Upload
cisco-russia
View
259
Download
3
Embed Size (px)
Citation preview
Дмитрий Леонтьев
Инженер центра технической поддержки Cisco TAC (Russia)
Август 24, 2016
Дизайн отказоустойчивых локальных сетей
Cisco Support Community
Expert Series Webcast
Как стать активным участником? Легко!
• Создавайте документы, пишите блоги, загружайте
видео, отвечайте на вопросы пользователей.
• Вклад оценивается на основе таблицы лидеров
• Также оценивается количество документов, блогов
и видео, созданных пользователем.
• Вклад оценивается только по русскоязычному
сообществу, не включая рейтинг, набранный в
глобальном Cisco Support Community.
Премия "Самый активный участник Сообщества Поддержки Cisco"
Оцени контент
Ваши оценки контента дают возможность атворам получать баллы.
Хотите чтобы поиск был удобным и простым? Помогите нам распознать качественный контент в Сообществе. Оценивайте документы, видео и блоги.
Пожалуйста, не забывайте оценивать ответы пользователей, которые щедро делятся своим временем и опытом
https://supportforums.cisco.com/ru/community/4926/pomoshch-help
24 августа 2016 – 06 сентября 2016
Сессия «Спросить Эксперта» с Дмитрием Леонтьевым, Ларисой Свирдюк и Александром Чевердой
Получить дополнительную информацию, а также задать вопросы эксперту в рамках данной темы Вы можете на странице, доступной по ссылке: https://supportforums.cisco.com/community/russian/expert-corner Вы можете получить видеозапись данного семинара и текст сессии Q&A в течении ближайших 5 дней по следующей ссылке https://supportforums.cisco.com/community/russian/expert-corner/webcast
Конкурс “Дизайн отказоустойчивых локальных сетей”
24 августа в 14:00 мск
Мы предлагаем Вам принять участие в конкурсе после проведения вебкаста, который так и будет называться «Дизайн отказоустойчивых локальных сетей»
• Первые три победителя получат фирменный куб Cisco-TAC
• Ответы присылайте на [email protected]
• Задание конкурса будет размещено сегодня после проведения
вебкаста
Скачать презентацию Вы можете по ссылке:
https://supportforums.cisco.com/ru/document/13102711
Спасибо, что присоединились к нам сегодня!
Присылайте Ваши вопросы! Используйте панель Q&A, чтобы задать вопрос.
Наши эксперты Лариса и Александр ответят на них.
Сегодняшняя
презентация включает
опросы аудитории
Пожалуйста, примите
участие в опросах!
Дмитрий Леонтьев
Инженер центра технической поддержки Cisco TAC (Russia)
Август 24, 2016
Cisco Support Community Expert Series Webcast
Дизайн отказоустойчивых локальных сетей
Вопрос 1
По вашему мнению, реализована ли отказоустойчивость в вашей Локальной Сети?
1. Да
2. Нет
3. Я не знаю, что это такое
Cодержание
• Отказоустойчивый дизайн ЛВС на физическом уровне
• Отказоустойчивый дизайн ЛВС на канальном уровне
• Отказоустойчивый дизайн ЛВС на сетевом уровне
• Коммутаторы с поддержкой VSS (Virtual Switching System)
Уровни модели OSI (Media Layer)
Уровень (layer) Единица
передаваемых
данных (PDU)
Функция Пример
Сетевой
(network layer)
Пакет (packet) Логическая адресация,
маршрутизация
IPv4, IPX, AppleTalk
Канальный
(data link layer)
Кадр (frame) Физическая адресация PPP, HDLC, Ethernet
Физический
(physical layer)
Биты (bits) Доступ к среде передачи
данных, кодирование на
уровне передачи
сигналов
Витая пара,
коаксиальный
кабель, оптический
кабель
Уровни модели OSI (Host Layer)
Уровень (layer) Единица
передаваемых
данных (PDU)
Функция Пример
Приложения
(application layer)
Доступ к приложениям HTTP, FTP, Telnet
Представления
(presentation layer)
Представление данных ASCII, JPEG
Сессии (session layer) Управление сессией RPC
Транспортный
(transport layer)
Датаграмма
(datagram)
Логическое соединение
типа точка-точка между
конечными устройствами,
надежность передачи
TCP, UDP, SCTP
Отказоустойчивый дизайн ЛВС на физическом уровне
Трехуровневая модель сети
The access layer represents the network edge, where traffic enters or exits the campus network. Traditionally, the primary function of an access layer switch is to provide network access to the user. Access layer switches connect to distribution layer switches to perform network foundation functions such as routing, quality of service (QoS), and security.
To meet network application and end user demands, next-generation Cisco Catalyst switching platforms no longer simply switch packets, but now provide more integrated and intelligent services to various types of endpoints at the access layer. Building intelligence into access layer switches allows them to operate more efficiently, optimally, and securely.
Access layer
The distribution layer interfaces between the access layer and the core layer to provide many key functions, including:
–Aggregating access layer wiring closet swithces
–Aggregating Layer 2 broadcast domains and Layer 3 routing boundaries
–Providing intelligent switching, routing, and network access policy functions to access the rest of the network
–Providing high availability through redundant distribution layer switches to the end user and equal cost paths to the core, as well as providing differentiated services to various classes of service applications at the access layer
Distribution layer
The core layer is the network backbone that hierarchically connects several layers of the campus design, providing for connectivity between end devices, computing, and data storage services located within the service block and other areas within the network. The core layer serves as the aggregator for all the other campus blocks and ties the campus together with the rest of the network.
Core layer
Пример дизайна сети типа Three-Tier
Пример дизайна сети типа Two-Tier
Reliability = 99,938% MTTR – 325 минут в год
Ненадежная сеть
Частично отказоустойчивая сеть
Reliability = 99,961% MTTR – 204 минуты в год
Отказоустойчивая сеть
Reliability = 99,9999% MTTR – 30 секунд в год
Резервирование линков
Broadcast Storm
Отказоустойчивый дизайн ЛВС на канальном уровне
Spanning-Tree Protocol (STP) prevents loops from being formed when switches or bridges are interconnected via multiple paths. Spanning-Tree Protocol implements the 802.1D IEEE algorithm by exchanging BPDU messages with other switches to detect loops, and then removes the loop by shutting down selected bridge interfaces. This algorithm guarantees that there is one and only one active path between two network devices.
Spanning-tree protocol
• One root bridge per broadcast domain
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are blocked
• BPDU sent every 2 seconds
• Root bridge = bridge with lowest bridge ID
• Bridge ID = bridge priority + MAC address
Spanning-tree operations
Spanning-tree port states
Spanning-tree example
Отказоустойчивая сеть с точки зрения STP
VLAN
• PVST+ (Per VLAN Spanning Tree)
• Rapid PVST+ (Rapid Per VLAN Spanning Tree)
• MIST (Multiply Instance Spanning Tree)
Different types of STP, supported by Cisco
Отказоустойчивая сеть с точки зрения STP c двумя VLAN
Cisco EtherChannel® technology builds upon standards-based 802.3 full-duplex Fast Ethernet to provide network managers with a reliable, high-speed solution for the campus network backbone. EtherChannel technology provides bandwidth scalability within the campus by providing up to 800 Mbps, 8 Gbps, or 80 Gbps of aggregate bandwidth for a Fast EtherChannel, Gigabit EtherChannel, or 10 Gigabit EtherChannel connection, respectively. Each of these connection speeds can vary in amounts equal to the speed of the links used (100 Mbps, 1 Gbps, or 10 Gbps). Even in the most bandwidth-demanding situations, EtherChannel technology helps aggregate traffic and keep oversubscription to a minimum, while providing effective link-resiliency mechanisms.
EtherChannel
• Автоматически
o LACP (IEEE 802.3ad)
o PAGP (Cisco proprietary)
• Вручную
Методы создания EtherChannel
Physical vs Logical view of EC
• Logical aggregation of similar links between switches
• Load-sharing
• Viewed as one logical port to STP
• Redundancy
Достоинства EtherChannel
Отказоустойчивая сеть с точки зрения STP c двумя VLAN и EtherChannel
Flex Links are a pair of a Layer 2 interfaces (switch ports or port channels) where one interface is configured to act as a backup to the other. The feature provides an alternative solution to the Spanning Tree Protocol (STP). Users can disable STP and still retain basic link redundancy. Flex Links are typically configured in service provider or enterprise networks where customers do not want to run STP on the switch. If the switch is running STP, Flex Links is not necessary because STP already provides link-level redundancy or backup
FlexLink by Cisco
Ports 1 and 2 on switch A are connected to uplink switches B and C. Because they are configured as Flex Links, only one of the interfaces is forwarding traffic; the other is in standby mode. If port 1 is the active link, it begins forwarding traffic between port 1 and switch B; the link between port 2 (the backup link) and switch C is not forwarding traffic. If port 1 goes down, port 2 comes up and starts forwarding traffic to switch C. When port 1 comes back up, it goes into standby mode and does not forward traffic; port 2 continues forwarding traffic.
FlexLink example
Optionally, you can configure a preemption mechanism, specifying the preferred port for forwarding traffic. For example, you can configure the above flexlink pair with preemption mode so that once port 1 comes back up in the above scenario, if it has greater bandwidth than port 2, port 1 will go forwarding after 60 seconds and port 2 will become standby. This is done by entering the preemption mode bandwidth and delay commands.
FlexLink options
Вопрос 2
Какие у вас используются коммутаторы с функцией стекирования или VSS?
1. Коммутаторы серии 2960
2. Коммутаторы серии 3750
3. Коммутаторы серии 3850
4. Коммутаторы серии 4500
5. Коммутаторы серии 6500
6. Коммутаторы серии 6800
7. Не используются
Отказоустойчивый дизайн ЛВС на сетевом уровне
• IP routing redundancy is designed to allow for transparent fail-over at the first-hop IP router.
• Both HSRP and VRRP enable two or more devices to work together in a group, sharing a single IP address, the virtual IP address. The virtual IP address is configured in each end user's workstation as a default gateway address and is cached in the host's Address Resolution Protocol (ARP) cache.
• In an HSRP or VRRP group, one router is elected to handle all requests sent to the virtual IP address. With HSRP, this is the active router. An HSRP group has one active router, at least one standby router, and perhaps many listening routers. A VRRP group has one master router and one or more backup routers.
First Hop Redundancy Protocol
• HSRP is Cisco proprietary which allows several routers or multilayer switches to appear as a single gateway IP address.
• HSRP allows multiple routers to share a virtual IP and MAC address so that the end-user hosts do not realize when a failure occurs
HSRP
Отказоустойчивая сеть с точки зрения STP c двумя VLAN и EtherChannel и HSRP
VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable. This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end-hosts. The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host.
VRRP (RFC 3768)
The Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway on an IEEE 802.3 LAN. Multiple first hop routers on the LAN combine to offer a single virtual first hop IP router while sharing the IP packet forwarding load. Other routers on the LAN may act as redundant GLBP routers that will become active if any of the existing forwarding routers fail.
GLBP
GLBP performs a similar, but not identical, function for the user as the HSRP and the VRRP. HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP address. One member is elected to be the active router to forward packets sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. These standby routers have unused bandwidth that the protocol is not using. Although multiple virtual router groups can be configured for the same set of routers, the hosts must be configured for different default gateways, which results in an extra administrative burden. GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets. GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222 (source and destination).
GLBP (cont)
• Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned to it by the AVG. These gateways are known as active virtual forwarders (AVFs) for their virtual MAC address.
• The AVG is responsible for answering Address Resolution Protocol (ARP) requests for the virtual IP address. Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses.
Example of GLBP
Example of GLBP
Routing domain
• OSPF or EIGRP (+BFD)
• No STP
• No EtherChannel
• No FHRP
L3 design of LAN
Коммутаторы с поддержкой VSS (Virtual Switching System)
• StackWise и StackWise Plus – Cisco Catalyst 3750
• StackWise-480 - Cisco Catalyst 3850
• FlexStack и FlexStack Plus – Cisco Catalyst 2960
Стекируемые коммутаторы
• A VSS combines a pair of switches into a single network element. For example, a VSS in the distribution layer of the network interacts with the access and core networks as if it were a single switch.
• An access switch connects to both chassis of the VSS using one logical port channel. The VSS manages redundancy and load balancing on the port channel. This capability enables a loop-free Layer 2 network topology. The VSS also simplifies the Layer 3 network topology because the VSS reduces the number of routing peers in the network.
Virtual Switching System
VSS in the Distribution Network
• Коммутаторы Cisco Catalyst серии 4500 с Supervisor Engine 7-E, Supervisor Engine 7L-E, Supervisor Engine 8-E
• Коммутаторы Cisco Catalyst серии 6500 c супервизорами VS-S720-10G-3C, VS-S720-10G-3CXL, VS-SUP2T-10G, VS-SUP2T-10G-XL, C6800-SUP6T, C6800-SUP6T-XL
• Коммутаторы Cisco Catalyst серии 6800 с супервизорами VS-S2T-10G, VS-S2T-10G-XL, C6800-SUP6T, C6800-SUP6T-XL
Серии коммутаторов с поддержкой VSS
• When you create or restart a VSS, the peer chassis negotiate their roles. One chassis becomes the VSS active chassis, and the other chassis becomes the VSS standby.
• The VSS active chassis controls the VSS. It runs the Layer 2 and Layer 3 control protocols for the switching modules on both chassis. The VSS active chassis also provides management functions for the VSS, such as module online insertion and removal (OIR) and the console interface.
• The VSS active and VSS standby chassis perform packet forwarding for ingress data traffic on their locally hosted interfaces. However, the VSS standby chassis sends all control traffic to the VSS active chassis for processing.
VSS Active and VSS Standby Chassis
• For the two chassis of the VSS to act as one network element, they need to share control information and data traffic.
• The virtual switch link (VSL) is a special link that carries control and data traffic between the two chassis of a VSS. The VSL is implemented as an EtherChannel with up to eight links. The VSL gives control traffic higher priority than data traffic so that control messages are never discarded. Data traffic is load balanced among the VSL links by the EtherChannel load-balancing algorithm.
Virtual Switch Link
• An EtherChannel (also known as a port channel) is a collection of two or more physical links that combine to form one logical link. Layer 2 protocols operate on the EtherChannel as a single logical entity.
• A multichassis EtherChannel (MEC) is a port channel that spans the two chassis of a VSS. The access switch views the MEC as a standard port channel.
• The VSS supports a maximum of 512 EtherChannels. This limit applies to the combined total of regular EtherChannels and MECs. Because VSL requires two EtherChannel numbers (one for each chassis), there are 510 user-configurable EtherChannels. If an installed service module uses an internal EtherChannel, that EtherChannel will be included in the total.
Multichassis EtherChannel
Multichassis EtherChannel
Вопрос 3
Какие темы вам бы было интересно послушать на наших вебинарах:
1. Подробнее про коммутат оры с поддержкой стекирования и VSS
2. Вопросы траблшутинга 6500 и 7600
3. Подробнее про Spanning-Tree
4. Подробнее про настройку VLAN, trunk
5. Дизайн сети Data Center
Отправьте свой вопрос сейчас! Используйте панель Q&A, чтобы задать вопрос.
Эксперты ответят на Ваши вопросы.
Приглашаем Вас активно участвовать в Сообществе и социальных сетях
Vkontakte http://vk.com/cisco
Facebook http://www.facebook.com/CiscoSupportCommunity
Twitter https://twitter.com/CiscoRussia
You Tube http://www.youtube.com/user/CiscoRussiaMedia
Google+ https://plus.google.com/106603907471961036146
LinkedIn http://www.linkedin.com/groups/Cisco-Russia-CIS-3798428
Instgram https://instagram.com/ciscoru
Newsletter Subscription [email protected]
Мы также предоставляем Вашему вниманию Сообщества на других языках!
Если Вы говорите на Испанском, Португальском или Японском, мы приглашаем Вас принять участие в Сообществах:
Русское http://russiansupportforum.cisco.com
Испанское https://supportforums.cisco.com/community/spanish
Португальское https://supportforums.cisco.com/community/portuguese
Японское https://supportforums.cisco.com/community/csc-japan
Китайское http://www.csc-china.com.cn
Если Вы говорите на Испанском,
Португальском или Японском, мы
приглашаем Вас принять участие на
Вашем родном языке
Технические семинары в клубе Cisco Expo Learning Club
http://ciscoclub.ru/events
Пожалуйста, участвуйте в опросе
Спасибо за Ваше внимание!