Data Center LAN Migration Guide - Juniper Networks

More documents

Recommendations

Info

Data Center LAN Migration Guide Post Installation As previously noted, procedures similar to those used when installing new security appliances in a single vendor environment could be used after physical installation is complete. As a best practice: • Verify access via CLI or network management tools. • Verify interface status via CLI or network management tools. • Verify that traffic is passing through the platform. • Verify that rules are operational and behaving as they should. • Confirm that Application Layer Gateway (ALG) policies/IPS are stopping anomalous or illegal traffic in the application layer, while passing permitted traffic. • Confirm that security platforms are reporting appropriately to a centralized logging or SIEM platform. Business Continuity and Workload Mobility Trigger Events Sometimes an improvement in availability of systems to external and internal users drives a critical initiative to enhance the availability of data center infrastructures, either within an individual data center or between sets of data centers such as primary, backup, and distributed data center sites. The goal is almost always to preserve a business’ value to its stakeholders, and it often requires upgrades or extensions to critical infrastructure areas to achieve this goal. Business continuity or disaster recovery sites can be set up as active/active, warm-standby, or cold-standby configurations. A cold-standby site could involve an agreement with a provider such as SunGuard in which backup tapes are trucked to a SunGuard backup data center facility. A warm-standby site could interconnect primary and standby data centers for resumption of processing after a certain amount of backup/recovery system startup has occurred. A hot-standby, active/active configuration involves continuously available services running in each site that allow transparent switching between “primary” and “secondary” as needed, driven by planned or unplanned outages. A large organization may have instances of each. Business continuity and workload mobility are tightly coupled. Business continuity or high availability disaster recovery (HADR) often involves provisioning between two or more data centers. The design could involve replicating an entire data center (essentially a Greenfield installation), or the design could involve adding additional capacity to one or more existing data centers. The specific insertion points could be at any of the tiers of an existing three-tier design. We have already outlined best practices and specific installation tasks for several of these network insertion points in this chapter. Once provisioning for the disaster recovery data center has been done, users should be able to connect into any of the data centers transparently. Since we have already described the installation tasks for access and aggregation/core switching and services tiers of the new data center network, we won’t repeat those here. The same procedures can be used to enhance the data center infrastructures that will take part in the HADR system. To the extent that MPLS and VPLS are involved in the configuration between centers, we will address the steps associated with that part of the network in the section on workload mobility further on in this guide. Best Practices Design for Business Continuity and HADR Systems • Business continuity is enabled using a mix of device-level, link-level, and network-level resiliency within and between an organization’s data center sites. In most cases, it also involves application and host system resiliency capabilities that need to interwork seamlessly with the network to achieve continuity across multiple sites. • In this section, we first concentrate on the network-level design within the data center sites. • In the following section (on workload mobility), we also describe capabilities that extend continuity to the network supporting multiple data center sites and to certain considerations around host and application resiliency interworking with the network. 46 Copyright © 2012, Juniper Networks, Inc.
Data Center LAN Migration Guide • Link-level redundancy in data center networks can be implemented with the following network technologies: - Link Aggregation Group (LAG) - Redundant Trunk Groups (RTGs) - Spanning Tree Protocol (STP) and its variations - Bidirectional Forwarding Detection (BFD) - MPLS We have already discussed LAG, RTG, and STP earlier in this guide. BFD is rapidly gaining popularity in data center deployments, because it is a simple protocol aiding rapid network convergence (30 to 300 ms resulting in a subsecond convergence time). BFD is a simple low layer protocol involving a hello mechanism between two devices. The communication can be across directly connected links or across a virtualized communications path like MPLS. • Node level resiliency can be achieved using the following technologies: - Graceful Routing Engine switchover (GRES) - Graceful restart - Nonstop active routing (NSR) and nonstop bridging (NSB) GRES is a feature used to handle planned and unplanned platform restarts gracefully, without any disruptions, by deploying a redundant Routing Engine in a chassis. The Routing Engines synchronize and share their forwarding state and configuration. Once synchronized, if the primary Routing Engine fails due to a hardware or software problem, the secondary Routing Engine comes online immediately, resulting in minimum traffic forwarding interruption. Rather than being a feature, graceful restart is a standards-based protocol that relies on routing neighbors to orchestrate and help a restarting router to continue forwarding. There is no disruption in control or in the forwarding path when the graceful restart node and its neighbors are participating fully and are employing the standard procedures. NSR builds on GRES and implements a higher level of synchronization between the Routing Engines. In addition to the synchronizations and checkpoints between the Routing Engines that GRES achieves, NSR employs additional protective steps and results in no disruption to the control or data planes, hiding the failure from the rest of the network. And, it does not require any help from its neighbors to achieve these results. Note that graceful restart and NSR are mutually exclusive—they are two different means to achieve the same high availability goal. NSB is similar to GRES and preserves interface and Layer 2 protocol information. In the event of a planned or unplanned disruption in the primary Routing Engine, forwarding and bridging are continued during the switchover resulting in minimal packet loss. Node-level HA includes many aspects, starting with the architecture of the node itself and ending with the protocols that the node uses to network with other components. Paralleling the Open Systems Interconnection (OSI) Reference Model, you can view the network infrastructure components starting from the physical layer, which is the node’s internal architecture and protocols, and ending with the upper tiers, which would include components such as OSPF, IS-IS, BGP, MPLS, GRES, NSR, etc. No single component provides HA. It is all of the components working together which creates one architecture and results in high availability. For more detailed information on HA features on Juniper platforms, refer to: www.juniper.net/techpubs/en_US/ junos10.1/information-products/topic-collections/swconfig-high-availability/frameset.html. To complement the node-level availability mechanisms highlighted above, devices and systems deployed at critical points in the data center design should include redundancy of important common equipment such as power supplies, fans, and Routing Engines at the node levels, so that the procedures mentioned above can have a stable hardware environment to build upon. In addition, the software/firmware in these devices should be based on a modular architecture to prevent software failures or upgrade events from impacting the entire device. There should also be a clean separation between control plane and data processes to ensure system availability. Junos OS is an example of a multitasking OS that operates in this manner, ensuring that a failure in one process doesn’t impact any others. Copyright © 2012, Juniper Networks, Inc. 47
Page 1 and 2: DATA CENTER LAN MIGRATION GUIDE
Page 3 and 4: Data Center LAN Migration Guide Cha
Page 5 and 6: Copyright © 2010, Juniper Networks
Page 7 and 8: 3-TIER LEGACY NETWORK Ethernet Figu
Page 9 and 10: Why Migrate? Data Center LAN Migrat
Page 11 and 12: The Case for a High Performing, Sim
Page 13 and 14: Why Juniper? Data Center LAN Migrat
Page 17 and 18: Junos Pulse SRX5000 Line SRX3000 Li
Page 19 and 20: Data Center LAN Migration Guide A k
Page 21 and 22: Data Center LAN Migration Guide For
Page 23 and 24: MPLS/VPLS for Data Center Interconn
Page 25 and 26: Junos Space applications include: D
Page 29 and 30: Data Center LAN Migration Guide Add
Page 31 and 32: TRIGGER EVENT NETWORK INSERTION LAy
Page 33 and 34: Data Center LAN Migration Guide •
Page 35 and 36: For more detailed information on NI
Page 37 and 38: PoC lab could include: - Interface
Page 39 and 40: Data Center LAN Migration Guide Sig
Page 41 and 42: Data Center LAN Migration Guide The
Page 43 and 44: Installation Tasks Refer to Figure
Page 45: Data Center LAN Migration Guide In
Page 49 and 50: Data Center LAN Migration Guide At
Page 51 and 52: Data Center LAN Migration Guide Ste
Page 53 and 54: Juniper Professional Services Data
Page 57 and 58: Hardware Data Center LAN Migration
Page 59 and 60: OSI Layer 3: Network Troubleshootin
Page 61 and 62: The commands presented in this sect
Page 65 and 66: Data Center LAN Migration Guide 3.
Page 67 and 68: Data Center LAN Migration Guide Cop

Data Center LAN Migration Guide - Juniper Networks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?