Avaya Support Forums  

Go Back   Avaya Support Forums > Avaya Networking Products

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 08-17-2011, 11:55 AM
mayler mayler is offline
Hot Shot
 
Join Date: Jul 2011
Posts: 23
mayler has 10 reputation points
Default Avaya Network Designs

This forum has been really quiet, so I thought I would shoot out some thoughts I'm having. My organization is looking to replace our existing networking equipment within the next couple of years, since our 8600's (with E and 8692SF modules) are going to be discontinued in 14/15(?).
Our senior NE came up with a design that we "should" stick to. It's completely different from what we're doing now, but the thought is that this solution should provide for more security as close to the edge as possible. So we're looking at the Cisco Network Design Model (L2 access, L3 distribution, L2 core). I like our existing design but meh, whatevs. I can still do this with Avaya in my opinion.

We are medium size, 3500 computers, 3 blade centers, 100 remote sites connected mostly with fiber, 50 or so sites via WAN. We have a Fiber Ring around the city that terminates at different campus sites.

I'm thinking of using the new 8803R or 8806 chassis at the Distribution Layer, (8895SF, 8834XG and/or 8848GB) routing for access, ospf as routing protocol, connecting to other distribution layer boxes via a core comprised of just two VSP 7000's, one at campus A, and one at campus B. These VSPs will be peer'd via a 20Gbps iST, with (2-4Gbps) sMLT's to each distribution layer box.

Regarding the VSP 7000, I can't find any documentation at support.avaya.com, but I'm having a conference call today with Avaya to confirm what I got from their "marketing" white paper. Anyone have suggestions? I'm open to ideas, suggestions, criticism...



?

Last edited by mayler; 08-18-2011 at 01:34 PM.
Reply With Quote
  #2  
Old 08-23-2011, 10:14 PM
alvinewe alvinewe is offline
Member
.
 
Join Date: Aug 2011
Posts: 3
alvinewe has 10 reputation points
Default

Hi,

Seems that this forum is really quiet, I am new in Avaya...and from my discussion that I had some team members.

The VSP7000 comes with 24 ports SFP which is capable of doing 1GE/10GE SFP modules. It has a backplane of 1.2Tb on the swicthing capacity and currently does only Layer 2 for now (Later realease will be able to support Layer 3).

I guess your design looks pretty standard to industry. Meaning to have Layer 2 on the Access and Aggregration layer, and Layer 3 Routing on the Core.
Reply With Quote
  #3  
Old 08-29-2011, 08:24 AM
ludovicostev ludovicostev is offline
Aspiring Member
.
 
Join Date: Aug 2011
Posts: 2
ludovicostev has 10 reputation points
Default

SMLT Clustering support will be in a later VSP7000 release (probably 10.3).
Not sure a L2 core is a good solution.

You should consider a new design leveraging Avaya's VENA architecture with SPB (Shortest Path Bridging) which is already fully supported on the ERS8800 (VSP7000 will pick up SPB support in 10.2 next year).

All nodes run IS-IS which is now used to give you a virtual switch fabric (all nodes running SPB) which is your infrastructure. IS-IS will also work on any physical topology whether regular/symmetric or not (e.g. ring topologies); always ensuring shortest path routing.

On top of that you can then deploy conventional (non virtualized) IP routing (IS-IS used to advertize IP routes); and/or Virtual Switched Networks (VSNs) which can be L2 (extending VLANs = L2 VSNs) or L3 (extending VRFs = L3 VSNs).

In this new model, the user VLANs are only configured at the edge, up to the distribution layer, where they might (or might not) have IP interfaces to act as gateways into the network.
But in the core of the network you do not have any user vlans, nor IP addresses; only IS-IS with SPB.
Reply With Quote
  #4  
Old 08-29-2011, 04:26 PM
mayler mayler is offline
Hot Shot
 
Join Date: Jul 2011
Posts: 23
mayler has 10 reputation points
Default

No L3 capability in the VSP 3000 means no iSt or virtual chassis. That's a deal killer. But we don't plan on moving towards anything for a couple years. Since we're government, it takes time to plan and get the money to do anything. I think VENA deserves a good study in my environment. I'll give it a read and post any questions here.

Our existing topology seems to be perfect if you ask me. But my fellow NEs would like to 'simplify' the network by routing at the distribution layer, and reducing a lot of hardware.

Check out the existing topology:
The Blue Switches are L3 Physical Switches, using RSMLT for redundancy. As you can see there are two IST's in this picture. ITD and KAN are virtually one router, same for HIG and New Gov Center. All of the devices are 8606 chassis, except McMillan. But the question about this design is...where do you install an IPS &/Or IDS? It's all Multi Mode and Single Mode Fiber (some connections are 40kilometers, some 1k).

Reply With Quote
  #5  
Old 09-05-2011, 02:12 AM
ludovicostev ludovicostev is offline
Aspiring Member
.
 
Join Date: Aug 2011
Posts: 2
ludovicostev has 10 reputation points
Default

Hi

>> "But my fellow NEs would like to 'simplify' the network by routing at the distribution layer, and reducing a lot of hardware"

Well, in fact with SPB that is exactly what you get.

On an SPB network traffic forwarding within the core is L2 (along IS-IS shortest paths; you can think of SPB as MAC routing, so technically it's L2, because it only runs on L2 Ethernet, but conceptually it is using a Link State protocol which traditionally we have always associated with L3 routing)

The only place where you will get L3 IP routing on an SPB network, is on the distribution nodes, where your VLANs and IP interfaces (Gateways for end users) exist.

The following diagram shows how IP routing would work over an SPB network (let's see if I can paste my diagram in the WYSIWYG !):

<obvioulsy not!, so 1st pic below>


Note that there are only 2 routing IP hops across the above network; i.e. the TTL of IP packets will decrement by 2 (not 3).
The SPB trick is that IP routes have as next-hop the BMAC of the egress distribution node; so IP routed packets get sent directly from the ingress SPB node to the egress SPB node who has (been advertizing over ISIS) the destination IP route, over the SPB shortest path (there is no need for IP routing inside the core). We refer to these as IP shortcuts, because that descruibes them fairly well.

The above shows native (VRF-0 / non-virtualized) IP routing over SPB.

You can also extend virtualized IP routing instances (VRFs), like this:

<2nd pic below>

Note that since we are virtualizing now, we have to assign a virtualization instance id (the I-SID) which is the great advantage of SPB (over TRILL).

The I-SID is used to keep IP routes belonging to different VRFs separate in the control plane (ISIS) and to keep the packets separate in the Data plane (SPB uses the 802/1ah MACinMAC encapsulation which encodes the I-SID in the packets)


Likewise, if you wanted to extend a L2 VLAN across the network:

<3rd pic below>


So the SPB network becomes like one logical fabric, over which any networking service type can be easily deployed.

All of the above is available today on the ERS8800/8600 in software 7.1 provided you have R/RS modules and either an 8895CPU or an 8692CPU with SuperMezzanine.
SPB is also on the roadmap for the VSP7000 later next year.
We also fully support SMLT/RSMLT at the edge of the SPB network, so a pair of 8800/8600s can act as a logical SPB edge node from the user VLANs perspective.

Note that SMLT clustering becomes useless inside the SPB core, since the SPB core no longer has any user VLANs/IP interfaces.



Coming to your question about where to put an IDS/IPS...

...the beauty of SPB is that you are now effectively decoupling the network services (VSN be it L2 or L3, or non virtualized IP shortcuts) from the infrastructure.

So user VLANs can be easily extended and dropped anywhere across the network; likewise the default gateway for a given user VLAN can be anywhere on the SPB network (it does not have to be on the nearest distribution nodes); you simply extend the VLAN with a L2 VSN wherever you want the IP routing instance to be for it.

So things like Firewalls, IDS, IPS which previously needed to be physically inserted into the physical topology to intercept the traffic, can now be conveniently located wherever it makes more sense or it is more practical. You can then simply force your traffic over/through these devices by deploying VSNs which take the traffic to them.

And finally the design of the physical infrastructure becomes much simpler with SPB since it is now simply an exercise about feeds and speeds and deploying sufficient nodes to have redundancy and alternate paths in case of failures. The decision to deploy a tier2 or tier3 network is no longer influenced by the desire to fit to a certain IP addressing structure/scheme. So, depends on the network, but an SPB core can be cheaper/more cost effective.

Hope this helps!
Attached Images
File Type: jpg ipsrtc2.JPG (30.7 KB, 54 views)
File Type: jpg l3vsn.JPG (28.8 KB, 39 views)
File Type: jpg l2vsn.JPG (20.8 KB, 37 views)
Attached Files
File Type: pdf snippet.pdf (105.5 KB, 53 views)

Last edited by ludovicostev; 09-05-2011 at 02:40 AM. Reason: Getting my pictures attached!
Reply With Quote
  #6  
Old 09-06-2011, 01:41 PM
mayler mayler is offline
Hot Shot
 
Join Date: Jul 2011
Posts: 23
mayler has 10 reputation points
Default

Thanks for taking the time to explain all of that. You've got me excited about SPB. I'm going to jump into SPB this week and create a new proposal. I'll be sure to share it here.
Reply With Quote
Reply

Tags
design 8600 8800 smlt

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 06:19 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.