HPE Intelligent Resilient Fabric

Welcome
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
The next big shift in your datacenter
VMware NSX with HPE Networking
Ethan Melloul – CCIE #44000 (R/S, SP) | VCP‐DCV5
Master ASE – FlexNetwork Solutions
Consulting Solutions Architect – HPN Data Center
33
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
What does the Data Center Network look like
today and where are we headed?
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Enterprises are moving to a New Style of IT
Networking innovations lay the foundation for transformation
Cloud
Big Data
Mobility
Social Media
Converged
Infrastructure
Cloud
Software-defined
Infrastructure
Resilient
Fabric
Network
Virtualization
Software-defined
Networking
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
The data center infrastructure trinity
Networking is frozen in time and needs to change
–
Compute power shifted to
virtualization years ago
–
Storage shifted to
virtualization years ago
–
Highly scalable and
programmable (orchestrated)
–
Highly scalable and
programmable (orchestrated)
–
“Cloud-ready”
–
“Cloud-ready”
New Service
STORAGE
COMPUTE
–
Rigid and overprovisioned
–
Cannot provision at the speed and scale of
cloud
–
“Needs transforming to be cloud-ready”
“Traditional network design practices do not adequately
support the modern user. These design practices need to
move beyond connecting the dots and sizing bandwidth.”
HPE Newsletter featuring Gartner Research, G00250953, 28th
March 2013
NETWORK
http://imagesrv.gartner.com/mediaproducts/pdf/hp_ts/hp_ts_iss1.pdf
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE Cloud-First Data Center Portfolio
The industry’s best field tested and tried Ethernet fabric
Spine and core
7900 Series
12900E Series
HPE Comware
network OS
Modular network OS with Intelligent Resilient Fabric
1/10/40/100GbE L2/L3 and converged switches
Leaf switches
IMC
5950-32QSFP28
5930 Series
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
5900AF/CP
HPE Technology Services
HPE IMC management
10/40/100GbE switches
HPE Comware 7 network operating system
Advanced, modular and resilient operating system
Higher availability
Unix Style
OS
– Memory Isolation
– Preemptive Scheduler
Separation
Control &
Data
planes
New Set of
High End
features
– Data plane in kernel
space for higher level
of performance
– Upgrade (ISSU)
– Virtual Device with CPU & Memory
separation
–
Complete process isolation
–
Better separation control & data planes
–
ISSU upgrades
Enhanced feature set
–
OpenFlow 1.3 and SDN
–
9 devices IRF Ethernet fabric configs
–
DCB, FCoE, TRILL/SPB, EVB (VEPA)
Lower costs
–
No hidden licenses for advance features
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE Intelligent Resilient Fabric (IRF)
Simple, Resilient & Versatile pay-as-you-grow business model
5930
5930
IRF fabric
Physical
switches
5930
Logical IRF view
5930
– IRF is an innovative HPE switch virtualization technology
– Up to nine physical Comware 7 switches may be grouped into an IRF Fabric (domain)
– IRF Fabric appears as one virtual switch and is managed as a single network device using one IP address
– IRF Fabrics are created using standard 10/40GbE ports
– Members of IRF Fabric may reside in the same network layer
– All members of IRF Fabric are in active/active mode
– All members need to be from same series (5900 / 5930 / 5700)
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Simplification with IRF
Traditional
3-tier data center
X
X X
HPE IRF
optimized
3-tier data center
HPE IRF
simplified
2-tier data center
X
Higher port densities and IRF simplify DC network designs,
Providing better network performance for server virtualization (vMotion)
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Traditional Data Center Networks – 3 Tier Design
– Considered “legacy” design
WAN /
Internet
– Can pose challenges with security and
more commonly spanning-tree topology
problems causing network outages
WAN Routers
L2 External Zone IRF Switches
L2 DMZ IRF Switches
– Multiple layers of complexity
Firewalls
Application Load Balancers
IRF L2/L3 Core Switches
40G Link aggregation &
802.1Q trunks
L2 Fabric
L2 Access Switches
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Hypervisor
Hypervisor
Bare Metal Servers
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
DC Network Virtualization (NV) / Overlay Networking (NSX)
•
•
•
•
Simpler, faster, flexible and scalable networking
Services and zones moved to Network Virtualization solutions / Overlay networks
Supports multi-tenancy and different network variations for each tenant
Stable and error free underlay network required
Virtual Overlay Networks
Tenant 2
Tenant 1
Tenant X
WAN Routers
WAN /
Internet
Physical Underlay
Network Fabric
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Hypervisor
Hypervisor
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
CLOS Fabric (Spine/Leaf Topology)
– CLOS (physical) networks provide a distributed/high performance, scalable network fabric with all leaf
switch network ports having equal latency for East/West traffic
– Each leaf switch is connected to all spine switches
– Customers may choose to deploy a 2 spine fabric (2 x 40G uplinks) and expand to 4+ spines (4 x 40G
uplinks or more) when they require additional bandwidth
– Choice of SPB / TRILL / L3 IP routing (OSPF/BGP) over the physical fabric and enable ECMP
Spine
Switches
Spine
Switches
Leaf Switches
Leaf Switches
2 Spine CLOS Fabric
4 Spine CLOS Fabric
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
IRF Enhanced CLOS Fabric
– Spine/Leaf IRF switches provides higher port density, LACP to the hypervisor, chassis redundancy
while still realizing the benefits of a centralized control plane and single configuration file
– Possible for customers to start small and expand desired leaf/spine switches with IRF for further
growth without impacting production traffic
– Applicable to SPB / TRILL / L3 IP routing (OSPF/BGP) network fabrics
Spine
Switches
Spine
Switches
Leaf Switches
Leaf Switches
2 Spine Fabric
(IRF enhanced spine & leaf
switches)
4 Spine CLOS Fabric (IRF
enhanced leaf switches)
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
L3 Fabric
– Removal of STP
– Usage of standards based routing protocol
– Shortest path routing
– Provides Equal Cost Multi Pathing (ECMP)
Routing protocol
Multiple /30 L3
subnets
Default gateway for each
subnet terminates at
access switch
L2
Servers/VMs
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Example Of Another Architecture - EBGP Fabric
– EBGP from ToR to Leaf switches
(No IGP)
– L2 traffic terminated at ToRs
– Application level HA
– Most enterprise customers do not
need this complexity
– More applicable to large scale
service providers
Leafs
AS 65010
“allow-as-loop 1” on
ToRs to allow routes
from another rack with
the same AS#
Spines
AS 65001
Spines
AS 6501X
AS 65100
IGP (OSPF) + full
Mesh IBGP required
for each AS with
multiple routers
AS 65101
Leafs
AS 65100
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
AS 65020
AS 65101
AS 6502X
L2 traffic ends at ToR,
Only L3 above ToR
Evolving Role of the Physical Network
• From 2- or 3-tier to spine/leaf
WAN/Internet
• Density & bandwidth jump
• ECMP for layer 3 (and layer 2)
• Reduce network oversubscription
• Wire & configure once
• Uniform configurations
WAN/Internet
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Closer look at features of NSX
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Provides
A Faithful Reproduction of Network & Security Services in Software
Switching
Routing
Load
Balancing
VPN
Data Security
Connectivity to
Physical Networks
Management
APIs, UI
Policies,
Groups, Tags
Firewalling
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Activity Monitoring
Logical Firewall/Routing
Features
Tenant A
• OSPF/eBGP/iBGP/IS-IS
• Virtualization and identity
context firewall
Tenant B
L2
L2
L2
Tenant C
L2
L2
L2
L2
L2
Scale & Performance
• Remove hairpins and
bottlenecks in routing and
firewalling
• Line rate performance with
distributed scale out
architecture
Use Cases
• Create on demand networks
to speed up application
provisioning
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Logical User (SSL) and Site 2 Site (IPSec) VPN
Features
Internet/
SSW
LA–NVPN
• Interoperable IPsec tested with major
vendors
• Clients on all major OS (Win, Apple,
Linux)
• Remote Authentication via Active
Directory, RSA Secure ID, LDAP, Radius
• TCP Acceleration
• Encryption – 3DES, AES128, AES256
• AESNI H/W Offload
• NAT & Perimeter Firewall Traversal
Scale and Performance
Internet/
IW
PS
AENC
• High Performance – AES-NI acceleration
• 2 Gb/s throughput per tenant
Use Cases
•
•
•
•
Cloud to Corporate
Cloud On-boarding
Remote Office/Branch Office
Remote Management
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Logical L2 VPN
Features
•
•
•
•
L2 VPN
VM
VM
SSL-based
Web-proxy Support
L2 Bridge to Cloud
Broadcast support
VM
Scale & Performance
Internet/
LW
2V
APNN
Public
Cloud
• High Performance – AES-NI
acceleration
• 2 Gb/s throughput per tenant
Use Cases
• Cloud On-boarding
• Cloud Bursting
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
What is VXLAN and what does it solve?
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
VXLAN and Overlay Networking Introduction
– Virtual Extensible Local Area Network (VXLAN) is a network encapsulation mechanism first introduced in 2011
that supports up to 16 million virtual overlay tunnels over a physical layer 2/3 underlay network for L2 network
connectivity and multi-tenancy
– https://tools.ietf.org/html/rfc7348 is currently stated as informational, not a standard yet
– VXLAN allows traffic to be load shared across multiple equal cost paths
– Supported in 5930, 7900, 12900, Distributed Cloud Networking (DCN), Helion OpenStack, VMware NSX etc
– Supports both intra-DC and inter-DC deployment scenarios
Data Center (DC) 1
Data Center (DC) 2
Inter-DC
Virtual Overlay VXLAN tunnels
Extended Over WAN
L3 WAN
L2 or L3
Physical Underlay Network
L2 or L3
Physical Underlay Network
Intra-DC
– VXLAN capable device = VXLAN Tunnel End Point (VTEP)
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Software / Hardware VTEP Gateway
•
Used to bridge VMs to physical devices that do not support VXLAN
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Hypervisor
Hypervisor
Software VTEP
Gateways
Bare metal servers or
physical appliances
Hardware VTEP
Gateways
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Hypervisor
Hypervisor
Bare metal servers or
physical appliances
Software VTEP Gateways
• Dedicated servers used to terminate
VXLAN
• Higher latency
• Lower port density
• Lower performance
Hardware VTEP Gateways
• Switches used to terminate VXLAN
• Lower latency
• Higher port density
• Higher performance
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Software Layer 2 Gateway Form Factor
– Native capability of NSX
– High performance VXLAN to VLAN gateway in hypervisor kernel
Scale-up
Flexibility & Operations
– x86 performance curve
– Rich set of stateful services
– Encapsulation & encryption offloads
– Multi-tier logical routing
Scale-out as you grow
– Advanced monitoring
– Single gateway can handle all P/V traffic
– Then additional gateways can be introduced
VLAN 10
VLAN 20
VLAN 30
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Physical Services Integration via NSX Hardware VTEPs
Provide connectivity to physical workloads and services
Overview
• NSX Hardware VTEP enabled physical appliance
VM1
VM2
• Attach any physical services appliance
• Extensible (schema-based)
• Not dependent on Multicast
LS – VNI
5001
VLAN 100
Benefits
• High density of physical ports to connect physical workloads
• Broad ecosystem of NSX partners (including HPE and
Cumulus), other vendors also supporting OVSDB.
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
NSX Hardware VTEP OVSDB integration: Logical and Physical
VM1
VM2
Logical view
VLAN
100
Physical view
Physical
Infrastructure
IP Network
No Multicast
VM1
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Integrating The HPE VMware NSXv Solution Into A Brownfield
Network
•
NSX
Manager
Used to bridge VMs to physical devices that do not support VXLAN
10.10.10.145/24
vCenter
10.10.10.113/24
NSX
Controller
OVSDB
Unicast Layer 2/3
Underlay Network
VXLAN
VNI 1001
5930
Existing switches
New HPE VTEP Switches
VM
VM
VM
VM
VM
VM
Hypervisor
Physical Servers, WAN Routers/Firewalls
Software VTEPs
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
10.10.10.146/24
HPE FlexFabric Data Center Switch Portfolio
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Updated November 2015
HPE Cloud-First core switches at-a-glance
FlexFabric 12900E
FlexFabric 7900
High Performance/High Density/CLOS/VoQ (High Buffers) Architecture
Switching Capacity:
Up to 120 Tbps
Port Density:
Up to 512 @ 100 Gb/s ports
Up to 2048 @ 25 Gb/s ports
Fully Compatible with existing 12900 F modules
Compact Modular Core
Same Architecture as 129xx
Same Software as 129xx
Traditional L2 - Cloud centric L3 (eBGP/ECMP/BFD)
Overlays/VXLAN L2 & L3 - Complex MPLS/VPLS - OpenFlow 1.3
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE Cloud-First ToR access switches at-a-glance
Top-of Rack, Access
Converged Infrastructure
FlexFabric
5700
FlexFabric
5900/CP
FlexFabric
5930
FlexFabric
5950
6127XLG
Moonshot-45XGc
1/10GbE ToR
Layer 2/Light Layer 3
with Data Center
features (DCB, FCoE,
TRILL)
1/10GbE ToR
Full Layer 3 with Data
Center Features (DCB,
FCoE, TRILL, SPB)
Converged ToR
Ethernet/FCoE/FC
(4&8 Gb/s- 5900CP)
10/40GbE ToR
Native VXLAN Support
10/25/40/100GbE ToR
Native VXLAN Support
HPE BladeSystem
Interconnect
Comware v7 based
HPE BladeSystem
Interconnect
Comware v7 based
Best in class TCO
Competes Against
Cisco Nexus 2K
High Performance
Competes against
Cisco Nexus
55xx/5600
High Performance /
Overlay
Competes against
Cisco Nexus 93xxx
High Performance /
Overlay
Competes against
Cisco Nexus 92xx
Feature Rich
Competes against
Cisco 3120x Blade
Switch
Feature Rich
Competes against
Cisco 3120x Blade
Switch
Integration with NSX
and Helion as L2
VXLAN GW
No licensing, including
MPLS edge
Convergence every
port
VXLAN GW
Power of Comware v7
within the C7000
Power of Comware v7
within Moonshot
Entire stack without
licensing, including
MPLS edge
(SP/Telcos)
Convergence on every
port with IRF
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Next Generation ToR Switch Series
Data Center 25/100G
5900 Series
– 10GbE and 40GbE Series
– Fixed Port
– Converged Port Option
5930 Series
– 10GbE and 40GbE Series
– Converged Port Options
– 2 and 4 Slot Chassis
– VXLAN
5950 Series
– Native 100/25GbE Switches
– 4 slot chassis
– VXLAN
25/50/100GbE
10/40GbE
1/10GbE
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE FlexFabric 5950-32QSFP28 Switch
High density high density 10G/25G/40G and 100G
– Ideal Customer
– Enterprise customers seeking higher performance/high density 25GbE/100GbE Top of Rack
and Spine Switch topologies. Cloud providers seeking VXLAN Overlay capabilities in
hardware.
– 32 x 10/25/40/100GbE ports
– Ports can be either 10/25/40 or 100G for maximum density and flexibility
– 2 x 10GbE SFP+ ports
– High Density wire speed Low Latency 100G Performance
– Full Comware v7 feature set
– 3.2 Tbps switching capacity
– 2,976 Million PPS throughput
– Integrated packet buffers (9MB)
– Hot swappable reversible DC airflow design, AC/DC hot swappable power options
– IPv6 performance in hardware and DCB protocol support
– IRF capable with 59xx devices (9 units)
– Provides support for DCB/iSCSI/FCoE
– Support for VXLAN, TRILL, SPB
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HP 5930-32QSFP+ Series Switch
Advanced ToR/Spine Switch with VXLAN Hardware Support
Product Description:
40G Top of Rack/Spine Switch 32 QSFP+ ports in 1RU
Ideal Customer:
Enterprise customers seeking higher performance/high density Top of Rack and Spine Switch topologies.
Enterprise and Mid-Market customers seeking VXLAN and NVGRE Overlay capabilities in hardware (SW to be released late
Q2CY2014, beta available now)
Customer Value and Metrics:
Performance: High Density wirespeed 40G Performance (L2/L3)
Flexible: Ports can be either 40G or four by 10G for maximum density and flexibility
Advanced: Full Comware v7 feature set. In line with the rest of the Flex Fabric Portfolio
Competitive:
Competes against the Nexus 9300, Dell s6000 and Arista 7250QX
Development Goals:
Delivering density, performance and VXLAN
Related Services:
System Level Support Experience with Proactive Care, Financial Services, HP Factory Express and Integration Service
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HP 5930 Modular Series Switches
Flexibility and Performance
Product Description:
New Series of advanced modular Top of Rack Switches providing 10G and 40G connectivity with advanced features such
as VXLAN Overlays and Converged Ports
Ideal Customer:
Enterprise customers seeking a solution that provides advanced features with maximum flexibility
Mid-Market customers seeking a pay as you grow solution for ToR and Spine switching
Customer Value and Metrics:
Flexible: Many module options to fit any number of requirements
Advanced: Full Layer 2/3 Comware v7 feature set including HW/SW support for VXLAN
Competitive:
Competes against the Nexus 9300 and Nexus 5600 Series
Development Goals:
Delivering a flexible solution with advanced features
Related Services:
System Level Support Experience with Proactive Care, Financial Services, HP Factory Express and Integration Service
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HP 5930 Modular Series Switch Line Card Options
24 port 10GbE SFP+ w/o PHY and 2 QSFP+ (JH180A)
24 port 10GbE SFP+ w/MACSec and 2 QSFP+ (JH181A)
24 port 10GBASE-T w/MACSec and 2 QSFP+ (JH182A)
6 port 40GbE QSFP+ (JH183A)
24 Converged port 1/10GbE & 4/8Gbps FC SFP+ and 2 QSFP+ (JH184A)
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE-VMware NSX partnership
+
HPE VMware NSX OEM
Network certification
HPE branded services
One partner capable of delivering
SDDC life cycle solutions
Differentiated through bridging
virtual/physical and SDN
Global end-to-end SDDC and
virtualization lifecycle services
The Industry’s first
comprehensive NSX OEM
network virtualization lifecycle
partnership - simplifying
customer’s experience
HPE FlexFabric OVSDB
certification with VMware NSX,
and jointly developed NV / SDN
Federation
The Industry’s most complete
end-to-end services portfolio
with decades of networking and
VMware expertise
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE and VMWare NSX
Better Together
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
HPE better together – the Power of One
One vendor, One ref design, One support contract for all your needs
Advise
Transform
Integrate
Support
Flex
HPE brings together decades of networking, virtualization and security
expertise that enables the bridging of physical and virtual data center infrastructure
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.
Thank you VMware and HPE!
Questions? Please contact lizl@mobiuspartners.com or call 972.403.8045.