Networking

All about SDN

Posted on Updated on

I’ve recently been coming up to speed on an innovative, disruptive new technology named Software Defined Networking (SDN). It’s likely the most significant development in the networking industry for many years to come. With the promise of substantially streamlining network provisioning, management and configuration, SDN strictly speaking is about decoupling the control (Layer3) and forwarding (Layer2) planes. There is certainly the potential for rippling disruptions in the established network industry (Cisco…) as the “brains” for the network move towards software and out of the hardware.

My approach to rapidly familiarizing with any new technology is to read and absorb as much as possible, while at the same time getting hands-on exposure. Accordingly, here are some suggested resources-

1. Network World offers regular coverage of SDN-related updates, here is a recent overview. For a less technical viewpoint, read this article from Economist magazine. For networking techies, go to the Open Networking Summit , and check out their Video archive of conference sessions. Nick McKeown’s keynote video “How SDN Will Shape Networking” is an excellent introduction.

2. Register for the free OpenFlow Tutorial to learn about the primary SDN protocol, OpenFlow. You’ll get to build a real SDN switch, capture OpenFlow packets and maybe get into some Python.

Another useful free online course is the SDN class offered by Coursera , taught by Dr. Nick Feamster of Georgia Tech. Keep in mind this class is highly technical, and assumes a prior advanced knowledge of network engineering.

Enjoy and Happy Fourth!

P.S. On Twitter, here are my favorite sources on SDN  – @etherealmind @openflownetwork @sdn_news @openNetSummit @openflow @nicira

Advertisements

Building an iSCSI SAN for VMware for Under $300

Posted on Updated on

In recent months, I’ve been assembling a lab to provide a test-bed for various network and infrastructure applications. My current role at Dell often involves multi-vendor networks, so having an easily accessible test bed including Cisco, Dell, Juniper and HP devices can be very useful for interoperability troubleshooting such as Spanning Tree Protocol.

I wanted to provide a robust virtual infrastructure, and in my experience that usually means VMware. I’m fortunate enough to have extra ESX Enterprise and Plus licenses from VMware partner registration. To utilize all the most useful VMware features like Vmotion and HA, a shared storage system is required. In addition, I wanted to incorporate as many iSCSI “best practices” such as using dedicated infrastructure, dedicated VLAN and Jumbo Frames without breaking the bank.

Without an extra $1-2 K on hand to go out and purchase a full-blown iSCSI SAN such as EqualLogic or Compellent (shameless Dell plugs), and already having a home NAS set up, my goal was to assemble a SAN utilizing as much extra or existing hardware as possible and of course limiting new expenses.

For my purposes, performance took precedence over storage capacity, and redundancy was not as important as keeping costs down (and streamlining design).

Ingredients:

Configuration:

  • I was able to re-purpose an unused PC for the iSCSI Starwind server, w/dual core CPU, 3 GB RAM, and Windows 7 Home. Starwind Free Edition doesn’t require a server OS so that was helpful.
  • The Intel GigE NIC was installed into the PC for a dedicated NIC to the iSCSI network, separate from the LOM.
  • The SSD was installed into the spare PC, and presented as a new iSCSI device.
  • I thought I had a 9 pin F-F cable already but didn’t…not common these days, anyway got lucky finding the last one in stock at Fry’s 🙂

Caveats:

  • For the SAN server, ideally this should be a Windows or Linux server O/S, however my hardware was more than adequate.
  • Starwind is a good option for Windows users, OpenNAS is an option for Linux folks.
  • JUMBO FRAMES are a MUST!! Jumbo Frames must be enabled end to end for optimal performance, and must be supported on the physical switch for starters. In addition, you’ll need to update VMware components for Jumbo frame support including vSwitch, port group, VMkernel, and guest OS NIC adapter. Here’s a great article on configuration for VSphere 4.
  • It’s always a good practice to create a separate VLAN for iSCSI as well.
  • LAN cables not included

Results:

  • I’m very pleased with my new iSCSI-based shared storage system, supporting VSphere 4 on (2) Dell SC1425 64-bit 1U servers. Responsiveness is snappy within VI Client, as well as within RDP for Windows guest VM’s.
  • VMotions on shared storage: 20-30 seconds, not bad compared to Enterprise-class SAN’s which I’ve observed at 10-20 seconds.

Here are my two Dell SC1425 servers, each with (2) 3 Ghz Xeon CPU’s and 6GB RAM, with dedicated 1 GB NIC’s for the iSCSI network.

Cisco Nexus 5596’s with Redundant Uplinks to Catalyst 6509 Core’s Using vPC

Posted on Updated on

I recently had the opportunity to deploy a Cisco Nexus solution 5596UP switches for a healthcare customer. The Nexus switches represent Cisco’s presence in the Converged Fabric segment, which is gaining momentum recently as more IT shops seek to streamline datacenter infrastructure towards a “private cloud” approach. The Nexus 5000 series is primarily aimed at the edge, with Layer 3 capabilities available as an add-on.

The Nexus switches support vPC (Virtual Port Channels), which “allows links that are physically connected to two different Cisco Nexus 5000 Series switches or Cisco Nexus 2000 Series Fabric Extenders to appear as a single port channel by a third device.” (Cisco)

Here is a diagram of the planned configuration of vPC uplinks between the Nexus 5596UP and Catalyst 6509 (core) switches:


To setup vPC on the Nexus switches, first you need to create a vPC peer-link between the pair of Nexus switches. The peer-link must include at least 2 interfaces.

feature vpc
vpc domain 1
  role priority 4096
  system-priority 2000
  peer-keepalive destination 192.168.100.20
  auto-recovery

interface port-channel20
  switchport mode trunk
  vpc peer-link
  switchport trunk allowed vlan 100,103-104,901
  spanning-tree port type network

interface Ethernet1/23
  description Link 1 to 5596-sw2
  switchport mode trunk
  switchport trunk allowed vlan 100,103-104,901
  channel-group 20 mode active

interface Ethernet1/24
  description Link 2 to 5596-sw2
  switchport mode trunk
  switchport trunk allowed vlan 100,103-104,901
  channel-group 20 mode active

Repeat on the 2nd Nexus switch.

Next you need to create the virtual port-channels on the Nexus side. We will create one port-channel per uplink interface.

interface port-channel1
  switchport mode trunk
  vpc 1
  switchport trunk allowed vlan 100,103-104,901

interface port-channel2
  switchport mode trunk
  vpc 2
  switchport trunk allowed vlan 100,103-104,901

interface Ethernet1/1
  description uplink to Core1-7/8
  switchport mode trunk
  switchport trunk allowed vlan 100,103-104,901
  spanning-tree guard loop
  channel-group 1 mode active

interface Ethernet1/2
  description uplink to Core2-6/7
  switchport mode trunk
  switchport trunk allowed vlan 100,103-104,901
  spanning-tree guard loop
  channel-group 2 mode active

Again, repeat for the 2nd Nexus switch.

Notice that spanning-tree Loop Guard has been enabled on the uplinks to prevent STP looping issues. Also, the Allowed VLAN’s should match the VLAN ID’s allowed in the peer-link.

Finally, create the port channels on the Catalyst side. Here we will create ONE port channel per Catalyst, consisting of the uplinks from each Nexus switch, so that the Catalyst will see the Nexus pair as a single switch. Until this step is complete, the vPC status will show as down.

interface Port-channel200
 description “Connection to Nexus”
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 spanning-tree guard root

interface TenGigabitEthernet7/6
 description NEXUS SW2 PORT1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 spanning-tree guard root
 channel-group 200 mode active

interface TenGigabitEthernet7/8
 description NEXUS SW1 PORT1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 spanning-tree guard root
 channel-group 200 mode active

Repeat this process for the 2nd Catalyst switch.

Now the vPC status should show as up-

5596-sw1(config-if)# sh vpc
Legend:
                (*) – local vPC is down, forwarding via vPC peer-link

vPC domain id                   : 1   
Peer status                     : peer adjacency formed ok      
vPC keep-alive status           : peer is alive                 
Configuration consistency status: success
Per-vlan consistency status     : success                       
Type-2 consistency status       : success
vPC role                        : primary                       
Number of vPCs configured       : 2   
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : –
Graceful Consistency Check      : Enabled

vPC Peer-link status
———————————————————————
id   Port   Status Active vlans    
—   —-   —— ————————————————–
1    Po20   up     1,100,103-104                                            

vPC status
—————————————————————————-
id     Port        Status Consistency Reason           Active vlans
—— ———– —— ———– ————————– ———–
1      Po1         up     success     success                   1,100,103-104         
2      Po2         up     success     success                  1,100,103-104    

Here
is a useful Cisco reference document on vPC for the Nexus 5000 series.

Notes:

  • This configuration only applies if there is NOT VSS established between the Catalyst 6509 core’s.
  • You can rely on Spanning Tree for establishing redundant links from a Nexus pair to dual Core’s, with only one uplink marked as active by STP. This customer insisted on getting the aggregated bandwidth from both 10Gb uplinks, as they planned to converge additional applications onto the Nexus in the future.
  •  If at all possible, you should test this configuration in a lab before production deployment. At a minimum, deploy these changes during a maintenance window as there is a risk of network outage mainly due to looping behavior – spanning-tree root guard, loop guard are strongly recommended!

Happy vPC’ing!

Just a Plug

Posted on Updated on

I’ve known about but shied away from powerline-based adapters in the past. Working in data centers on a routine basis, I’m used to CAT5/6 whenever possible, and wireless second. Having just moved into a new house with enough free space in the garage for a lab setup, I wanted to extend my network without playing the roll-your-own cable game, and stressing my knees while drilling holes, so I decided to test out the ZyXEL HomePlug Powerline adapter.

Have to say that I was impressed at how simple setup was, just connect one adapter w/LAN cable into my core switch, install the other adapter into outlet in the garage and was online in no time. There is an encryption feature too, though I probably won’t be using it. The marketed speed is 200 Mbps which I have not yet tested, however speed tests through my ISP (Verizon FiOS) to the Internet were comparable to wired connections.

Network and Application Analysis Tools

Posted on Updated on

I’m currently evaluating network analysis tools to support with assessment projects at Dell.

On a recent onsite engagement, a colleague suggested that I check out Fluke Networks’ ClearSight Analyzer for application analysis. I was really impressed with its ease-of-use, and ability to quickly highlight application layer traffic. It provides real-time monitoring through an intuitive, appealing display.
ClearSight Analyzer also supports Wireshark format captures, though it appeared to provide reduced detail for analysis compared to native ClearSight capture files. It also highlights errors or issues detected with a particular network flow. I’m finding that more projects are requiring network assessment and analysis to extend up to layer 7, so this tool from Fluke definitely deserves a closer look.

As well, I plan to dive deeper into Opnet’s Application Performance management Suite, in particular AppResponse Expert.

In the meantime, I always like to plug open-source projects, and Wireshark is absolutely a must-have tool for network analysis. It does demand some investment to uncover more advanced functionality, but the effort is well worth it simply for the exposure to application-specific protocols and data traffic.