《思科:数据中心和云的MPLS架构方法(2023)(英文版)(99页).pdf》由会员分享,可在线阅读,更多相关《思科:数据中心和云的MPLS架构方法(2023)(英文版)(99页).pdf(99页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLiveRajiv Asati,CTO,VP/Cisco FellowMPLS Architectural Approaches for Data Center and CloudBRKMPL-21412141 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicSlido PollBRKMPL-21413 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicJust because we can,doesn
2、t mean we should.BRKMPL-21414 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAbstractThis session examines the unique challenges presented by largelarge-scale scale data center architecturesdata center architectures,including cloud architectures-availability,multi-tenancy
3、,scale,performance and mobility.This session discusses why&why-not MPLS to address the DC related challenges and“how far could MPLS go”into the DC,so as to enable multi-tenancy&Cloud Services with SLAs.Prerequisites:data center architectures(L2 and L3),MPLS,and IP routing.BRKMPL-21415 2023 Cisco and
4、/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhat to expectWhat This Session IsWhat This Session IsOverview of data center use cases(L2 and L3)also,cloudMPLS tools as they apply to those use casesWhat This Session IsntWhat This Session IsntData center design talkMPLS in depthConfigsB
5、RKMPL-21416 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePrerequisites and Other ClassesThis talk is at the intersection of data center/cloud and MPLSIt assumes basic knowledge of both areas,as well as IP routing It contains a quick MPLS recap but is not an MPLS intro c
6、ourseIf interested,then check out MPLS sessions at previous CiscoLives:BRKMPL-1100 Introduction to MPLSBRKMPL-2100Deploying MPLS Traffic EngineeringBRKMPL-2101Deploying MPLS-based Layer 2 Virtual Private NetworksBRKMPL-2102Deploying MPLS-based IP VPNsBRKMPL-2108 Designing MPLS in Next Generation Dat
7、a Center:A Case StudyBRKMPL-2333E-VPN&PBB-EVPN:the Next Generation of MPLS-based L2VPNLTRMPL-2102Enterprise Network Virtualization using IP and MPLS Technologies:IntroductionLTRMPL-3102Enterprise Network Virtualization using IP and MPLS Technologies:AdvancedBRKMPL-21417 2023 Cisco and/or its affilia
8、tes.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter mes
9、sages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.1234https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKMPL-21418#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroductionData Center grow
10、th over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-21419 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntroLinux PCs,mostlyMaybe 250sqft10Mbit DC backbone Cloud?Previous DC:$15 Plast
11、ic racks10base2Half the sizeWay Back whenCopyright J.R.Oldroyd,1998.Used by permission.BRKMPL-214110 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntroNowCourtesy:http:/ data centers(est.)1Facebook:12+data centers(est.)2Microsoft:$15B in DC build out costs3VMs,10/40/100
12、Gbit uplinksDC-as-computer1:https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntroMPLS in Data Center/Cloud?Starts with“got this multi-tenancy problem,how to solve it?”MPLS VPNs solved this in WAN long before it was a DC problemFrom there:How are people doing this w
13、ithout MPLS?How would I solve it with MPLS?What else can MPLS do besides multi-tenancy?Multi-tenancy:provide closed user groups or segmentations on top of a common infrastructure e.g.app,storage,networkBRKMPL-214112#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaInt
14、roductionData Center growth over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-214113 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntra-DCSimplest possible data center architecture:Swi
15、tchServersBRKMPL-214114 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDC growth(1/4)Single VLANSwitch gets fullAdd VLANs,trunkingServerBRKMPL-214115 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDC growth(2/4)Add hierarchy,STP blocking!Totall
16、yUselessRedundantDeviceReplace STP with VPC,FabricPathBRKMPL-214116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDC growth(3/4)“What about more than one data center?”“Where do we go from here?”BRKMPL-214117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
17、ic#CiscoLiveDC growth(4/4)BRKMPL-214118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFundamental questionQ:Is the technology that built thisalso right for this?Ans:Umm.Not really.But how far do we deviate?BRKMPL-214119#CiscoLive 2023 Cisco and/or its affiliates.All righ
18、ts reserved.Cisco PublicAgendaIntroductionData Center growth over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-214120 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplicability Overlay
19、s rule our worldLots of ways to solve the problem inter-DC,intra-DC,into-DCInter-Cloud,intra-Cloud,into-CloudHow you solve it depends onWhat you needWhat your toolset isThere is no“one right way”.There is“youryour right way”.Example:Overlays solve a big connectivity problem,but which one works bette
20、r for DC/Cloud?BRKMPL-214121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplicability Attributes for ConnectivityGot to have the following for DC/Cloud Connectivity:Common Encap for overlay&underlayProven Segmentation/Multi-tenancyEasy to add bandwidth/path engineerin
21、g Technology Familiarity Extensibility e.g.MobilityMPLS can address all of the aboveData CenterVPN Sites(Campus)SitesVPN Sites(Branch)CloudData CenterWANWAN(MPLS)(MPLS)BRKMPL-214122 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplicability-Consistency is KEYE2E Data Pl
22、ane Consistency per tenant;whether IP or MPLSWAN-PE and DC-PE vs.DC-PE and VMs/ContainersMatch the“encap”e.g.MPLS,IP(UDP,GRE)E2E Control Plane Consistency per tenant;WAN-PE and DC-PE vs.DC-PE and VPNs/ContainersMatch the“signaling protocol”e.g.L3VPN,EVPNPer-tenant provisioning in DC/Cloud only where
23、 neededControllers program BGP/Forwarder entries per VM/Pods lifecycleMinimize Per-tenant state in DC Underlay e.g.TOR,DC-PE*Data CenterVPN Sites(Campus)SitesVPN Sites(Branch)CloudData CenterWANWAN(MPLS)(MPLS)*with Inter-AS VPN conceptsWANWAN-PEPEDCDC-PEPEWANWAN-PEPEvPEvPESpine-LeafK8SBRKMPL-214123
24、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveApplicability-Consistency is KEY for Performance&ScaleE2E Data Plane Consistency per tenant;whether IP or MPLSWAN-PE and DC-PE vs.DC-PE and VMs/ContainersMatch the overlay“encap”e.g.MPLS,IP(UDP,GRE)E2E Control Plane Consisten
25、cy per tenant;WAN-PE and DC-PE vs.DC-PE and VPNs/ContainersMatch the overlay“signaling protocol”e.g.L3VPN,EVPNPer-tenant provisioning in DC/Cloud only where neededControllers program BGP/Forwarder entries per VM/Pods lifecycleMinimize Per-tenant state in DC Underlay e.g.TOR,DC-PE*with Inter-AS VPN c
26、onceptsNo Penalty for Disparate Data Plane Stitching and Control plane StitchingLess Touchpoints,Less State,Faster ChangesBRKMPL-214124#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroductionData Center growth over timeMPLS for Data Center/CloudApplicabilityWhy
27、and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-214125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy not?Lack of MPLS familiarity in DC teamUnderlay Not supporting MPLS forwardingIP Overlay in WANNo need for Traffic EngineeringWhy/
28、Why-Not MPLS in DC/Cloud?Why?MPLS already in WAN Seamless Integration with existing MPLS VPN MPLS familiarity in OperationsApplication based ProgrammabilityMulti-tenancy in DC for Cloud Services e.g.Virtualized FunctionsBRKMPL-214126#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cis
29、co PublicAgendaIntroductionData Center growth over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-214128 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside DC/CloudHow deep can we
30、go?http:/openclipart.org/detail/947/alice-in-wonderland-4-drink-me-by-ryanlerchCC01.0 licenseCore Core DCEdgeDCEdge/Border Leaf/Border Leaf Access/Access/Leaf/TORLeaf/TORVirtualVirtualSwitchesSwitchesAgg/Agg/Spine Spine 123MPLSMPLS(VPN/TE)upto TORMPLS(VPN/TE)upto Virtual ForwarderMPLS(VPN/TE)upto DC
31、 EdgeVM/PODVM/PODVM4MPLS(VPN/TE)upto VMVMBRKMPL-214129 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside DC/Cloud1.MPLS to the DC Edge/Border LeafMPLSMPLS PE function on DC EdgeDC Edge/Border Leaf Agg/Spine Access/Leaf/TORVirtualSwitchVMPODPODVM1ServerUnderlay=La
32、yer 3(or Underlay=Layer 3(or Layer 2)Layer 2)2001:DB8:1:1/1272001:DB8:2:1/64VLANs between Virtual Switch and TORBRKMPL-214130 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside DC/Cloud1.MPLS to the DC Edge/Border LeafMPLSVirtualSwitchVMPODPODVM1ServerUnderlay=Lay
33、er 3Underlay=Layer 3MPLS PE function on DC EdgeBRKMPL-214131DC Edge/Border Leaf Agg/Spine Access/Leaf/TOR 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServerMPLS inside DC/Cloud2.MPLS to the ToRDC Edge/Border Leaf Agg/Spine Access/Leaf/TORVirtualSwitchesMPLS PE function
34、 on TOR2VLANs between Virtual Switch and TORVMVMVMVMUnderlay=MPLS(SR)2001:DB8:1:1/1272001:DB8:1:2/127MPLS PE or P function on DC EdgeCore/WANBRKMPL-214134 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServerMPLS inside DC/Cloud2.MPLS to the Virtual ForwarderDC Edge/Borde
35、r Leaf Agg/Spine Access/LeafVirtualSwitchesMPLS PE forwarding function on virtual Switch 3VMVMVMVM2001:DB8:1:1/1272001:DB8:1:2/127Underlay=MPLS(SR)MPLS PE or P function on DC Edge;May use Inter-ASCore/WANBRKMPL-214135 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveServerM
36、PLS inside DC/Cloud2.MPLS to the VMDC Edge/Border Leaf Agg/Spine Access/LeafVirtualSwitchesCore/WANMPLS PE function on VM/Container4VMPODMPLS PE or P function on DC Edge;May use Inter-ASUnderlay=MPLS(SR)BRKMPL-214136#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIn
37、troductionData Center growth over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-214137 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS for DCCloud Services Option 3DC-PE11InternetWAN
38、SR MPLSCustomer Y Site Customer X SiteHosts(Compute nodes)Managed VNFsDC Fabric(SR MPLS)BGP AgentWAN-PE1Orchestrator/ControllerWAN-PE2BGP AgentDC-PE12vForwarder(fd.io)+BGP SpeakerNote:VIM e.g.Openstack may also be present VPPVPPTORVIMMPLS OverlayBRKMPL-214138 2023 Cisco and/or its affiliates.All rig
39、hts reserved.Cisco Public#CiscoLiveMPLS for Data Center Build Cloud ServicesTenant access to DC for multi-tenant Cloud Services is where Overlay=MPLS VPN gets really usefulNo need for hub and spoke architecturesJust add a VRF where we want a VRFDC Underlay=Segment Routing MPLS well suitedWorks seaml
40、essly with inter-AS conceptsSo if youre a VPN provider and cloud provider,win-win-value-add-synergyIntoMillions of Millions of Applications Applications flowsflowsA path is A path is mapped on a mapped on a list of list of segmentssegmentsThe network The network only maintains only maintains segment
41、ssegmentsNo application No application statestateBRKMPL-214139 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS for Data Center Build Cloud Native Services with VPP/LigatoVPP:Light weight,multi-tenanted software forwarderCan be a VM or Linux Container Industrys first“U
42、ser Space”forwarder Full Fault IsolationNo need of Kernel certification/re-certificationNo Kernel pollution Better StabilityIndustry Highest Performance 10G/CoreMulti-threaded,can scale-up performance Programmed using YANG over RESTConf*or NetconfForwarding controlled centrally,L3/L2 entries,N-tuple
43、 match etc.Virtual Packet Processor(VPP)VTF Control Agent TENANT-1 VMs Proxy ARP DHCP Relay Host -(Kernel Space)Tenant1 Context Tenant2 Context VM2,IP2,MAC2 VM3,IP3,MAC3 VM3,IP3,MAC3 VM2,IP2,MAC2 MPLS-over-GRE/VXLAN/MPLS-over-UDP/L2TPv3 VTF VM Data Plane Patch Panel TENANT-2 VMs DPDK Drivers Physica
44、l NIC User Space VPP forwarder is open-sourced https:/fd.io/technology*Data Model published at IETF-http:/tools.ietf.org/html/draft-rfernando-ipseMPLS Nativehttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKMPL-2141 2023 Cisco and/or its affiliates.All rights reserved.Cisco
45、 Public#CiscoLiveMPLS for Data Center Build Cloud Native Services with Ligato/VPP Ligato comprises Plugins for VPP,BGP,SFC,etc.https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS for Data Center Build Cloud Native Services with Ligato/VPP Ligato comprises Plugins
46、for VPP,BGP,SFC,etc.https:/ App PluginBRKMPL-214144 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS for Data CenterCloud Native ServicesDC-PE11InternetWAN MPLSCustomer Y SiteCustomer X Site Hosts(Compute nodes)Managed VNFsDC Fabric(SR MPLS)BGP AgentPE1PE2BGP AgentDC-P
47、E12Ligato provides BGP,VPP etc.Note:VIM e.g.K8S,Openstack may also be present VPPVPPTORMPLS OverlayIP,S=H1,D=H2Label1Label1Label2Label2IP,IP,S=H1,D=H2S=H1,D=H2Label8Label8Label9Label9IP,IP,S=H1,D=H2S=H1,D=H2IP,S=H1,D=H2IP,S=B1,D=H2Label8Label8Label9Label9IP,IP,S=B1,D=H2S=B1,D=H2Label6Label6Label7Lab
48、el7IP,IP,S=B1,D=H2S=B1,D=H2IP,S=B1,D=H2BRKMPL-214145#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroductionData Center growth over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL
49、-214146 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCustomersNation-wide MPLS NetworkDXDXDC 1DC nDXDXDC 1DC nDXDXDC 1DC nCase-Study Realizing MPLS in Multi-Cloud:Option 4AZ(a)AZ(b)AZ(c)Region 3Countrywide DC 1Metro DC1Metro DC2Metro DC3LZ(1)LZ(2)LZ(3)Local DCLocal DCLo
50、cal DCCloud ProvidersNation-wide IP NetworkAZ(a)AZ(b)AZ(c)Region 2Countrywide DC 2Metro DC1Metro DC2Metro DC3Local DCLocal DCLocal DCAZ(a)AZ(b)AZ(c)Region 1Countrywide DC 3Metro DC1Metro DC2Metro DC3LZ(1)LZ(2)LZ(3)Local DCLocal DCLocal DCAmazon Network EdgeVPCTransit GatewayDX GatewayCisco Virtual R
51、outersMPLS VPN o GRE TunnelsNCS5500 PELZ(1)LZ(2)LZ(3)CLOUD Provider AWorkloadsWorkloadsWorkloadsCustomer 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCustomersNation-wide MPLS NetworkDXDXDC 1DC nDXDXDC 1DC nDXDXDC 1DC nCase-Study Realizing MPLS in Multi-Cloud:Option 4AZ
52、(a)AZ(b)AZ(c)Region 3Countrywide DC 1Metro DC1Metro DC2Metro DC3LZ(1)LZ(2)LZ(3)Local DCLocal DCLocal DCCloud ProvidersNation-wide IP NetworkAZ(a)AZ(b)AZ(c)Region 2Countrywide DC 2Metro DC1Metro DC2Metro DC3Local DCLocal DCLocal DCAZ(a)AZ(b)AZ(c)Region 1Countrywide DC 3Metro DC1Metro DC2Metro DC3LZ(1
53、)LZ(2)LZ(3)Local DCLocal DCLocal DCAmazon Network EdgeVPCTransit GatewayDX GatewayCisco Virtual RoutersMPLS VPN o GRE TunnelsNCS5500 PELZ(1)LZ(2)LZ(3)CLOUD Provider AWorkloadsWorkloadsWorkloadsCustomer#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntroductionData
54、Center growth over timeMPLS for Data Center/CloudApplicabilityWhy and Why-notHow Far can MPLS go in DCCloud Native ServicesCase-StudyConclusionBRKMPL-214149 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSummaryLots of ways to solve the problem(inter,intra,into)How you so
55、lve it depends onWhat you needWhat your toolset isThere is no“one right way”.There is“your right way”.More the Stateless,better it isMinimize Number of Touchpoints per Tenant ServicesBRKMPL-214150 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicJust because we can,doesnt mean we sho
56、uld.BRKMPL-214151 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the lea
57、derboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every survey completed.BRKMPL-214152 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFrom technology training and team development to Cis
58、co certifications and learning plans,let us help you empower your business and Learning and CertificationsHere at the event?Visit us at The Learning and Certifications lounge at the World of SolutionsPay for Learning with Pay for Learning with Cisco Learning Credits Cisco Learning Credits(CLCs)are p
59、repaid training vouchers redeemed directly with Cisco.Cisco Training BootcampsIntensive team&individual automation and technology training programsCisco Learning Partner ProgramAuthorized training partners supporting Cisco technology and career certificationsCisco Instructor-led and Virtual Instruct
60、or-led trainingAccelerated curriculum of product,technology,and certification coursesCisco Certifications and Specialist CertificationsAward-winning certification program empowers students and IT Professionals to advance their technical careersCisco Guided Study Groups180-day certification prep prog
61、ram with learning and supportCisco Continuing Education ProgramRecertification training options for Cisco certified individualsLearnCisco U.IT learning hub that guides teams and learners toward their goalsCisco Digital LearningSubscription-based product,technology,and certification trainingCisco Mod
62、eling LabsNetwork simulation platform for design,testing,and troubleshootingCisco Learning Network Resource community portal for certifications and learningTrainCertifyBRKMPL-214153 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for r
63、elated demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-Demand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive56Gamify your Ci
64、sco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123456 2023 Cisco and/or its af
65、filiates.All rights reserved.Cisco PublicBRKMPL-2141#CiscoLiveAdditional Slides 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFlexible Overlay Virtual NetworkMobility Track end-point attach at edgesMulti-tenancyFlexibility/ProgrammabilityWhy Overlays?Robust Underlay/Fabr
66、icHigh Capacity Resilient FabricIntelligent Packet HandlingProgrammable&ManageableSeek well integrated best in class Overlays and UnderlaysBRKMPL-214160 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside Data CenterApplication controls network deliversThe network
67、is simple,highly programmable and responsive to rapid changesperfect support for centralized optimization efficiency,if required2G from A to Z pleaseLink CD is full,I cannot use the shortest-path 65 straight to Z65FULL65BRKMPL-214161 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#
68、CiscoLiveMPLS for Data CenterMost DCs are a hybrid(80/20 split,say)more or less:Layer 2(Ethernet)end to endLayer 3(IP or MPLS)end to endMPLS for these 2 use-cases:1.Between Data Centers(i.e.DC Interconnect)2.Inside Data CenterLayer2 ApproachesLayer2 ApproachesLayer3 ApproachesLayer3 Approaches1Betwe
69、en Data CentersVPWS,VPLS,EVPN,PBB-EVPNMPLS L3VPN,EVPN 2Inside Data Centern/aMPLS over IP,MPLS over EthernetBRKMPL-214162 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS Inside Data Center Layer 2 ApproachesSome cloud providers want Ethernet end to endAllows for VM mob
70、ilityAvoids having to worry about IP address assignment Enables having to worry about MAC addresses scale Usually enterprise data centersCaution:Server Virtualization fueling MAC Addresses scaleBRKMPL-214163 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS Inside Data
71、Center Layer 3 ApproachesSome cloud providers are emphasizing IPIP in the cloud makes sense when access*to*the cloud is IP“Route when you can,switch when you must”BRKMPL-214164 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside Data CenterPE is CSR1kv or 9000v or
72、even VPP.Not N1kv,thats a switchEnd to End IP using MPLS L3 VPNsVM1DC Infra i.e.UnderlayIP/MPLSDC-Edge(P)VM1VM2vPEBRKMPL-214165 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside Data CenterEnd to End IP using MPLS L3 VPNsVM1VM2PEDC infraDC-Edge(P)CoreDC-Edge(P)DC
73、 infraVM1VM2PEPacket forwarding is MPLS between all nodesAdvantages:Add a new site to a VPN without touching all other sitesSimple,single encap,no encap switchingIGPIGPVPNVPNIPIPIGPIGPVPNVPNIPIPIGPIGPVPNVPNIPIPIPIPIPIPBRKMPL-214166 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Ci
74、scoLiveMPLS inside Data CenterRoute Reflectors carry routes e2eWorks with inter-AS too!End to End IP using MPLS L3 VPNsVM1VM2vPEDC fabricDC-Edge(P)CoreDC-Edge(P)DC fabricVM1VM2vPERRRRRRBRKMPL-214167 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveMPLS inside Data CenterDo
75、you need MPLS in the DC infra?Can use standard L2 mechanisms(STP,VPC,FabricPath)to connect PE to PWait.what?Q:If I use Ethernet in the DC fabric,what good is MPLS end to end?A:You still use MPLS to provide all of your overlay services(i.e.VPNs).No different from connecting PEs to Ps in a traditional
76、 access/agg/core network.Getting from the VM to the PVM1VM2vPEDC infra(L3:MPLSOrL2:Ethernet)DC-Edge(P)BRKMPL-214168Agenda 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntroductionData Center growth over timeQuick MPLS recapMPLS for Data Center/CloudApplicabilityHow Far can MPLS g
77、o in DCCloud Native ServicesWhy and Why-notConclusionBRKMPL-214169 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS RecapMPLS rolesPE:Provider Edge(Label Edge Router)P:Provider(Label Switching Router)CE:Customer Edge(sees no MPLS,usually)PE1PE2P1BRKMPL-214170 202
78、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS RecapMPLS rolesTo forward,lookup is required:Eth Frames:MAC table lookupIP packets:FIB table lookupMPLS packets:LFIB table lookupPE1PE2P1in in-LabelLabeloutout-LabelLabeloutout-InterfaceInterface42500Gig0/0in in-Label
79、Labeloutout-LabelLabeloutout-InterfaceInterface(null)42Gig0/0in in-LabelLabeloutout-LabelLabeloutout-InterfaceInterface500(null)(null)BRKMPL-214171 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS RecapPushSwapPopNo Label(Or Untagged)Forwarding OperationsPayload(
80、IP/Eth)Payload(IP/Eth)L1Payload(IP/Eth)L1L2Payload(IP/Eth)L1L3Payload(IP/Eth)L1L3Payload(IP/Eth)L1Payload(IP/Eth)L1L3Payload(IP/Eth)Payload(IP/Eth)Payload(IP/Eth)L1L2L3LLabelBRKMPL-214172Layer 3 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS RecapVRF:Virtual Ro
81、uting and Forwarding i.e.dedicated RIB/FIB instances&more RT(Route Target):Import/export statements let you build the VPN topologyRD(Route Distinguisher):To separate two VPN customers using overlapping 10.x/8VRF RIB/FIB bound to one or more interfaces e.g.Red,GreenIt all Started with Layer 3 VPNPE1P
82、E2P110.0.0.0/8,RD 1:1,RT 5:510.0.0.0/8,RD 1:2,RT 47:8110.0.0.0/810.0.0.0/8BRKMPL-214174 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 3 VPNData Plane-DCI with MPLS VPN PE1H1SrcIP:H1DstIP:H2IP,S=H1,D=H2PE2H2IP,S=H1,D=H2Adds VPN label from PE2Adds IG
83、P label to reach PE2IGP LabelIGP LabelVPN LabelVPN LabelIP,IP,S=H1,D=H2S=H1,D=H2PE2PE2 FIBFIB10.1.2.0/24H2.interface10.1.1.0/24PE1PE1PE1 FIBFIB10.1.1.0/24H1.interface10.1.2.0/24PE2SrcIP:H1DstIP:H2BRKMPL-214175 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Reca
84、p-Layer 3 VPNControl plane is BGP,so Route Reflectors can be usedControl Plane-DCI with MPLS VPNPrefix:RD:10.1.1.0/24RT:100:100Label:42RRH1H2PE1R2Prefix:RD:10.1.2.0/24RT:100:100Label:10010.1.1.0/2410.1.2.0/24Reference SlideBRKMPL-214176 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publ
85、ic#CiscoLiveQuick MPLS Recap-Layer 3 VPNInter-AS VPNsMaybe you have a global network with multiple ASes(US,EMEA,APAC)Maybe you have a customer who buys VPN services from multiple providersIn theory these methods all work with EVPN and PBB-EVPN as wellIts just BGP,and/48s are host routes just like/32
86、sIn practice we know it works with MPLS VPN,EVPN/PBB-EVPN are awfully newInter-DC thats also Inter-ASBRKMPL-214177 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 3 VPNThere are three inter-AS VPN methods,per rfc4364 Section 10Option A:VRF-to-VRF con
87、nections at the ASBROption B:EBGP redistribution of VPN-IPv4 routes from AS to ASOption C:Multi-hop EBGP VPNv4 peers(RRs)Inter-DC thats also Inter-ASBRKMPL-214178 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 3 VPNOption AEach ASBR Thinks the Other
88、 Is a CEAS1PE-ASBR1PE1Unlabeled IP PacketsAS2PE-ASBR2PE2P2P1IPIP40P1IP40IPIPIP80P2IP80BGP VPN-IPv4Net=RD:16.1/16NH=PE-ASBR1Route Target 100:1VPN Label=40BGP VPN-IPv4 Net=RD:16.1/16NH=PE2Route Target 100:1VPN Label=80Reference SlideBRKMPL-214179 2023 Cisco and/or its affiliates.All rights reserved.Ci
89、sco Public#CiscoLiveQuick MPLS Recap-Layer 3 VPNOption BAS#1AS#2PE1PE2Customer-ACE1CE2 Customer-AASBR1152.12.4.0/24BGP,OSPF,RIPv2 152.12.4.0/24,NH=CE1VPN-v4 update:RD:1:27:152.12.4.0/24,NH=PE1RT=1:222,Label=(L1)VPN-v4 update:RD:1:27:152.12.4.0/24,NH=ASBR2RT=1:222,Label=(L3)BGP,OSPF,RIPv2 152.12.4.0/
90、24,NH=PE2ASBR2VPN-v4 update:RD:1:27:152.12.4.0/24,NH=ASBR1RT=1:222,Label=(L2)eBGP for VPNv4Label Exchangebetween GatewayPE-ASBR RoutersUsing eBGPInter-AS option B:ASBRs as RRsReference SlideBRKMPL-214180 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Laye
91、r 3 VPNRoute and label exchange in Option COption CVPN-R1CE1CE2VPN-R2ASBR1RR2ASBR2BGP,OSPF,RIPv2 152.12.4.0/24,NH=CE1BGP VPNv4 update:RD:1:27:152.12.4.0/24,NH=PE1RT=1:222,Label=(L1)BGP VPN-v4 update:RD:1:27:152.12.4.0/24,NH=PE1RT=1:222,Label=(L1)BGP,OSPF,RIPv2 152.12.4.0/24,NH=PE2PE1PE2AS#1BGP updat
92、e:RD:1:27:152.12.4.0/24,NH=PE1RT=1:222,Label=(L1)To ASBR2:Network=PE1NH=ASBR-1Label=(L2)From ASBR1:Network=PE1 NH=ASBR-2Label=(L3)152.12.4.0/24RR1AS#2Reference SlideBRKMPL-214181 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 3 VPNOption B:ASBRs sen
93、d self as NH,ASBRs are RRsOption C:ASBRs send PEs as NH,BGP state is in RRsOption B vs Option CAS#1AS#2ASBR1ASBR2VPN-v4 update:RD:1:27:152.12.4.0/24,NH=ASBR1RT=1:222,Label=(L2)ASBR1RR2ASBR2BGP VPNv4 update:RD:1:27:152.12.4.0/24,NH=PE1RT=1:222,Label=(L1)AS#1To ASBR2:Network=PE1NH=ASBR-1Label=(L2)From
94、 ASBR1:Network=PE1 NH=ASBR-2Label=(L3)RR1AS#2Reference SlideBRKMPL-214182Layer 2 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 2p2p interconnect,basically glues two p2p Ethernet segments together with a pseudowire(PW)Scales O(N2)(no mp2mp)Not the b
95、est option,but works just fine at a manageable scaleWorth understanding to see what it evolved into1.VPWS:Virtual Private Wire Service(e.g.EoMPLS)BRKMPL-214184 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 21.VPWS:Virtual Private Wire Service(e.g.E
96、oMPLS)1.LDP(or BGP)exchanges labels for the psuedowire2.Packets are forwarded with the assigned label(not shown:ND/ARP)PWID:42,RxLabel:50Host1Host2PE1PE2SrcMAC:H1DstMAC:H2Eth,S=H1,D=H2Eth,S=H1,D=H2IGP LabelIGP LabelVPN Label=50VPN Label=50Eth,Eth,S=H1,D=H2S=H1,D=H2SrcMAC:H1DstMAC:H2BRKMPL-214185 202
97、3 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 2Full mesh VPWS connectivity is expensive(one p2p CE interface per neighbor)1.VPWS:Virtual Private Wire Service(e.g.EoMPLS)Host1Host2Host3Host4PE1PE2PE3BRKMPL-214186 2023 Cisco and/or its affiliates.All ri
98、ghts reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 2VPLS gives you a broadcast domain without O(N2)linksAllows you to connect together multiple DCs Bridge Virtual Switch Instances(VSIs)togetherStill a mesh of LDP(or BGP)sessions2.VPLS:Virtual Private LAN ServicevsivsivsiPE1PE2PE3BRKMPL-21418
99、7 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 2Two options:EVPN and PBB-EVPNEVPN=distribute MAC addresses in BGPPBB-EVPN=two levels of MAC addresses(B-MAC and C-MAC)Distribute B-MAC in BGP and learn C-MACs with standard Ethernet mechanismsPBB-EVP
100、N covered in the next few slidesSee BRKMPL-2333(“E-VPN&PBB-EVPN:the Next Generation of MPLS-based L2VPN”)for more details3.Ethernet VPN PBB=Provider Backbone BridgingBRKMPL-214188 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 2Q-Why come up with ne
101、w L2VPN methods?VPLS provides a full mesh mp2mp network,isnt that enough?Not really,EVPN and PBB-EVPN provide few advantages:Sophisticated load-balancingMulticast optimizationIncreased scaleWait a SecondBRKMPL-214189 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MP
102、LS Recap-Layer 2Those who have L2 requirements for data centers can have massive scaleReal example:customer with 1,000,000+MACs per DCChallenge:PEs would have to learn all MACs from all DCs(as in EVPN)O(106)MAC addresses is a lotMost sites dont need most MACsSolution:hierarchy(=PBBSolution:hierarchy
103、(=PBB-EVPN)EVPN)PEs advertise their B-MACs via BGPB-MACs are part of the packet on the wireDestination PEs learn client source MAC(C-MAC)by packet inspectionWhat follows is a very simplified explanationOmitted:BUM details,startup sequence,loadsharing/redundancy,B-MAC assignment,VLANs,3b.EVPN vs.PBB-
104、EVPNBRKMPL-214190 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 2PE1 only advertises its B-MACs in BGPEach site learns H1 C-MACs via data planeMinimize BGP requirementsStill need Ethernet learning/BUM3b.PBB-EVPN:Scales well.PE1PE2H1.H100,000H200,00
105、0H300,000RRRR BGP TableRR BGP TablePE1.B-MACvia PE1PE2.B-MACvia PE2PE1.BUMvia PE1PE2.Bumvia PE2PE2:(1)B-MAC per Vlan(approx)+BUMPE1:(1)B-MAC per Vlan(approx)+BUMMAC learning as necessary(hopefully 100k!)BRKMPL-214191 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MP
106、LS Recap-Layer 2Control plane is BGP,so Route Reflectors can be used for scale3b.PBB-EVPNB-MAC:045.1200.0004(PE1.BMAC)RD:1:1RT:100:100Label:42RRH1H2PE1R2B-MAC:047.06AB.F123(PE2.BMAC)RD:1:1RT:100:100Label:100Broadcast&Unknown Multicast(BUM)RD:1:1RT:100:100Label:200Reference SlideBRKMPL-214192 2023 Ci
107、sco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 23b.PBB-EVPN:ARP(1/2)PE1H1VID 100SMAC:H1DMAC:F.F.FARP-Req:H2?PE2H2Standard ARPFrom H1For H2Adds 802.1ah header(B-MAC src/dst)Adds BUM label from PE2Adds IGP label to reach PE2IGP LabelIGP LabelBUM Label:200BUM
108、 Label:200802.1ah802.1ah HeaderHeaderClient MAC(ARP)Client MAC(ARP)ARP-Reply:H2.MACPE2PE2 MAC tableMAC tableH1.MACPE1.B-MACPE1PE1 MAC tableMAC tableH1.MACH1.interfaceReference SlideBRKMPL-214193 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 23b.PBB
109、-EVPN:ARP(2/2)PE1H1VID 100SMAC:H2DMAC:H1ARP-Reply:H2.IPv4PE2H2ARP-Reply:H2.MACPE2PE2 MAC tableMAC tableH1.MACPE1.B-MACH2.MACH2.interfacePE1PE1 MAC tableMAC tableH1.MACH1.interfaceH2.MACPE2.B-MACAdds 802.1ah header(B-MAC src/dst)Adds VPN label from PE1Adds IGP label to reach PE2IGP LabelIGP LabelVPN
110、Label:42VPN Label:42802.1ah802.1ah HeaderHeaderClient MAC(ARP)Client MAC(ARP)Reference SlideBRKMPL-214194 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveQuick MPLS Recap-Layer 23b.PBB-EVPN:L2 Unicast,post-ARP PE1H1VID 100SMAC:H2DMAC:H1PE2H2PE2PE2 MAC tableMAC tableH1.MACP
111、E1.B-MACH2.MACH2.interfacePE1PE1 MAC tableMAC tableH1.MACH1.interfaceH2.MACPE2.B-MACIGP LabelIGP LabelVPN Label:42VPN Label:42802.1ah802.1ah HeaderHeaderClient MACClient MAC(data)(data)Reference SlideBRKMPL-214195EVPN-VXLAN Overlay 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Ci
112、scoLiveIP/BGP Fabric and EVPN-VXLAN Host Route Distribution decoupled from the Underlay protocolMultiProtocol-BGP(MP-BGP)on the Leaf nodes to distribute internal Host/Subnet Routes and external reachability informationRoute-Reflectors deployed for scaling purposesRRRRV V2 2V V1 1V V3 3BGP Route-Refl
113、ectorRRiBGP AdjacencyThis is how SPs scale VPN services on the WAN/MetroBRKMPL-2141101 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDCIDCIVXLAN Fabric Design with MP-iBGP EVPNVTEPVTEPVTEPVTEPVTEPVTEPSpineRRRRVXLAN OverlayMP-iBGP EVPNMP-iBGP SessionsNexus Leaf SwitchesL2
114、 and L3 VNIs(Bridge and Route)Anycast GWsL2 Attachment to Server/Hypervisor/vSwitchNexus7k and ASR9kL3 VNIs(Route)VRF Route-LeakingL3PVN StitchingeBGP PeeringRRRRBRKMPL-2141102 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVXLAN EVPN Fabric with MP-iBGP Design and VTSIP
115、transport devices.IOS-XR MP-BGP RRDeploy a pair for HASW and HW VTEPs run iBGP sessions with the dedicated XRv route reflectors.UCSVTFVTFCisco Virtual Topology ForwarderDCIDCIVTEPVTEPVTEPVTEPVTEPSpineVXLAN OverlayMP-iBGP EVPNeBGP PeeringVTEPUCSUCSXRvXRvBRKMPL-2141103 2023 Cisco and/or its affiliates
116、.All rights reserved.Cisco Public#CiscoLiveSP WANSP Routing and DC FabricPolicy for E2E Service agilityPolicy for E2E Service agilityVTEPVTEPVTEPVTEPVTEPVTEPVTEPVTEPVTEPVTEPVTEPVTEPLocal Application PolicyExtend Policy to Edge RoutingFederate Policy between sitesHybrid CloudSegmentation,Security,L4-
117、7VPN,Path selection,Inter-AS Path Optimization,ResiliencyCoordination of Control and Data plane policiesClient accessBRKMPL-2141104 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWhy Label Based Routing GiGi?E2E UNIFIED DATA PLANEE2E UNIFIED DATA PLANEPolicy enabled Path
118、Selection starting at the ApplicationNo extra Gateways to Encap/Decap traffic flowing between DCsNFV Traffic steeringNFV Traffic steeringVNFs distributed to the Edge of the networkData Plane OAM,Simplified Data plane forwarding,Service ChainsUnderlay OptimizationBRKMPL-2141105 2023 Cisco and/or its
119、affiliates.All rights reserved.Cisco Public#CiscoLiveApplication Engineered RoutingApplications express requirements bandwidth,latency,SLAsSDN controllers are capable of collecting data from the network topology,link states,link utilization,Applications are mapped to a path defined by a list of segm
120、entsThe network only maintains segmentsNo application stateSegment Segment RoutingRouting(SW upgrade)(SW upgrade)SDNSDNControllerControllerApplicationsApplications123BRKMPL-2141106 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVSAppAppToRSpineLSRBRBRDCWANBRDC controllerW
121、AN controllerApplication OrchestratorClassify Application flow and push SR segment list1Top segment provides ECMP-path to selected DCI2Next segments implement WAN Policy:Capacity Latency AvoidanceDisjointnessAnd select Egress BRs3DCILast segment selects egress peer 5Provide automated 50ms protection
122、 in case of failureStep by Step deploymentStep by Step deploymentLower OPEXLower OPEXOne system,Simple,One system,Simple,ScalableScalableFocus on main value:Focus on main value:The applicationThe applicationEndEnd-end cross domain end cross domain solutionsolutionApplication Engineered RoutingWith Segment Routing 4BRKMPL-2141107 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSegment Routing Full control and OAMFor Traffic Engineeringor for OAM BCNOZDPA9999Nanog57,Feb 2013BRKMPL-2141108#CiscoLive