40G/100G, FCoE, PoE+)
– Supports IRF/RRPP
– Common Comware OS and IMC
– High Performance OAA Modules
– Extensive High Availability and Security
– Extensive Layer 2 and Layer 3 features
– Low power consumption
16
HP A9500PLATFORM SUMMARY
Feature A9505E A9508E-V A9512EBandwidth (Mpps) 357.1 571.4 857.1Fabric Slots 2 2 2I/O Slots 5 8 12Bandwidth per slot (Gbps) 120 120 120Max 10G NB 20 32 48Max 10G 4:1 80 128 192Max Gig NB 240 384 576
HP A7500
– Perfect for the Small Data Center, Campus Distribution and Access Layers
– Fully Distributed Forwarding Architecture
– Integrated PoE/PoE+ Power
– Scalable Performance and Features
– High Availability, including IRF™ and RRPP
– Comware V5• Native IPv6 and MPLS support
– Applications Integration
– Voice and Wireless Convergence
– Optimized for Enterprise Applications
HP A7500PLATFORM SUMMARY
Feature A7502 A7503-S A7503 A7506 7506-V S7510E
I/O slots 2 2+1 3 6 6 10
Backplane (Gbps) 400 600 1,000 1,600 1,600 2,400
Switching Capacity (Gbps)
192 288 480 768 768 1,536
Forwarding (Mpps) 143 178 274 488 488 714
Fabric Redundancy YES NO YES YES YES YES
Max 10 Gig ports 16 16 28 52 52 84
Max Gig ports 96 120 168 312 312 504
19
VLAN20
VLAN30
VLAN40
VLAN10
VLAN10-40
VLAN110 - 140
VLAN10-40
VLAN110 - 140
Core
HP NETWORKING/TIPPING POINT – INTEGRATED SOLUTION
A5820X-28CTop of Rack Switch
TippingPointIPS
VLAN Translation
TippingPointIPS
S9505EVirtual Switch
S9512ES / 12500EVirtual Switch
• Simplified, Secure and Highly Resilient Networks• Scalable High Performance IPS Protection• Cost Effective Secure Fabric• Reduced Management Overhead• Multiple Active Paths provide Higher Performance• End to End Virtualization• Demonstrated HA
TippingPointIPS Blade
OR
TippingPointIPS Blade
TIPPINGPOINT SECURE VIRTUALIZATION FRAMEWORKFULL PHYSICAL & VIRTUAL SEGMENTATIONIsolate Physical Hosts• IPS Platform & VLAN Translation
Isolate Virtual Hosts through offload to IPS appliance
• vController & IPS Platform• Offload inspection to high performance IPS Platform appliance
Isolate Physical and Virtual Hosts natively from within the VM
• vIPS• Inspection scales with DC expansion
Shared Tape
Shared Storage
Virtual DC
Hosts
ERP
DB
CRM
HR Apps
ERP
DB CRMHR Apps
VDIWeb Apps
Virtual Machines
IPS Platform
Physical DC
1. IP S V LAN Trans la t ionIsola tes P hy s ica l Serv er s
IPS Platform
Hypervisor-VM Safe KernelvIPS
3. v IP S Isolates VMs and Hos t s
Core
2. v Con toller & IP SIsolate VMs and Hos t s
vController
GREEN IT: POWER EFFICIENCY ADVANTAGE
S7506E IndustryAverage
Product 10G NB KW W/10G
HPN A12508 64 5.1 79.7
HPN A12518 128 10.3 80.5
Juniper 8208 64 6 93.8
Force10 E1200 56 5.7 101.8
Force10 E600 28 3.2 114.3
Foundry RX32 128 16.7 130.5
Cisco Nexus 7018 128 18 140.6
Foundry RX16 64 11.3 176.6
Cisco Nexus 7010 64 12 187.5
• HPN’s A5500-EI, A5820, S7506E, and A12508 all have earned Miercom’s Green Certification– Up to 40% more efficient than comparable
models based on Industry Average– Up to 24% annual cost saving depending on
model
“The HPN S7506E switch reduces costs and minimizes environmental impact through many energy-saving attributes”Rob Smithers, CEO Miercom
22 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Intelligent Management Center Overview
23
Vendor Management Tools
CiscoWorks
AlcatelNortel EMS
Epicenter
IronView
Junoscope
RingMaster
Force 10 - FTMS
Enterasys -EMS
General Management Tools
ManageEngine
MRTG
CLI
Syslog
NAC
Open NMS
Nagios
nTop
The State of Management Today … Obstacles !!
24
Enterprise Network Management Problems
“I have too many tools”
“My network is unstable due to changing configurations”
“I’ve no visibility or control of what's happening on my network”
“I need to control who has access to what”
Every vendor, every technology is requiring its own management interface.There is need to “Do more … with less”
Change accounts for 69% of network downtime and degradation. How do I handle, secure, and audit change?
Who is doing what on my network? How are are my business critical applications and service? Is my network optimized to deliver services for my users
Who has access, What and When they have access, but also What are they doing once they have access
25
Critical Elements of an Integrated Management Solution
Unified resourcemanagement
IMC helps enterprises meet the stringent demands of today’s business-critical IT applications
Unified traffic analysis and change management providing full visibility into business-critical networks
Improving endpoint defense, control and visibility through integrated management and enforcement
Integrated access &user management
Single pane visibility
The Silver Bullets
2626
Intelligent Management Center (IMC)
– What ?: IMC is a Fully integrated management platform that not only delivers full FCAPS functionality, but through its Service Orientated Architecture (SOA) & modular design enables highly integrated modules to deliver new functionality to control resources, services and users
– Why?: The IMC provides a single common platform for which 3Com/H3C can rapidly introduce new technologies and products
– Positioning: The various platform offerings and modules allow IMC to be sold to ANY and ALL customers from the SMB to the Service Provider
– Benefits:• Lower TCO • Business Continuity • Defense in Depth management and enforcement
27
Resources
Users
S
Services
HomepageOverview of network, user and service information
ResourceIntegrated management of network
resources, faults and performance information
UserIntegrated management of user access and security
ServiceProcess management of service flows
IMC– Resource, Service and User integration
28
Powerful Administration Control
– Multi User Role based management
– Administrator controls who can manage what
– Full audit trails of operator actions
28
29
– Powerful Discovery and Topology• Full Inventory of network infrastructure
• Layer 2, Layer 3 and VLAN Topologies
– Organize and visualize network with Customer Views
– Integrated Element Management
Rich Resource Management
29
30
Powerful Performance Management
– Maximize network availability through powerful monitoring of• CPU, memory and bandwidth utilization, device response times & availability and much more
– TopN statistics highlight most loaded area & devices
– Threshold based alarming quickly highlight issues
– Customizable Alarm filters stops information overload
30
31
Efficient Fault Management
– Correlation and analysis of alarms
– Trouble shooting
– Many notification options for proactive management
3Com Confidential 31
32
Flexible Reporting
– Analysis of network trends and capacity planning
– Predefined and Custom reports
– Schedulable and flexible delivery options including email
3Com Confidential 32
33
Simple VLAN Management
– Simplified the deployment and management of VLANs• View current VLAN configuration
− Including VLAN topology
• Bulk deploy VLANs across the network
33
34
Comprehensive Configuration Management
– Fast efficient roll out of network changes• Bulk configuration
– Lock down network configurations• Scheduled Backup & restore• Baselining and notification of network changes
– Flexible Agent Administration• Running or standby deployment
34
35
– Simplified definition and deployment of ACLs
– Enables network based security and QoS
– ACL rule optimisation ensure efficient use of ACL resources
ACL Management
35
36
Network Access Control
› Locks down access at port level› Controls Who and What has Access
› Mobile or Fixed Devices› Wired and Wireless
› Protects against non-compliant devices› Pre and Post-Access
› Comprehensive Access Security› Based on Credentials / Posture / Location
› Flexible Host Posture Client Options› Deploy via Desktop Mgmt or Portal
› Flexible policy creation› Anti-Virus, Anti-Spyware, Hotfixes, etc..› Lock-down USB/CD-ROM usage
› Integrates with Standard Directory Services› LDAPv2/3: Supports AD, eDirectory, etc..
37
Network Traffic Analysis
– Unlocks power of data monitored • Including Netflow, NetStream and SFlow
– Allows greater visibility and control of network usage
• Enables User based traffic flows and network usage
– In-depth rule-and-policy-based analysis,
• Including fault and SLA analysis
– Easy to understand reports based on traffic, application and session baseline and trend of network traffic
37
38
Data Center Topology
Confidential Documents
Providing visualization of the characteristics of the Data Center, IMC provides network physical topology, room location topology, room topology and chassis topology.
MANAGEMENT OF CISCO DEVICES
– IMC provides comprehensive management of Cisco devices• Discovery & Topology• Monitoring & Performance Management• Data Center Orchestration• Events & Traps• Configuration Backup & Restore− Configuration comparison
− Base-lining and change notification
• Bulk Configuration
– Single management solution for mixed HP & Cisco networks• Simplifies Cisco / HP interworking & transitions• Support for >2000 3rd party devices• New device can be added in <1 week
40
The IMC Product SuitePl
atfo
rms
Mod
ules
40
Voice Services Manager
Network Traffic Analyzer
Wireless Services Manager
IMC Standard
IMC Enterprise
MPLS/VPLS/VPN
Endpoint Admission Defense
User Access Management
Qos/SLA
Tool
s
Integration Kit
And More to come …
©2009 HP Confidential template rev. 12.10.0941 ©2009 HP Confidential41
How does IMC Stack Up?
42
How Does IMC stack up?
– Against the traditional equipment vendors• They have nothing like IMC due to it modular architecture and SOA design• The competitors deliver basic FCAPS functionality• They provide multiple disparate tools which wind up increasing OPEX
– Against Systems management vendors• IMC does not compete with OV, BMC, CA and Tivoli … on the systems side• IMC does compete and beat them all on the infrastructure management
– Detailed competitive analysis as well as a high level vendor comparison are available.
43
43
Top Line Loss
Top Line Growth
Bottom Line Loss
Network Availability
IT Productivity/EfficiencyBottom Line Growth
Network Downtime
IT Expenditure
Fault Analysis Tools
Point Products Element Managers
Integrated Management
Cisco LMS
Nortel
Extreme
Enterasys
Foundry
HP IMC
Unified Resource Mgmt.
Single-Pane Visibility
Integrated Access Mgmt.
SOA Architecture / Open
Policy Framework
Support for ITIL, etc.
Foundation for Operational Center of Excellence
Next-Generation Management
43
44
Cisco's Weakness is its Management Solutions
– Cisco Works is dispirit collection of tools with limited integration - Lots of different tools to learn
– Issue highlighted Network World article (3rd Sept 2008)• “CEO John Chambers annually seems to lament the state of Cisco network
management when he's asked where the company is most challenged or weakest from a product development and marketing aspect.”
• “CiscoWorks could use some improving, however, especially in the user interface, .............”
• "The biggest knock I hear from people is that they just don't like CiscoWorks," Chaffin says. "Sometimes it's hard and cumbersome......They need to make things much easier for customers with the management interfaces.“
• "They want one tool that does everything," he says. "They don't want to have to have seven tools and have all these people managing different tools.....”
44
45
Summary
The business and financial case for unified management systems like IMC is clear:
– Improves productivity and efficiency of IT resources
– Keeps the network available for end users and customers
– Enables the enterprise to operate efficiently
– TCO by Design
Network management assists IT, benefits end-users, affects the enterprise and positively impacts the bottom line.
46
EASE OF MIGRATION AND LEVERAGING EXISTING KNOWLEDGE
• Migration Tools – How to migrate from a Cisco network to a HP network IMC – Intelligent Management Center
• Fully Manages both HP and Cisco equipment under a single console IRF – will interoperate with other vendors including Cisco Industry Standard CLI
• Very similar command line interfaces• Command Line Alias− Example: alias display command with show
• [Sysname] command-alias mapping display show− Use script to set multiple command alias’s quickly and easily.
• HP Pro Services provides configuration conversion services.Single operating system across ALL HP A Series products simplify
administrationComware 5.x
• 1 code train not 1,000 – 1 command structure not 4
47 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Best Practice Campus LAN Design
48
Best Practice Campus Design2 RVSF Chassis in each closet (192 port per closet)2 RVSF Chassis in Core(loop-free topology)OSPF to Metro-Area-Network
49
SIMPLIFYING DESIGN & OPERATIONSRESILIENT VIRTUAL SWITCH FABRIC WITH HPN IRF – N physical devices seen as one logical device
• N devices sharing the same “topology” information
• Protocols see on single hop -> simplified design
– Active/Active Model for L2 & L3
• No STP/RSTP/MSTP/VRRP
• All links active at all times
• “Pre TRILL” implementation
– Ultra Fast Failover
• 20 times faster than RSTP/MSTP
– Geographically Distributed
• Limited by Ethernet/Fiber optical budget (10GE: 70kms)
– One single IP/configuration file for management
• Simplified Operations – OPEX reduction
– Consistent approach across product portfolio
• A12500, A9500E, A7500E, A5800, A5820X, etc
Physical SW 1
+
=
LOGICAL SWITCH
Physical SW 2
50
Major Ring
Sub Ring
Master
Edge
Transit
TransitMaster
Major Control VLAN
Secondary Control VLAN
4800G
4800G
High performance price ratio RING network solution High reliability with 50ms recovery time
RRPP (RAPID RING NETWORK PROTECTION)
MANAGEMENT AND OPERATIONAL CONSISTENCY –COMWARE ™
All HPN switching, routing and security platforms leverage a common, unified modular OS –Comware™:
•OPEX Savings–Train technical staff once to manage entire portfolio
• High Reliability–State-of-the-Art Unified Code Base
• Faster Time-to-Market–Engineering efficiencies allow us to rapidly bring new and custom features to market with better initial and ongoing stability
• Modular Architecture–Easy to enhance and extend feature set without wholesale changes
Level 3 CMMI Certified
52
Cat 2960 – 3750E
IOS-SG / Stackwise / FlexStack
CAT 4500
VSS/NoneIOS-SX, CAT-OS
ISR ASRIOS-mainline IOS-XE
Product
Protocols / Management
OS, Releases
IPSASA 55xx
LinuxPIX-OS7.x
FWSM
PIX-OS6.x
Edge Access Aggregation/Core Security/Wireless Campus Router
A5800/A5500/A5120/A3xxx A9500/A7500 A6600/MSR
Comware v5 Comware v5 Comware v5
Product
Protocols / Management
OS, Releases
WLAN/TP
Comware v5/TOS
IRF & IMC
STP, RSTP, Rapid-PVST, VSS, vPC , RPR, VSS, Stackwise (Plus) , FlexStack…Cisco Works, Access Switch Mgt, 6500 Mgt, Security Mgt, WLAN Mgt
HPN Simplifies the Campus LAN
CAT 6500
53 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
Thank You!