Placement of application networking services (ANS) inside the data center is an important aspect in data center designs. WAAS is considered an Application Networking Service (ANS) and hence deciding interception points for WAAS traffic is relevant.
Hierarchical Data Center Networks
Typical data center design comprises of a three-tier design model or even four tiers in case the WAN edge is also considered. The layers establish distinct functional components.
The core layer is a high-speed modular hub providing connectivity to DC components like aggregation blocks and DMZ and to external entities such as the WAN, intranet, and extranet. The data center core is a Layer-3 domain where efficient and non-blocking forwarding of packets is the fundamental objective. To this end, the datacenter core is built with high bandwidth links and employs routing best practices to optimize traffic flows and allow for fast convergence.
A core infrastructure block consists typically out of 2 or 4 high-end modular data center switches. In theory a design without a core infrastructure is possible but it infers unclear boundaries between functionality and becomes very fast an impediment for controlled expansion of the data center. A dedicated data center core layer is recommended in large scale data center environments.
Some core infrastructure is involved with MPLS either as P or PE device depending on the termination layer of MPLS/VPN. If MPLS/VPNs are terminated in the core, continuation of path- and service-segregation should be carefully considered.
The aggregation layer is a point of convergence for network traffic; it provides connectivity between server farms and end nodes at the access layer and other networks via the core. The aggregation layer provides a controlled entry and exit point into the server access layer, provides Layer-2 and Layer-3 demarcation functionality, and has Layer-2 features implemented. As a result it is an ideal insertion point for application and security services. Such data center services are shared across the access layer server farms, and provide common services in a way that is efficient, scalable, predictable, and deterministic.
The primary role of the access layer is to provide the server farms with the required network connectivity and port density. The access layer must be a flexible, efficient, and predictable environment to support client-to-server and server-to-server traffic. A Layer-2 access layer typically meets these requirements by providing a Layer-2 adjacency between servers and service devices where necessary and a deterministic, fast converging, loop-free topology.
The WAN edge component provides connectivity from the data center core or campus core to branch and remote offices or other external locations via a WAN cloud. The WAN edge allows for aggregation of links from various service provides and allows terminating links with different network layer characteristics, e.g. varying Layer-2 protocols and Layer-3 routing protocols. Multiple routing protocols towards providers are translated into an IGP at this layer. Connections are typically aggregated from different from the branch office to the WAN edge.
Suitability of WAAS Integration at the Different Layers
In theory, Application Networking Services or more specifically WAAS can be integrated at multiple places in the network path. To achieve maximum benefits, optimum placement of the WAE devices between clients and servers is essential. Incorrect configuration and placement of the WAEs can lead not only to poorly performing applications, but in some cases, network problems can potentially be caused by high CPU and network utilization on the WAEs and routers. Worst case, in case of traffic asymmetry, traffic may get dropped completely.
The aggregation layer is the ideal and recommended insertion point for ANS including WAAS. It provides following benefits:
· For high-availability reasons, aggregation routers get ideally and typically deployed in pairs. Should an aggregation layer consist of more than two routers, then integration of ANSs becomes challenging. Main reason is that ANSs are deployed in active/standby pairs. Therefore, if an aggregation layer is implemented by a pair of routers, then such a layer provides a deterministic entry and exit point from the access layer.
. As a direct result, asymmetric routing is not an issue as long as pairs of devices are deployed on the aggregation layer.
· While data encryption services are available on the WAEs, it is still good practice to protect WAEs against regular user access by placing them in a secured environment. Application layers typically allow for such security mechanisms. While FWs may not always be suitable for WAE protection, packet filter lists are.
· WAAS integration typically requires a few LAN features to be implemented. Depending on the technology chosen, HSRP, VRRP, WCCP, or port channels may be required. Again, depending on the integration technology, stretched VLANs are also required.
· Site-to-site encryption is typically implemented on an aggregation layer.
Generally speaking, the data center core layer is not the most suitable place for inserting ANSs. Main reasons can be directly derived from the expected attributes from a data center core.
· While many core layers may momentarily consist of a pair of routers, there will be scalability limitations in case where the core layer has to be expanded to more than two routers in order to account for more port density or specific design topologies. Inserting ANSs in network layers consisting of more than two routers is complex and possibilities are limited.
· Challenges for ANS integration exist in case where a data center core shall support path segregation by the use of MPLS/VPNs or Multi-VRF. While in case of MPLS/VPNs no possible options exist (other then terminating the VPNs on PEs), Muti-VRFs can possibly be supported depending on the integration method chosen.
Some platforms support VRF-aware WCCP and VRF-aware PBR. Likewise, a hardware load-balancer such as the Cisco ACE can be implemented in Multi-VRF environments by leveraging the product?s virtualization possibilities.
· It has been pointed out that throughput, performance, scalability and fast re-convergence after failures are attributes that typically in conflict with ANSs.
· As encryption services are implemented many times between a branch and the data center aggregation layer, there may only be encrypted traffic in the core, thus limiting the optimization benefits.
The attributes expected from a WAN edge are very similar compared to a data center core. There maybe additional challenges. A WAN edge could be managed by a service provider, thus making the operation of WAAS (connected to managed devices) very complex from an operational perspective. Furthermore, a WAN edge may be implemented by more than two routers, potentially connecting to multiple service providers. In such a case, traffic symmetry could become an issue.
Hello everyone, is there any smart way of assigning EPGs/Vlans static to multiple Ports at once? Let's assume we have an installation with many leafs and many VmWare ESX-Hosts connected to this leafs but no VMM integration.So, everytime there is...
Hi all, I have a Nexus 9k switch running the latest 9.3.3 NX-OS software. It's querying a modern Cisco router which is acting as an NTP server. This NTP server communicates with dozens of various other devices at either NTP v3 or v4 depending on thei...
Hello,I am reviewing an existing production configuration and have some questions about the adjacency server configuration. Please see the below diagram with the existing adjacency config. I read through the Cisco article https://www.cisco.com/...
Hi,2 questions here : 1. if a campus network has only access layer switches in the buildings of the campus and multiple distribution layer switches in the datacenter building, is it recommended to aggregate the traffic from the DILs with a core layer...
Hi All , We have pair of 5020 ( VPC ) which will be refreshed with 5596 UP switches.We have 6 x Fexes which are connected to 5020 in dual homed manner. My question is when we are moving uplinks of Fex from 5020 to 5596 switches , what kind...