Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   Avaya Networking Products (http://support.avaya.com/forums/forumdisplay.php?f=25)
-   -   Avaya Network Designs (http://support.avaya.com/forums/showthread.php?t=1009)

mayler 08-17-2011 10:55 AM

Avaya Network Designs
This forum has been really quiet, so I thought I would shoot out some thoughts I'm having. My organization is looking to replace our existing networking equipment within the next couple of years, since our 8600's (with E and 8692SF modules) are going to be discontinued in 14/15(?).
Our senior NE came up with a design that we "should" stick to. It's completely different from what we're doing now, but the thought is that this solution should provide for more security as close to the edge as possible. So we're looking at the Cisco Network Design Model (L2 access, L3 distribution, L2 core). I like our existing design but meh, whatevs. I can still do this with Avaya in my opinion.

We are medium size, 3500 computers, 3 blade centers, 100 remote sites connected mostly with fiber, 50 or so sites via WAN. We have a Fiber Ring around the city that terminates at different campus sites.

I'm thinking of using the new 8803R or 8806 chassis at the Distribution Layer, (8895SF, 8834XG and/or 8848GB) routing for access, ospf as routing protocol, connecting to other distribution layer boxes via a core comprised of just two VSP 7000's, one at campus A, and one at campus B. These VSPs will be peer'd via a 20Gbps iST, with (2-4Gbps) sMLT's to each distribution layer box.

Regarding the VSP 7000, I can't find any documentation at support.avaya.com, but I'm having a conference call today with Avaya to confirm what I got from their "marketing" white paper. Anyone have suggestions? I'm open to ideas, suggestions, criticism...



alvinewe 08-23-2011 09:14 PM


Seems that this forum is really quiet, I am new in Avaya...and from my discussion that I had some team members.

The VSP7000 comes with 24 ports SFP which is capable of doing 1GE/10GE SFP modules. It has a backplane of 1.2Tb on the swicthing capacity and currently does only Layer 2 for now (Later realease will be able to support Layer 3).

I guess your design looks pretty standard to industry. Meaning to have Layer 2 on the Access and Aggregration layer, and Layer 3 Routing on the Core.

ludovicostev 08-29-2011 07:24 AM

SMLT Clustering support will be in a later VSP7000 release (probably 10.3).
Not sure a L2 core is a good solution.

You should consider a new design leveraging Avaya's VENA architecture with SPB (Shortest Path Bridging) which is already fully supported on the ERS8800 (VSP7000 will pick up SPB support in 10.2 next year).

All nodes run IS-IS which is now used to give you a virtual switch fabric (all nodes running SPB) which is your infrastructure. IS-IS will also work on any physical topology whether regular/symmetric or not (e.g. ring topologies); always ensuring shortest path routing.

On top of that you can then deploy conventional (non virtualized) IP routing (IS-IS used to advertize IP routes); and/or Virtual Switched Networks (VSNs) which can be L2 (extending VLANs = L2 VSNs) or L3 (extending VRFs = L3 VSNs).

In this new model, the user VLANs are only configured at the edge, up to the distribution layer, where they might (or might not) have IP interfaces to act as gateways into the network.
But in the core of the network you do not have any user vlans, nor IP addresses; only IS-IS with SPB.

mayler 08-29-2011 03:26 PM

No L3 capability in the VSP 3000 means no iSt or virtual chassis. That's a deal killer. But we don't plan on moving towards anything for a couple years. Since we're government, it takes time to plan and get the money to do anything. I think VENA deserves a good study in my environment. I'll give it a read and post any questions here.

Our existing topology seems to be perfect if you ask me. But my fellow NEs would like to 'simplify' the network by routing at the distribution layer, and reducing a lot of hardware.

Check out the existing topology:
The Blue Switches are L3 Physical Switches, using RSMLT for redundancy. As you can see there are two IST's in this picture. ITD and KAN are virtually one router, same for HIG and New Gov Center. All of the devices are 8606 chassis, except McMillan. But the question about this design is...where do you install an IPS &/Or IDS? It's all Multi Mode and Single Mode Fiber (some connections are 40kilometers, some 1k).


ludovicostev 09-05-2011 01:12 AM

4 Attachment(s)

>> "But my fellow NEs would like to 'simplify' the network by routing at the distribution layer, and reducing a lot of hardware"

Well, in fact with SPB that is exactly what you get.

On an SPB network traffic forwarding within the core is L2 (along IS-IS shortest paths; you can think of SPB as MAC routing, so technically it's L2, because it only runs on L2 Ethernet, but conceptually it is using a Link State protocol which traditionally we have always associated with L3 routing)

The only place where you will get L3 IP routing on an SPB network, is on the distribution nodes, where your VLANs and IP interfaces (Gateways for end users) exist.

The following diagram shows how IP routing would work over an SPB network (let's see if I can paste my diagram in the WYSIWYG !):

<obvioulsy not!, so 1st pic below>

Note that there are only 2 routing IP hops across the above network; i.e. the TTL of IP packets will decrement by 2 (not 3).
The SPB trick is that IP routes have as next-hop the BMAC of the egress distribution node; so IP routed packets get sent directly from the ingress SPB node to the egress SPB node who has (been advertizing over ISIS) the destination IP route, over the SPB shortest path (there is no need for IP routing inside the core). We refer to these as IP shortcuts, because that descruibes them fairly well.

The above shows native (VRF-0 / non-virtualized) IP routing over SPB.

You can also extend virtualized IP routing instances (VRFs), like this:

<2nd pic below>

Note that since we are virtualizing now, we have to assign a virtualization instance id (the I-SID) which is the great advantage of SPB (over TRILL).

The I-SID is used to keep IP routes belonging to different VRFs separate in the control plane (ISIS) and to keep the packets separate in the Data plane (SPB uses the 802/1ah MACinMAC encapsulation which encodes the I-SID in the packets)

Likewise, if you wanted to extend a L2 VLAN across the network:

<3rd pic below>

So the SPB network becomes like one logical fabric, over which any networking service type can be easily deployed.

All of the above is available today on the ERS8800/8600 in software 7.1 provided you have R/RS modules and either an 8895CPU or an 8692CPU with SuperMezzanine.
SPB is also on the roadmap for the VSP7000 later next year.
We also fully support SMLT/RSMLT at the edge of the SPB network, so a pair of 8800/8600s can act as a logical SPB edge node from the user VLANs perspective.

Note that SMLT clustering becomes useless inside the SPB core, since the SPB core no longer has any user VLANs/IP interfaces.

Coming to your question about where to put an IDS/IPS...

...the beauty of SPB is that you are now effectively decoupling the network services (VSN be it L2 or L3, or non virtualized IP shortcuts) from the infrastructure.

So user VLANs can be easily extended and dropped anywhere across the network; likewise the default gateway for a given user VLAN can be anywhere on the SPB network (it does not have to be on the nearest distribution nodes); you simply extend the VLAN with a L2 VSN wherever you want the IP routing instance to be for it.

So things like Firewalls, IDS, IPS which previously needed to be physically inserted into the physical topology to intercept the traffic, can now be conveniently located wherever it makes more sense or it is more practical. You can then simply force your traffic over/through these devices by deploying VSNs which take the traffic to them.

And finally the design of the physical infrastructure becomes much simpler with SPB since it is now simply an exercise about feeds and speeds and deploying sufficient nodes to have redundancy and alternate paths in case of failures. The decision to deploy a tier2 or tier3 network is no longer influenced by the desire to fit to a certain IP addressing structure/scheme. So, depends on the network, but an SPB core can be cheaper/more cost effective.

Hope this helps!

mayler 09-06-2011 12:41 PM

Thanks for taking the time to explain all of that. You've got me excited about SPB. I'm going to jump into SPB this week and create a new proposal. I'll be sure to share it here.

All times are GMT -7. The time now is 03:16 PM.