Tips for Data Center

Preservation

Hashtag #SOSPG5

Data Center in the

Cloud Matthew E. Donehoo

Director of Information Systems

Segal McCambridge Singer & Mahoney, Ltd.

Storage Infrastructure as a Service

3

Storage Controller

Storage Infrastructure

as a Service

SAN/NAS/DAS

WAN Accelerator

D2D

Tape

Backup

Application

Tape Storage

Replicated SAN

Replicated D2D

Do-it-yourself Storage Infrastructure

A New Logical Volume

Why Cloud Storage?

4

• Unlimited/Elastic

• Protected

• Available from Anywhere

Someone else’s job to run it

Storage Controller

What are the benefits?

5

• Complete centralized control

of all storage infrastructure

• Single, simplified solution

• Unlimited scale without

provisioning

• No more backups – ever

• Infrastructure delivered on-

demand as a service

• Integrated data access – in

every location

• Mobile & browser client

support

• Reduced access delays &

greater productivity

Better

Storage

Simpler

Synchronization

6

Addressing our needs

Security &

Access

Growth &

Infrastructure

Support unpredictable

data spikes

Distribute data across

multiple offices

Provide convenient

access

Protect data for

defensibility

Instant scalability

Single global namespace

Access in every location

Local access everywhere

including mobile

Customer managed

access & encryption

Data growth and capacity scaling

7

5TB 50TB 500TB • Scale capacity instantly

• Support unpredictable data spikes

• Meet capacity demands

for litigation support

Mobile access and sharing

8

• Access the corporate file

share from anywhere

• Deliver presentations

right from the device

• Share documents with

others on the fly

• Eliminate the use of

Dropbox

Cloud Mirroring™

for more data protection

9

Thank you!

Matthew E. Donehoo

Director of Information Systems

Segal McCambridge Singer & Mahoney, Ltd.

mdonehoo@smsm.com

VMware Site Recovery

Manager Colby Corso

IT Infrastructure Manager

Irell & Manella LLP

VMware Site Recovery Manager

(SRM)

SRM Topology Options

Recovery Plans

Array-based Replication

vSphere Replication

vSphere Replication

Planned Migrations

Failback

Testing Recovery Plans

Testing Recovery Plans

Thank you!

Colby Corso

IT Infrastructure Manager

Irell & Manella LLP

310-203-7121

ccorso@irell.com

OTV & LISP Brian Farnham

Technical Marketing Engineer

Cisco Systems, Inc.

What is OTV?

OTV is an innovative Layer 2 interconnect from Cisco

Replacement for MPLS, VPLS, & STP based technologies

Much easier to provision and maintain

Supported on the Nexus 7000, ASR1000 & CSR1000v

Data Center Interconnect

VSS & vPC or FabricPath Applies easily for dual site interconnection

Over dark fiber or protected D-WDM

Easy crypto using end-to-end 802.1AE

OTV – Overlay Transport Virtualization MAC in IP

EoMPLS & VPLS & A-VPLS & H-VPLS PE style

Multi-tenants

Most deployed today

Traditional Layer 2 Extensions

33

Challenges in Traditional

Layer 2 VPNs

34

Flooding Behavior Pseudo-wire Maintenance Multi-Homing

- Unknown Unicast for MAC propagation - Unicast Flooding reaches all sites

- Full mesh of Pseudo-wire is complex - Head-End replication is a common problem

- Requires additional Protocols & extends STP - Malfunctions impacts multiple sites

No Pseudo-Wire

State Maintenance

Optimal Multicast

Replication

Multipoint Connectivity

Point-to-Cloud Model

Preserve Failure Boundary

Built-in Loop Prevention

Automated Multi-Homing

Site Independence

Terminology

Edge Device Performs all OTV functionality

Internal Interface Carry VLANs extended through OTV

Regular Layer 2 interfaces

No OTV configuration required

Join Interface One of the uplink of the Edge Device

Used to physically “join” the Overlay

network

No OTV specific configuration required

Overlay Interface Virtual interface with most of the OTV

configuration

Encapsulates Layer 2 frames in IP unicast or

multicast

OTV Devices and Interfaces

37

Core Device

OTV Edge Device

OTV Internal Interface

OTV Join Interface

Aggregation Device

OTV Overlay Interface

West

OTV

South

East

OTV

OTV

OTV Control Plane

OTV Control Plane OTV Control Plane

IP A IP B

IP C

Encap Decap

Decap

OTV Hello

OTV Hello

OTV Hello

IGMP Join G

IGMP Join G

IGMP Join G

Multicast state for group G

established throughout transport

Transport natively replicates

multicast to all OIFs

All edge devices join OTV

control-group G

1

2

3

4

5

6

6

7

7

IP A G OTV Hello

IP A G OTV Hello

IP A G OTV Hello

OTV Hello IP A G OTV Hello

OTV Hello IP A G OTV Hello

Neighbor IP Addr

West IP A

Neighbor IP Addr

West IP A

Neighbor IP Addr

Multicast-enabled

Transport

3

8

OTV Control Plane

3

9

South

East West

OTV

OTV

OTV

OTV Control Plane

OTV Control Plane OTV Control Plane

IP A IP B

IP C

Decap Decap

Encap

OTV Hello

IP C G OTV Hello

IP C G OTV Hello IP C G OTV Hello

OTV Hello OTV Hello

OTV Hello IP C G OTV Hello OTV Hello IP C G OTV Hello

Neighbor IP Addr

West IP A

Neighbor IP Addr

West IP A

South IP C

Neighbor IP Addr

South IP C

1

2

3

4 4

5 5

Bidirectional

adjacency formed

The South Site creates its

hello with West’s address

in the TLV

Multicast-enabled

Transport

OTV Control Plane

South

East West

OTV

OTV

OTV

VLAN MAC IF

100 MAC A IP A

100 MAC B IP A

100 MAC C IP A

VLAN MAC IF

100 MAC A IP A

100 MAC B IP A

100 MAC C IP A

VLAN MAC IF

100 MAC A e1/1

100 MAC B e1/1

100 MAC C e1/1

VLAN MAC IF

100 MAC A e1/1

101 MAC B e1/1

102 MAC C e1/1

Update A

VLAN MAC IF

100 MAC A IP A

101 MAC B IP A

102 MAC C IP A

VLAN MAC IF

100 MAC A IP A

100 MAC B IP A

100 MAC C IP A

New MACs learned

in VLANs that are

OTV extended

Craft OTV

update with

new MACs

IP A G Update A

Update A

Update A

IP A G Update A

IP A G Update A

Update A IP A G Update A

Update A IP A G Update A

Encap Decap

Decap 1

2

3

4

5

5

6

6

VLAN MAC IF

100 MAC A IP A

101 MAC B IP A

102 MAC C IP A

7

7

Add MACs

learned

through OTV

Add MACs

learned

through OTV

MAC Table

MAC Table

MAC Table

Multicast-enabled

Transport

OTV MAC Learning

4

0

Spanning-Tree and OTV

Site transparency: no changes to the

STP topology

Total isolation of the STP domain

Default behavior: no configuration is

required

BPDUs sent and received ONLY on

Internal Interfaces

Site Independence

41

L

2

L

3

OT

V OT

V

The BPDUs

stop here

The BPDUs

stop here

L

2

L

3

OTV

OTV

Unknown Unicast and OTV No Longer Unknown Unicast Storms Across the DCI

42

No requirements to forward

unknown unicast frames

Assumption: end-host are not silent

or uni-directional

Default behavior: no configuration

is required

MAC TABLE

VLAN MAC IF

100 MAC 1 Eth1

100 MAC 2 IP B

- - -

MAC 1 MAC 3

No MAC 3 in the

MAC Table

OTV Multi-homing

• No additional protocols

required (i.e. BGP)

• OTV site-vlan used to discover

OTV neighbor in the same site

• Authoritative Edge Device

(AED) Election takes place

• Extended VLANs are split across

the AEDs

• The AED is responsible for:

‒ MAC address advertisement for its VLANs

‒ Forwarding its VLANs’ traffic inside and outside

the site

Fully Automated Multi-homing

43

L

2

L

3

OTV OTV AED AED

Site Adjacency used for AED election

Site Adjacency

Path Optimization

• Extended VLANs typically have associated HSRP groups

• By default, only one HSRP router elected active, with all servers pointing

to HSRP VIP as default gateway

Egress Routing with LAN Extension

44

HSRP

Active

HSRP

Standby

HSRP

Listen

HSRP

Listen

HSRP Hellos

VLAN

20

VLAN

10

ARP for

HSRP VIP

ARP reply

Packet from

Vlan 10 to Vlan 20

DMAC = Host Vlan 20

Packet from

Vlan 10 to Vlan 20

DMAC = DGW

Routing

Egress Routing Localization

• Filter FHRP with combination of VACL and MAC route filter

• Result: Still have one HSRP group with one VIP, but now have active

router at each site for optimal first-hop routing

FHRP Filtering Solution

45

HSRP

Active

HSRP

Standby

HSRP

Listen

HSRP

Listen

HSRP Hellos

VLAN

20

VLAN

10

HSRP Hellos ✗ ✗ ✗ ✗

HSRP Filter

HSRP

Active HSRP

Standby

ARP for

HSRP VIP

ARP reply

Path Optimization

• Layer 2 extensions represent a challenge for optimal routing

• Challenging placement of gateway and advertisement of routing

prefix/subnet

Optimal Routing Challenges

46

HSRP

Active

HSRP

Standby

HSRP Filter

HSRP

Active HSRP

Standby

East-West /

Server-Server

Egress:

South-North /

Server-Client

Egress:

South-North /

Server-Client

Ingress:

North-South /

Client-Server

Ingress:

North-South /

Client-Server

Ingress Routing Localization Possible Solutions

47

Challenge

•Subnets are spread across locations

•Subnet information in the routing

tables is not specific enough

•Routing doesn’t know if a server has

moved between locations

•Traffic may be sent to the location

where the application is not available

Options

•DNS Based

•Route Injection

•LISP – Locator/ID Separation Protocol

Introduction to

Location Identity

Separation Protocol

(LISP)

Internet

Device IPv4 or IPv6

address represents

identity and location

Today’s Internet Behavior Loc/ID “overloaded” semantic

x.y.z.1 When the device moves, it gets

a new IPv4 or IPv6 address for

its new identity and location

w.z.y.9

Device IPv4 or IPv6

address represents

identity only.

When the device moves, keeps

its IPv4 or IPv6 address.

It has the same identity

LISP Behavior Loc/ID “split”

Internet

a.b.c.1

e.f.g.7

Only the location changes

x.y.z.1

x.y.z.1

Location Identity Separation Protocol What do we mean by “location” and “identity”?

Its location is here!

A LISP Packet Walk How Does LISP Operate?

Non-LISP site

East-DC

LISP site

IP Network

ETR

EID-to-RLOC mapping

172.16.1.1 172.16.2.1

1.1.1.1

3.3.3.3

172.16.10.1

2.2.2.2

10.2.0.0/24

172.16.3.1 172.16.4.1

10.1.0.0/24

West-DC

PiTR

4.4.4.4

10.3.0.0/24

Non-LISP site

ITR S

D

DNS entry: D.abc.com A 10.1.0.1

1

10.3.0.1 -> 10.1.0.1

2

EID-prefix: 10.1.0.0/24

Locator-set:

172.16.1.1, priority: 1, weight: 50 (D1)

172.16.2.1, priority: 1, weight: 50 (D2)

Mapping

Entry

3

This policy controlled

by destination site

10.3.0.1 -> 10.1.0.1

172.16.10.1 -> 172.16.1.1

4

10.3.0.1 -> 10.1.0.1

5

Access

Agg

VM= 10.10.10.1 Default GW = 10.10.10.100

ISP A ISP B

Access

Agg

Data Center A

LAN Extension

Prefix

(EID)

Route Locator

(RLOC)

10.10.10.1 A, B

10.10.10.2 A, B

… …

10.10.10.5 C, D

10.10.10.6 C, D

Ingress Tunnel

Router (ITR)

Moved to C, D

Decap

3

IP_DA = 10.10.10.1

1

ETR

Routing Based Ingress Optimization

A B C D

IP_DA = 10.10.10.1

IP_DA = 10.10.10.1

4

5

Decap

7

IP_DA = 10.10.10.1

6 Encap

2

Data Center B

ETR

VM= 10.10.10.1 Default GW = 10.10.10.100

IP_DA = 10.10.10.1

VM IP Address

10.10.10.1

Thank you!

Brian Farnham

Technical Marketing Engineer

Cisco Systems, Inc.

brfarnha@cisco.com

Questions?