Sunday, 5 May 2013

Data Center LAN Connectivity Design Guide

Design Considerations for the High - Performance Enterprise Data Center LAN


The data center LAN is a critical corporate asset, connecting servers, applications and storage services in the enterprise. This strategic tool supports vital day-to-day operations and is crucial for corporate success. The data center LAN faces a number of challenges as enterprises are centralizing applications and consolidating servers to simplify operations and reduce costs while business productivity increasingly depends on operations carried out at distributed branch offices. As businesses continue to expand across the globe, downtime is not an option—a data center LAN must efficiently operate 24x7.

These trends raise the density, scalability, throughput and high availability (HA) requirements of the data center LAN. Trying to support these needs with low-density, single-function legacy equipment is not only inefficient, it’s not cost effective, adversely affecting performance, reliability, valuable rack and cabinet space as well as driving power and cooling costs higher. Enterprises are also moving towards applications that use a Service-Oriented Architecture (SOA ) and also provide Software as a Service (SaaS), both of which present a new set of throughput, performance and HA requirements for the data center LAN. New technologies such as virtualization are needed to increase scalability, efficiency and lower total cost of ownership.

Trends and Challenges
  1. Centralization of Data Centers - To reduce costs, simplify operations and comply with regulatory guidelines, more and more enterprises are consolidating their data centers, In addition to HA requirements ensuring nonstop operations, centralization raises new latency and security issues for the data center LAN.
  2. Server Consolidation - Backup and security concerns must be addressed, and companies also demand consolidated, centralized management solutions that help reduce the time and resources devoted to keeping data centers online and operational.
  3. Virtualization - A technology used to share resources, makes single physical resources appear as many individually separate resources. Conversely it also makes individually separate physical resources appear as one unified resource. Virtualization can also include making one physical resource to appear, with somewhat different characteristics, as one logical resource. Virtualizing a network is enabled by various technologies that provide data-plane virtualization, control-plane virtualization and management-plane virtualization. An example of data-plane virtualization is using a using 802.1q VLAN tagging on single physical network interface to provide security to multiple network segments. Supporting multiple routing domains and protocol instances on a single router using Virtual Routers and/or VRF are examples of control-plane virtualization. Support for multiple logical firewall/VPN security systems using Virtual Systems (VSYS) in a single device is a management-plane virtualization example. Virtualization delivered via MPLS and VPLS also enable an ultra fast data center backbone network in order to meet the performance demands of the consolidated LAN architecture. Virtualization can enable multiple switches to act as one, simplifying device configuration and management while also increasing reliability and reducing potential choke points.
  4. Storage - As businesses increasingly rely on vast stores of data to make business decisions and meet compliance regulations, scalable, high-performance storage solutions are becoming a necessity for today’s enterprise. Fibre Channel still maintains a large portion of the SAN market, but the growing prevalence of gigabit Ethernet (GbE) and the simplicity of deploying and managing an Ethernet-based Network Attached Storage (NAS) are making iSCSI an attractive, low-cost alternative. Additionally, Ethernet-based NAS solutions more easily take advantage of virtualization to rapidly scale and provide HA. While 4 or 8 Gbps Fibre Channel offers a speed advantage over GbE, Network interface Cards (NICs) offering TCP Offload capabilities greatly enhance iSCSI performance. In addition, the emergence and adoption of lower-cost 10 GbE allows iSCSI to outperform Fibre Channel and accommodate any high-speed storage needs.
  5. Service Oriented Architecture (SOA) - In an SOA -based environment, services exchange messages to interoperate, in some instances generating millions of messages each, which can impact LAN bandwidth needs. Web services are often used to implement SOA and provide ubiquitous access to the applications. Web services put extra processing demands on servers while also increasing network bandwidth requirements as Web-based applications use far more bandwidth than client-server applications. Virtualization is often used in SOA environments to increase the reliability of services and help scale capacity. SOA also broadens application access to internal and external users, raising security concerns. Additional security issues are raised as application services expose capabilities to other applications which require a different level of security.
  6. Software as a Service (SaaS) - Many common enterprise applications, such as customer-relationship management (CRM), human-resource management (HRM) and supply-chain management (SCM), can now be delivered in the Software as a Service (SaaS) model. Many of these Web-based services require, in certain instances, more than 10 times the bandwidth of their LANbased counterparts, seriously impacting performance, reliability, availability and bandwidth requirements
  7. An Increasingly Decentralized Workforce -  As employees in remote or branch offices become increasingly dispersed across different time zones, HA time requirements also increase. In addition, virtualized operations have expanded enterprise user populations beyond employees to include contractors, consultants, business partners and customers who may be anywhere in the world.
  8. Green and Environmentally Friendly Data Center - As old data center facilities are upgraded and new data centers are built, it is important to ensure that the data center network infrastructure is designed for maximum energy and space efficiency as well as a minimal environmental impact. Power, space and cooling requirements of all network components must be accounted for and compared with different architectures and systems so that the environmental and cost impacts across the entire data center as a whole can be ascertained—even down to the lighting. Many times, it might be more efficient to implement high-end, highly scalable systems that can replace a large number of smaller components, thereby delivering energy and space efficiency.
  9. The Proliferation of Unified Communcations - The adoption of Unified Communications systems that combine voice, video and data services is on the rise. Such deployments have a direct impact on the high-performance and HA requirements of a data center LAN. For example, not only must adequate LAN and WAN bandwidth be provisioned, but quality of service (QoS) rules must identify, classify and prioritize traffic to deliver effective VoIP communication services.
  10. Increasing Focus on Security - As employees and non-employees are being granted an ever-widening range of network access, robust security is necessary at all levels in the corporate and data center LANs. IT must protect applications, data and infrastructure by applying appropriate access controls without inhibiting user efficiency or negatively impacting application performance. IT must also mitigate risks from untrusted sources such as non-employees, whose PCs and networks are not under IT control. The move to globalize and virtualize the enterprise puts new demands on IT to secure remote access communications and protect site-to-site communications, including connections between data centers and from data centers to backup sites. IT must also fortify the network perimeter as increasing volumes of Web and other traffic types flow across it.
Data Center Network Design Considerations


A new data center LAN design is needed as legacy solutions cannot meet these key requirements, nor reduce costs and streamline operations. The LAN design must also scale and accommodate emerging computing trends and additional network services without an entire redesign. The new design should be architected in order to maximize efficiency gains from technologies like virtualization.

  1. Services Required in the Data Center - The following high-level services are required of data centers to provide carrier-class network service throughout the enterprise and thus optimize efficient business operations. Each of these areas is addressed in more detail in this document and, where appropriate, additional considerations or challenges for a specific service, feature or data center category are presented.
  2. High Availability (HA) - With the consolidation and centralization of servers and resources, HA is a key requirement from the data center LAN. Redundancy of critical subsystems and seamless failover are needed for routers, security appliances, and any other devices on the user-to-data center path. Designing HA into the data center network requires consideration of three key aspects.  Network devices deployed within the data center should support device-level HA with components such as redundant power supplies, fans and route engines. The operating system software running on data center network devices should have a modular architecture so that software failures will be isolated to a single process and not impact other critical operating system services, ensuring system and network availability. Features such as in-service software updates (ISSU ) also maintain network availability while still providing network software updates. Network availability should be enabled by using combinations of redundant devices and path (for both external and internal connectivity) and critical device redundancy to ensure network operations and business continuity. Operational availability denotes a set of network operating system attributes that ensure simple and efficient operation of the data center network. Network devices must support open management standards and consistent software features for simple, error-free configuration that maintains network availability. Also, network devices should support scripting to enable automation of operational tasks that free resources for other, more critical tasks.
  3. Visibility - Visibility into network traffic and security events is important in order to effectively maintain and manage network resources. Real-time and historical reporting enables IT to maximize performance and availability across the entire data center infrastructure, meet regulatory requirements, and plan for future capabilities and capacity. Collecting IP traffic flow statistics can give enterprises valuable insight into areas such as data flow, resource utilization, fault isolation, capacity planning, tuning and offline security analysis. WAN utilization and user-level visibility can help IT better support application performance by leveraging network services and other resources. Security visibility is crucial to granularly view security events to help determine how these events get handled. Further, extending this visibility to develop a deeper understanding of application-specific traffic is crucial for understanding operational and performance patterns that can impact bottom-line productivity. For example, compression and acceleration technologies can be applied at the network layer to accelerate email applications, or application-based policies can ensure that business critical applications meet or exceed performance requirements when other non-essential bandwidth hungry services like YouTube are accessed.
  4. Network Connectivity - Customers, partners and employees all require fast access to applications and information. Connectivity has to be absolutely reliable, consistent and provide low latency. Modern applications, especially those provided as a Web service, demand significant network performance. At the same time, the challenge of working from any location in or out of the enterprise further increases complexity. The following critical aspects of external network connectivity need to be considered as part of the data center network design :  High-speed (10 GbE) LAN connectivity for servers and storage devices,  WAN connectivity to enable branch office and campus users to access applications and shared resources,  Internet connectivity to enable partner access as well as secure remote access for remote and mobile users, Super-fast data center backbone connectivity for purposes of data replication and business continuity and use of technologies like VPLS/MPLS. The data center LAN hosts a large number of servers that require high speed and highly available network connectivity. Multiple LAN segments and networks may be deployed with differing levels of security, capacity and other services. Local server connections of one gigabit per second or greater for local servers, with a forward view towards the proliferation of 10 GbE, and also utilizing 10 GbE for connecting to upstream or downstream devices should be a consideration.
  5. Security - Security is critical to the entire corporate LAN and especially to the data center LAN. Access to centralized networks and applications must be ubiquitous and pervasive, yet remain secure and controlled. The security design must employ layers of protection from the network edge, through the core, and both in front of and between the application computing systems, providing in-depth defense. The protection must be integrated into the network operating system and not simply layered on top. A tiered, integrated security solution protects critical network resources that reside on the network. If one tier fails, the next tier will stop the attack and/or limit the damages that may occur. This allows an IT department to apply the appropriate level of resource protection to the various network entry points based upon their different security, performance, and management requirements. Today’s data center networks needs not only to effectively handle unmanaged devices and guest users attemptingnetwork access; they also need to support unmanageable devices, post admission control, and application access control, visibility and monitoring. In addition to Unified Threat Management (UTM) services, security policies supporting demilitarized zones (DMZs), ensuring quality of service , mitigating Denial of Service (DoS) and distributed DoS (DDoS) attacks and threats, and ensuring that the organization meets compliance criteria are needed. All security policies should be centrally managed and remotely deployed.
  6. Policy and Control - Policy-based networking is a powerful concept that enables efficient management of devices in the network, especially within virtualized configurations, and can be used to provide granular network access control. The policy and control capabilities should allow organizations to centralize policy management while at the same time offer distributed and even layered enforcement. The network policy and control solution should provide appropriate levels of access control, policy creation and management, and network and service management, ensuring secure and reliable networks for all applications. The data center network infrastructure also should easily integrate into customers’ existing management frameworks and third-party tools such as IBM Tivoli and HP software and also provide best-in-class centralized management, monitoring and reporting services for network services and infrastructure. 
  7. Quality of Service (QoS) - For optimal network performance, QoS is a key requirement. QoS levels must be properly assigned and managed to ensure satisfactory performance for various applications through the data center and across the entire LAN. A minimum of six levels of QoS are recommended, each of the following determines a priority for application of resources:  Gold Application Priority, Silver Application Priority,  Bronze Application Priority, Voice, Video, Control Plane. In MPLS networks, network traffic engineering capabilities are typically deployed to allow configuration of Label Switched Paths (LSP) with the Resource Reservation Protocol (RSV P), LDP, or BGP. This is especially critical with voice and video deployments as QoS can mitigate latency and jitter issues by sending traffic along preferred paths, or by enabling fast reroute in anticipation of performance problems or failures. The LAN design should allow the flexibility to assign multiple QoS levels based upon end-to-end assessment and allow rapid and efficient management to ensure end-to-end QoS throughout the enterprise.
  8. High Performance - To effectively address performance requirements related to virtualization, server centralization and data center consolidation, the data center network must offer high-capacity throughput and processing power with minimal latency. The data center LAN also must boost the performance of all application traffic, be it local or remote. The data center must offer a LAN-like user experience for all enterprise users regardless of their physical location. In order to accomplish this, the data center network must enable optimization for applications, servers, storage and network performance. WAN optimization techniques including data compression, TCP and application protocol acceleration, bandwidth allocation, and traffic prioritization are used to improve performance of WAN traffic. These techniques can also be applied to data replication, backup and restoration between data centers and remote sites, including disaster recovery sites. Beyond WAN optimization, critical infrastructure components such as routers, switches, firewalls, remote access platforms and other security devices must be built on non-blocking modular architecture. This ensures that they have the performance characteristics necessary to handle the higher volumes of mixed traffic types associated with centralization and consolidation, as well as the needs of users operating around the globe.