Multilayer Campus Architecture and Design Principals Peyton Schouest – Solutions Architect CCIE # 20234 [email protected] Mitch Mitchiner – Solutions Architect CCIE# 3958 [email protected]
Multilayer Campus Architecture and Design Principals
Peyton Schouest – Solutions Architect
CCIE # 20234
Mitch Mitchiner – Solutions Architect
CCIE# 3958
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Enterprise-Class Availability
Systems Approach to High Availability
• Network-level redundancy
• System-level resiliency
• Enhanced management
• Human ear notices the difference in voice within 150–200 msec 10 consecutive G711 packet loss
• Video loss is even more noticeable
• 200-msec end-to-end campus convergence
Resilient Campus Communication Fabric
2
Next-Generation Apps Video Conf., Unified Messaging, Global Outsourcing, E-Business, Wireless Ubiquity
Mission Critical Apps. Databases, Order-Entry, CRM, ERP
Desktop Apps E-mail, File and Print
Ultimate Goal……………..100%
APPLICATIONS DRIVE REQUIREMENTS FOR HIGH AVAILABILITY NETWORKING
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Next-Generation Campus Design
• VoIP is now a mainstream technology • Ongoing evolution to the full spectrum of Unified Communications • High-definition executive communication application requires stringent Service-Level Agreement
(SLA) • Reliable service—high availability infrastructure • Application service management—QoS
Unified Communications Evolution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Multilayer Campus Design Principles • Foundation Services
• Campus Innovations
• QoS Considerations
• Summary
Agenda
4
SiSiSiSi
SiSiSiSi
SiSi
Data Center
SiSi SiSi
Services Block
Distribution Blocks
SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031 Data Center WAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi SiSi
SiSi SiSi
Access
Core
Distribution
Distribution
Access
High-Availability Campus Design Structure, Modularity, and Hierarchy
5
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Hierarchical Campus Network Structure, Modularity and Hierarchy
6
Data Center
WAN Internet PSTN
SiSi
SiSi
SiSi SiSi
SiSi SiSi SiSi
SiSi
SiSi SiSi SiSi
SiSi
Not This!!
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Hierarchical Network Design Without a Rock Solid Foundation the Rest Doesn’t Matter
7
SiSi SiSi
SiSiSiSi
SiSi SiSi
Building Block Access
Distribution
Core
Distribution
Access § Offers hierarchy—each layer has specific role § Modular topology—building blocks § Easy to grow, understand, and troubleshoot § Creates small fault domains— clear
demarcations and isolation § Promotes load balancing and redundancy § Promotes deterministic traffic patterns § Incorporates balance of both Layer 2 and Layer
3 technology, leveraging the strength of both § Utilizes Layer 3 routing for load balancing, fast
convergence, scalability, and control
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Access Layer
• It’s not just about connectivity • Layer 2/Layer 3 feature rich environment; convergence,
HA, security, QoS, IP multicast, etc. • Intelligent network services: QoS,
trust boundary, broadcast suppression, IGMP snooping
• Intelligent network services: PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, etc.
• Cisco Catalyst® integrated security features IBNS (802.1x), (CISF): port security, DHCP snooping, DAI, IPSG, etc.
• Automatic phone discovery, conditional trust boundary, power over Ethernet, auxiliary VLAN, etc.
• Spanning tree toolkit: PortFast, UplinkFast, BackboneFast, LoopGuard, BPDU Guard, BPDU Filter, RootGuard, etc.
Feature Rich Environment
8
Access
Distribution
Core SiSiSiSi
SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Distribution Layer
• Availability, load balancing, QoS and provisioning are the important considerations at this layer
• Aggregates wiring closets (access layer) and uplinks to core
• Protects core from high density peering and problems in access layer
• Route summarization, fast convergence, redundant path load sharing
• HSRP or GLBP to provide first hop redundancy
Policy, Convergence, QoS, and High Availability
9
Access
Distribution
Core SiSiSiSi
SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Core Layer
• Backbone for the network—connects network building blocks
• Performance and stability vs. complexity— less is more in the core
• Aggregation point for distribution layer
• Separate core layer helps in scalability during future growth
• Keep the design technology-independent
Scalability, High Availability, and Fast Convergence
10
Access
Distribution
Core SiSiSiSi
SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Do I Need a Core Layer?
• No Core
• Fully-meshed distribution layers
• Physical cabling requirement
• Routing complexity
It's Really a Question of Scale, Complexity, and Convergence
11
4th Building Block 12 New Links 24 Links Total
8 IGP Neighbors
3rd Building Block 8 New Links 12 Links Total
5 IGP Neighbors
Second Building Block–4 New Links
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
2nd Building Block 8 New Links
Do I Need a Core Layer?
• Dedicated Core Switches • Easier to add a module
• Fewer links in the core
• Easier bandwidth upgrade
• Routing protocol peering reduced
• Equal cost Layer 3 links for best convergence
It’s Really a Question of Scale, Complexity, and Convergence
12
4th Building Block 4 New Links 16 Links Total
3 IGP Neighbors
3rd Building Block 4 New Links 12 Links Total
3 IGP Neighbors
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Data Center WAN Internet
SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi SiSi
SiSi SiSi
Access
Core
Distribution
Distribution
Access
Design Alternatives Come Within a Building (or Distribution) Block
13
Layer 2 Access Routed Access Virtual Switching System
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Layer 3 Distribution Interconnection
• Tune CEF load balancing • Match CatOS/IOS EtherChannel settings and tune
load balancing
• Summarize routes towards core
• Limit redundant IGP peering • STP Root and HSRP primary tuning or GLBP to load
balance on uplinks
• Set trunk mode on/no-negotiate
• Disable EtherChannel unless needed • Set port host on access layer ports:
• Disable trunking Disable EtherChannel Enable PortFast
• RootGuard or BPDU-Guard
• Use security features
Layer 2 Access—No VLANs Span Access Layer
14
Access
Distribution
Core
VLAN 120 Voice 10.1.120.0/24
Point-to-Point Link
VLAN 20 Data 10.1.20.0/24
VLAN 140 Voice 10.1.140.0/24
SiSi SiSi
SiSi SiSi
VLAN 40 Data 10.1.40.0/24
Layer 3
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VLAN 250 WLAN 10.1.250.0/24
Layer 2 Distribution Interconnection
• Tune CEF load balancing
• Match CatOS/IOS EtherChannel settings and tune load balancing
• Summarize routes towards core
• Limit redundant IGP peering
• STP Root and HSRP primary or GLBP and STP port cost tuning to load balance on uplinks
• Set trunk mode on/no-negotiate
• Disable EtherChannel unless needed
• RootGuard on downlinks
• LoopGuard on uplinks
• Set port host on access Layer ports: • Disable trunking
Disable EtherChannel Enable PortFast
• RootGuard or BPDU-Guard
• Use security features
Layer 2 Access—Some VLANs Span Access Layer
15
VLAN 120 Voice 10.1.120.0/24
Trunk
VLAN 20 Data 10.1.20.0/24
VLAN 140 Voice 10.1.140.0/24
SiSi SiSi
SiSi SiSi
Layer 2
VLAN 40 Data 10.1.40.0/24
Access
Distribution
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Multilayer Campus Design Principles • Foundation Services
• Campus Innovations
• QoS Considerations
• Summary
Agenda
16
SiSiSiSi
SiSiSiSi
SiSi
Data Center
SiSi SiSi
Services Block
Distribution Blocks
SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Foundation Services • Layer 1 physical things
• Layer 2 redundancy— spanning tree
• Layer 3 routing protocols
• Trunking protocols—(ISL/.1q)
• Unidirectional link detection
• Load balancing • EtherChannel link aggregation • CEF equal cost load balancing
• First hop redundancy protocols • VRRP, HSRP, and GLBP
17
Spanning Tree Routing
HSRP
GLBP
Trunking
Load Balancing
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
Best Practices— Layer 1 Physical Things • Use point-to-point interconnections—
no L2 aggregation points between nodes
• Use fiber for best convergence (debounce timer)
• Tune carrier delay timer
• Use configuration on the physical interface not VLAN/SVI when possible
18
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Redundancy and Protocol Interaction
• Indirect link failures are harder to detect
• With no direct HW notification of link loss or topology change convergence times are dependent on SW notification
• Indirect failure events in a bridged environment are detected by spanning tree hellos
• In certain topologies the need for TCN updates or dummy multicast flooding (uplink fast) is necessary for convergence
• You should not be using hubs in a high-availability design
Link Neighbor Failure Detection
19
SiSi
SiSi
SiSi
BPDUs
Layer 2
SiSi
SiSi
SiSi
Layer 2
Hellos
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Redundancy and Protocol Interaction
• Direct point-to-point fiber provides for fast failure detection
• IEEE 802.3z and 802.3ae link negotiation define the use of remote fault indicator and link fault signaling mechanisms
• Do not disable auto-negotiation on GigE and 10GigE interfaces
• The default debounce timer on GigE and 10GigE fiber linecards is 10 msec
• The minimum debounce for copper is 300 msec
Link Redundancy and Failure Detection
20
1
2
3
Linecard Throttling: Debounce Timer
Remote IEEE Fault Detection Mechanism
Cisco IOS® Throttling: Carrier Delay Timer
SiSi SiSi
1
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Redundancy and Protocol Interaction
• Configuring L3 routed interfaces provides for faster convergence than an L2 switch port with an associated L3 SVI
Layer 2 and 3—Why Use Routed Interfaces
21
21:32:47.813 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to down 21:32:47.821 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet2/1, changed state to down 21:32:48.069 UTC: %LINK-3-UPDOWN: Interface Vlan301, changed state to down 21:32:48.069 UTC: IP-EIGRP(Default-IP-Routing-Table:100): Callback: route, adjust Vlan301
21:38:37.042 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/1, changed state to down 21:38:37.050 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet3/1, changed state to down 21:38:37.050 UTC: IP-EIGRP(Default-IP-Routing-Table:100): Callback: route_adjust GigabitEthernet3/1
SiSiSiSiL2
SiSiSiSiL3
~ 8 msec loss ~ 150–200 msec loss
1. Link Down 2. Interface Down 3. Autostate 4. SVI Down 5. Routing Update
1. Link Down 2. Interface Down 3. Routing Update
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practices— Spanning Tree Configuration • Only span VLAN across multiple access
layer switches when you have to!
• Use rapid PVST+ for best convergence
• Required to protect against user side loops
• Required to protect against operational accidents (misconfiguration or hardware failure)
• Take advantage of the spanning tree toolkit
22
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
Layer 2 Loops
Same VLAN Same VLAN Same VLAN
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Multilayer Network Design
• At least some VLANs span multiple access switches
• Layer 2 loops • Layer 2 and 3 running over
link between distribution • Blocked links 23
• Each access switch has unique VLANs
• No Layer 2 loops
• Layer 3 link between distribution
• No blocked links
SiSi SiSi SiSi SiSi
Vlan 10 Vlan 20 Vlan 30 Vlan 30 Vlan 30 Vlan 30
Layer 2 Access with Layer 3 Distribution
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
0
5
10
15
20
25
30
35
PVST+ Rapid PVST+
UpstreamDownstream
Optimizing L2 Convergence
• Rapid-PVST+ greatly improves the restoration times for any VLAN that requires a topology convergence due to link UP
• Rapid-PVST+ also greatly improves convergence time over backbone fast for any indirect link failures
• PVST+ (802.1d) • Traditional spanning tree
implementation
• Rapid PVST+ (802.1w) • Scales to large size
(~10,000 logical ports) • Easy to implement, proven, scales
• MST (802.1s) • Permits very large scale STP
implementations (~30,000 logical ports)
• Not as flexible as rapid PVST+
PVST+, Rapid PVST+ or MST
24
Tim
e to
Res
tore
Dat
a Fl
ows
(sec
)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Layer 2 Hardening
• Place the root where you want it • Root primary/secondary macro
• The root bridge should stay where you put it • RootGuard • LoopGuard • UplinkFast • UDLD
• Only end-station traffic should be seen on an edge port • BPDU Guard • RootGuard • PortFast • Port-security
Spanning Tree Should Behave the Way You Expect
25
SiSiSiSi
BPDU Guard or RootGuard
PortFast Port Security
RootGuard
STP Root
LoopGuard
LoopGuard
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
Best Practices— Layer 3 Routing Protocols
• Typically deployed in distribution to core, and core-to-core interconnections
• Used to quickly reroute around failed node/links while providing load balancing over redundant paths
• Build triangles not squares for deterministic convergence
• Only peer on links that you intend to use as transit
• Insure redundant L3 paths to avoid black holes • Summarize distribution to core to limit EIGRP
query diameter or OSPF LSA propagation • Tune CEF L3/L4 load balancing hash to achieve
maximum utilization of equal cost paths (CEF polarization)
26
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practice—Build Triangles not Squares
• Layer 3 redundant equal cost links support fast convergence
• Hardware based—fast recovery to remaining path
• Convergence is extremely fast (dual equal-cost paths: no need for OSPF or EIGRP to recalculate a new path)
Deterministic vs. Non-Deterministic
27
Triangles: Link/Box Failure Does not Require Routing Protocol Convergence
Model A
Squares: Link/Box Failure Requires Routing Protocol Convergence
Model B
SiSi
SiSiSiSi
SiSi SiSi
SiSiSiSi
SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practice—Passive Interfaces for IGP
• Limit unnecessary peering using passive interface: • Four VLANs per wiring closet • 12 adjacencies total • Memory and CPU requirements increase
with no real benefit • Creates overhead for IGP
Limit IGP Peering Through the Access Layer
28
Routing Updates
OSPF Example: Router(config)#routerospf 1 Router(config-router)#passive-interfaceVlan 99 Router(config)#routerospf 1 Router(config-router)#passive-interface default Router(config-router)#no passive-interface Vlan 99
EIGRP Example: Router(config)#routereigrp 1 Router(config-router)#passive-interfaceVlan 99 Router(config)#routereigrp 1 Router(config-router)#passive-interface default Router(config-router)#no passive-interface Vlan 99
Distribution
Access
SiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
interface Port-channel1 description to Core#1 ip address 10.122.0.34 255.255.255.252 ip hello-interval eigrp 100 1 ip hold-time eigrp 100 3 ip summary-address eigrp 100 10.1.0.0 255.255.0.0 5
10.1.2.0/24 10.1.1.0/24
Why You Want to Summarize at the Distribution
• It is important to force summarization at the distribution towards the core
• For return path traffic an OSPF or EIGRP re-route is required
• By limiting the number of peers an EIGRP router must query or the number of LSAs an OSPF peer must process we can optimize this reroute
• EIGRP example:
Limit EIGRP Queries and OSPF LSA Propagation
29
SiSiSiSi
SiSi SiSi
No Summaries Queries Go Beyond the Core
Rest of Network
Access
Distribution
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
SiSiSiSi
SiSi SiSi
Why You Want to Summarize at the Distribution
• It is important to force summarization at the distribution towards the core
• For return path traffic an OSPF or EIGRP re-route is required
• By limiting the number of peers an EIGRP router must query or the number of LSAs an OSPF | peer must process we can optimize his reroute
• For EIGRP if we summarize at the distribution we stop queries at the core boxes for an access layer flap
• For OSPF when we summarize at the distribution (area border or L1/L2 border) the flooding of LSAs is limited to the distribution switches; SPF now deals with one LSA not three
Reduce the Complexity of IGP Convergence
30
10.1.2.0/24 10.1.1.0/24
Rest of Network
Summary: 10.1.0.0/16
Summaries Stop Queries at the Core
Access
Distribution
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practice— Summarize at the Distribution
• Best practice—summarize at the distribution layer to limit EIGRP queries or OSPF LSA propagation
• Gotcha: • Upstream: HSRP on left
distribution takes over when link fails
• Return path: old router still advertises summary to core
• Return traffic is dropped on right distribution switch
• Summarizing requires a link between the distribution switches
• Alternative design: use the access layer for transit
Gotcha—Distribution-to-Distribution Link Required
31
10.1.2.0/24 10.1.1.0/24
Summary: 10.1.0.0/16
SiSiSiSi
SiSi SiSi
Access
Distribution
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Provide Alternate Paths • What happens if fails? • No route to the core anymore? • Allow the traffic to go
through the access? • Do you want to use your
access switches as transit nodes?
• How do you design for scalability if the access used for transit traffic?
• Install a redundant link to the core • Best practice: install redundant link to
core and utilize L3 link between distribution layer
32
Single Path to Core
A B
SiSiSiSi
SiSiSiSi
Access
Distribution
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
SiSi
Load-Sharing Simple
Equal-Cost Multipath Optimizing CEF Load-Sharing
33
SiSiSiSi
SiSi
30% of Flows
70% of Flows
SiSiSiSi
SiSiSiSiLoad-Sharing Simple
Load-Sharing Full Simple
* = Default Load-Sharing Mode ** = PFC3 in Sup720 and Sup32 Supervisors
Catalyst 6500 PFC3** Load-Sharing Options Default* Src IP + Dst IP + Unique ID Full Src IP + Dst IP + Src Port + Dst Port Full Exclude Port Src IP + Dst IP + (Src or Dst Port) Simple Src IP + Dst IP Full Simple Src IP + Dst IP + Src Port + Dst Port
Catalyst 4500 Load-Sharing Options Original Src IP + Dst IP Universal* Src IP + Dst IP + Unique ID Include Port Src IP + Dst IP + (Src or Dst Port) + Unique ID
• Depending on the traffic flow patterns and IP Addressing in use one algorithm may provide better load-sharing results than another
• Be careful not to introduce polarization in a multi-tier design by changing the default to the same thing in all tiers/layers of the network
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
SiSiSiSi
SiSi SiSi
SiSi SiSi
CEF Load Balancing
• CEF polarization: without some tuning CEF will select the same path left/left or right/right
• Imbalance/overload could occur
• Redundant paths are ignored/underutilized
• The default CEF hash input is L3
• We can change the default to use L3 + L4 information as input to the hash derivation
Avoid Underutilizing Redundant Layer 3 Paths
34
L
L
R
R
Redundant Paths Ignored
Distribution Default L3 Hash
Core Default L3 Hash
Distribution Default L3 Hash
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
SiSiSiSi
SiSi SiSi
SiSi SiSi
CEF Load Balancing
• The default will for Sup720/32 and latest hardware (unique ID added to default). However, depending on IP addressing, and flows imbalance could occur
• Alternating L3/L4 hash and L3 hash will give us the best load balancing results
• Use simple in the core and full simple in the distribution to add L4 information to the algorithm at the distribution and maintain differentiation tier-to-tier
Avoid Underutilizing Redundant Layer 3 Paths
35
R L
R L
R L
All Paths Used
Distribution L3/L4 Hash
Core Default L3 Hash
Distribution L3/L4 Hash
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practices—Trunk Configuration • Typically deployed on interconnection between
access and distribution layers • Use VTP transparent mode to decrease
potential for operational error
• Hard set trunk mode to on and encapsulation negotiate off for optimal convergence
• Change the native VLAN to something unused to avoid VLAN hopping
• Manually prune all VLANS except those needed
• Disable on host ports: • CatOS: set port host • Cisco IOS: switchport host
36
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
802.1q Trunks
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VTP Virtual Trunk Protocol • Centralized VLAN management
• VTP server switch propagates VLAN database to VTP client switches
• Runs only on trunks
• Four modes: • Server: updates clients and servers • Client: receive updates— cannot make
changes • Transparent: let updates pass through • Off: ignores VTP updates
37
FServer
Set VLAN 50
Trunk
Trunk Trunk
Client
Off
Trunk
A
B
C
Client
Transparent
Ok, I Just Learned VLAN 50!
Drop VTP Updates
Pass Through Update
Ok, I Just Learned VLAN 50!
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
DTP Dynamic Trunk Protocol • Automatic formation of
trunked switch-to-switch interconnection • On: always be a trunk • Desirable: ask if the other side can/will • Auto: if the other sides asks I will • Off: don’t become a trunk
• Negotiation of 802.1Q or ISL encapsulation • ISL: try to use ISL trunk encapsulation • 802.1q: try to use 802.1q encapsulation • Negotiate: negotiate ISL or 802.1q encapsulation with
peer • Non-negotiate: always use encapsulation that is hard
set
38
On/On Trunk
Auto/Desirable Trunk
Off/Off NO Trunk
Off/On, Auto, Desirable NO Trunk
SiSi SiSi
SiSi SiSi
SiSi SiSi
SiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
0
0.5
1
1.5
2
2.5
Tim
e to
Con
verg
e in
Sec
onds
Trunking Desirable Trunking Nonegotiate
Optimizing Convergence: Trunk Tuning
• DTP negotiation tuning improves link up convergence time • IOS(config-if)# switchport mode trunk • IOS(config-if)# switchport nonegotiate
Trunk Auto/Desirable Takes Some Time
39
Voice Data
Two Seconds of Delay/Loss Tuned Away
SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practices—UDLD Configuration • Typically deployed on any fiber optic
interconnection
• Use UDLD aggressive mode for most aggressive protection
• Turn on in global configuration to avoid operational error/misses
• Config example • Cisco IOS:
udld aggressive
40
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
Fiber Interconnections
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Unidirectional Link Detection
• Highly-available networks require UDLD to protect against one-way communication or partially failed links and the effect that they could have on protocols like STP and RSTP
• Primarily used on fiber optic links where patch panel errors could cause link up/up with mismatched transmit/receive pairs
• Each switch port configured for UDLD will send UDLD protocol packets (at L2) containing the port’s own device/port ID, and the neighbor’s device/port IDs seen by UDLD on that port
• Neighboring ports should see their own device/port ID (echo) in the packets received from the other side
• If the port does not see its own device/port ID in the incoming UDLD packets for a specific duration of time, the link is considered unidirectional and is shutdown
Protecting Against One-Way Communication
41
Are You ‘Echoing’
My Hellos?
SiSi
SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
UDLD Aggressive and UDLD Normal
• Timers are the same—15-second hellos by default
• Aggressive Mode—after aging on a previously bi-directional link—tries eight times (once per second) to reestablish connection then err-disables port
• UDLD—Normal Mode—only err-disable the end where UDLD detected other end just sees the link go down
• UDLD—Aggressive—err-disable both ends of the connection due to err-disable when aging and re-establishment of UDLD communication fails
42
SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practices— EtherChannel Configuration • Typically deployed in distribution to core, and
core to core interconnections
• Used to provide link redundancy—while reducing peering complexity
• Tune L3/L4 load balancing hash to achieve maximum utilization of channel members
• Deploy in powers of two (two, four, or eight) • Match CatOS and Cisco IOS PAgP settings • 802.3ad LACP for interop if you need it
• Disable unless needed • Cisco IOS: switchport host
43
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Understanding EtherChannel Link Negotiation Options—PAgP and LACP
44
On/On Channel
On/Off No Channel
Auto/Desirable Channel
Off/On, Auto, Desirable No Channel
SiSi SiSi
SiSi SiSi
SiSi SiSi
SiSiSiSi
On/On Channel
On/Off No Channel
Active/Passive Channel
Passive/Passive No Channel
SiSi
SiSi SiSi
SiSi SiSi
SiSiSiSi
SiSi
Port Aggregation Protocol Link Aggregation Protocol
On: always be a channel/bundle member Active: ask if the other side can/will Passive: if the other side asks I will Off: don’t become a member of a channel/bundle
On: always be a channel/bundle member Desirable: ask if the other side can/will Auto: if the other side asks I will Off: don’t become a member of a channel/bundle
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
EtherChannels or Equal Cost Multipath 10/100/1000 How Do You Aggregate It?
45
SiSiSiSi
Access
Distribution
Core 10 GE and
10-GE Channels
Typical 20:1 Data Over- Subscription
Typical 4:1 Data Over- Subscription
SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
EtherChannels or Equal Cost Multipath
• More links = more routing peer relationships and associated overhead
• EtherChannels allow you to reduce peers by creating single logical interface to peer over
• On single link failure in a bundle • OSPF running on a Cisco
IOS-based switch will reduce link cost and reroute traffic
• OSPF running on a hybrid switch will not change link cost and may overload remaining links
• EIGRP may not change link cost and may overload remaining links
Reduce Complexity/Peer Relationships
46
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
SiSiSiSi
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
EtherChannels or Equal Cost Multipath
• More links = more routing peer relationships and associated overhead
• EtherChannels allow you to reduce peers by creating single logical interface to peer over
• However, a single link failure is not taken into consideration by routing protocols. Overload possible
• Single 10-gigabit links address both problems. Increased bandwidth without increasing complexity or compromising routing protocols ability to select best path
Why 10-Gigabit Interfaces
47
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
SiSi SiSi SiSi SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
EtherChannels—Quick Summary • For Layer 2 EtherChannels: Desirable/Desirable is the recommended configuration so that PAgP
is running across all members of the bundle insuring that an individual link failure will not result in an STP failure
• For Layer 3 EtherChannels: one can consider a configuration that uses ON/ON. There is a trade-off between performance/HA impact and maintenance and operations implications
• An ON/ON configuration is faster from a link-up (restoration) perspective than a Desirable/Desirable alternative. However, in this configuration PAgP is not actively monitoring the state of the bundle members and a misconfigured bundle is not easily identified
• Routing protocols may not have visibility into the state of an individual member of a bundle. LACP and the minimum links option can be used to bring the entire bundle down when the capacity is diminished. • OSPF has visibility to member loss (best practices pending investigation). EIGRP does not…
• When used to increase bandwidth—no individual flow can go faster than the speed of an individual member of the link
• Best used to eliminate single points of failure (i.e., link or port) dependencies from a topology
48
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Best Practices—First Hop Redundancy • Used to provide a resilient default
gateway/first hop address to end-stations
• HSRP, VRRP, and GLBP alternatives
• VRRP, HSRP, and GLBP provide millisecond timers and excellent convergence performance
• VRRP if you need multivendor interoperability
• GLBP facilitates uplink load balancing
• Preempt timers need to be tuned to avoid black-holed traffic
49
Data Center WAN Internet
Layer 3 Equal Cost Links
Layer 3 Equal Cost Links
1st Hop Redundancy
SiSi SiSi SiSi SiSi SiSi SiSi
SiSiSiSi
SiSiSiSi
SiSi SiSiSiSiSiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
First Hop Redundancy with VRRP
• A group of routers function as one virtual router by sharing one virtual IP address and one virtual MAC address
• One (master) router performs packet forwarding for local hosts
• The rest of the routers act as back up in case the master router fails
• Backup routers stay idle as far as packet forwarding from the client side is concerned
IETF Standard RFC 2338 (April 1998)
50
R1—Master, Forwarding Traffic; R2,—Backup VRRP ACTIVE VRRP BACKUP
IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0000.5e00.0101
IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: vMAC:
IP: 10.0.0.1 MAC: aaaa.aaaa.aa01 GW: 10.0.0.10 ARP: 0000.5e00.0101
IP: 10.0.0.2 MAC: aaaa.aaaa.aa02 GW: 10.0.0.10 ARP: 0000.5e00.0101
IP: 10.0.0.3 MAC: aaaa.aaaa.aa03 GW: 10.0.0.10 ARP: 0000.5e00.0101
SiSiSiSi
Access-a
Distribution-A VRRP Active
Distribution-B VRRP Backup
R1 R2
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
First Hop Redundancy with HSRP
• A group of routers function as one virtual router by sharing one virtual IP address and one virtual MAC address
• One (active) router performs packet forwarding for local hosts
• The rest of the routers provide hot standby in case the active router fails
• Standby routers stay idle as far as packet forwarding from the client side is concerned
RFC 2281 (March 1998)
51
IP: 10.0.0.1 MAC: aaaa.aaaa.aa01 GW: 10.0.0.10 ARP: 0000.0c07.ac00
SiSiSiSi
Access-a
R1
HSRP ACTIVE HSRP STANDBY IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0000.0c07.ac00
IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: vMAC:
IP: 10.0.0.2 MAC: aaaa.aaaa.aa02 GW: 10.0.0.10 ARP: 0000.0c07.ac00
IP: 10.0.0.3 MAC: aaaa.aaaa.aa03 GW: 10.0.0.10 ARP: 0000.0c07.ac00
R1—Active, Forwarding Traffic; R2—Hot Standby, Idle
R2
Distribution-A HSRP Active
Distribution-B HSRP Backup
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Why You Want HSRP Preemption
• Spanning tree root and HSRP primary aligned
• When spanning tree root is re-introduced, traffic will take a two-hop path to HSRP active
• HSRP preemption will allow HSRP to follow spanning tree topology
Avoid ‘Black-Hole’ during system startup
52
SiSiSiSi
SiSiSiSi
Access
Distribution
Core
Spanning Tree Root
HSRP Active
HSRP Active
Spanning Tree Root
HSRP Preempt
Without Preempt Delay HSRP Can Go Active Before Box Completely Ready to Forward Traffic: L1 (Boards), L2 (STP), L3 (IGP Convergence) standby 1 preempt delay minimum 180
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
First Hop Redundancy with GLBP
• All the benefits of HSRP plus load balancing of default gateway à utilizes all available bandwidth
• A group of routers function as one virtual router by sharing one virtual IP address but using multiple virtual MAC addresses for traffic forwarding
• Allows traffic from a single common subnet to go through multiple redundant gateways using a single virtual IP address
Cisco Designed, Load Sharing, Patent Pending
53
GLBP AVG/AVF, SVF GLBP AVF, SVF R1- AVG; R1, R2 Both Forward Traffic
IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0007.b400.0101
IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: 10.0.0.10 vMAC: 0007.b400.0102
IP: 10.0.0.1 MAC: aaaa.aaaa.aa01 GW: 10.0.0.10 ARP: 0007.B400.0101
IP: 10.0.0.2 MAC: aaaa.aaaa.aa02 GW: 10.0.0.10 ARP: 0007.B400.0102
IP: 10.0.0.3 MAC: aaaa.aaaa.aa03 GW: 10.0.0.10 ARP: 0007.B400.0101
SiSiSiSi
Access-a
Distribution-A GLBP AVG/
AVF, SVF
Distribution-B GLPB AVF, SVF
R1
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
First Hop Redundancy with Load Balancing
• Each member of a GLBP redundancy group owns a unique virtual MAC address for a common IP address/default gateway
• When end-stations ARP for the common IP address/default gateway they are given a load-balanced virtual MAC address
• Host A and host B send traffic to different GLBP peers but have the same default gateway
Cisco Gateway Load Balancing Protocol (GLBP)
54
10.88.1.0/24
.5 .4
.1 .2
vIP 10.88.1.10
GLBP 1 ip 10.88.1.10 vMAC 0000.0000.0001
GLBP 1 ip 10.88.1.10 vMAC 0000.0000.0002
ARPs for 10.88.1.10 Gets MAC 0000.0000.0001
ARPs for 10.88.1.10 Gets MAC 0000.0000.0002
A B
R1 R2 ARP
Reply
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Optimizing Convergence: VRRP, HSRP, GLBP
• VRRP not tested with sub-second timers and all flows go through a common VRRP peer; mean, max, and min are equal
• HSRP has sub-second timers; however all flows go through same HSRP peer so there is no difference between mean, max, and min
• GLBP has sub-second timers and distributes the load amongst the GLBP peers; so 50% of the clients are not affected by an uplink failure
Mean, Max, and Min—Are There Differences?
55
50% of Flows Have ZERO
Loss W/ GLBP
GLBP Is 50% Better
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
If You Span VLANS, Tuning Required
• Both distribution switches act as default gateway
• Blocked uplink caused traffic to take less than optimal path
By Default, Half the Traffic Will Take a Two-Hop L2 Path
56 VLAN 2 VLAN 2
F 2
F: Forwarding B: Blocking
Access-b
SiSiSiSi
Core
Access-a
Distribution-A GLBP Virtual MAC 1
Distribution-B GLBP Virtual
MAC 2
Access Layer 2
Distribution Layer 2/3
Core Layer 3
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Multilayer Campus Design Principles • Foundation Services
• Campus Innovations
• QoS Considerations
• Summary
Agenda
57
SiSiSiSi
SiSiSiSi
SiSi
Data Center
SiSi SiSi
Services Block
Distribution Blocks
SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Traditional High Availability Challenges
SiSi SiSi
Campus Network Data Center Network
SiSi SiSi
Traditional L2/L3 Design High Availability Challenges Multiple Control Protocols to Configure and Manage – HSRP/VRRP/STP
Under-utilized or Idling Links connecting to access layer or servers
Multiple Nodes to Manage and Troubleshoot
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Traditional L2/L3 Complex STP configuration and Management HSRP/VRRP- 3 IP address Manage Two Nodes and Config
VSS STP – Not Dependant
No HSRP/VRRP- 1 IP address Manage Single Node and Config
Manage additional routing peers Manage reduced routing peers
Virtual Switching System (VSS) System Virtualization – Increased Operational Efficiency
Core/Distribution Data Center Access
SiSi SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Traditional L2/L3 Idling Links Under-utilized Links Complex STP configuration
VSS No Idling - Active/Active Links
Simple Etherchannel Config Indertministic STP based convergence
Deterministic sub-second convergence
Fully Utilized Link – Granular LB
Core/Distribution Data Center Access
SiSi SiSi SiSi SiSi
Scale the Available Layer 2 Bandwidth Multi-Chassis Etherchannel (MEC)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Building 1 1000 Ports
Building 2 1000 Ports
Building 3 1000 Ports
Building 4 1000 Ports
Campus Core 94 Total Devices of Image & Configuration Management 168 Port-Channels 168 Access Trunks 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 94 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.
Network Design
Traditional L2 / L3 Campus Multi-Layer Switches
Non-Stack L2 Switches
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Building 1 Building 2 Building 3 Building 4
29 Total Devices of Image & Configuration Management 48 Port-Channels 48 Access Trunks 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 29 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.
VSS VSS
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Data Center WAN Internet
SiSi
SiSi SiSi SiSi
SiSi
SiSi
SiSi
Access
Core
Data Center WAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi SiSi
SiSi SiSi
Distribution
Distribution
Access Data Center WAN Internet
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSiSiSi SiSi
SiSi SiSi
High Availability Campus Design Simplified with VSS
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VSS Architecture Key Concepts
Virtual Switch Domain
Virtual Switch Link
Special 10GE Port-Channel joins two Catalyst Switches allowing them to operate as a single logical device
Virtual Switch 1 Virtual Switch 2
Catalyst Switch that operates as the Hot Standby Control Plane for the VSS
Defines 2 Catalyst Switches that are participating together as a Virtual Switching System (VSS)
Catalyst Switch that operates as the Active Control Plane for the VSS
Active Control Plane
Active Data Plane
Hot Standby Control Plane
Active Data Plane
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VSS Architecture Virtual Switch Link (VSL)
The Virtual Switch Link (VSL) joins two physical chassis together The VSL provides a control-plane interface to keep both chassis in sync The VSS “control-plane” uses the VSL for CPU to CPU communications (programming, statistics, etc.) while the “data-plane” uses the VSL to extend the internal chassis fabric to the remote chassis.
A Virtual Switch Link (VSL) Port-Channel can consist of up to 8 x 10GE (or 4 x 40GE) members
All traffic traversing the VSL is encapsulated in a 32 byte “Virtual Switch Header” containing Ingress and Egress Port Index, Class of Service (CoS), VLAN ID, other important information from the Layer 2 and Layer 3 header
Virtual Switch Link
VS Header L2 Hdr L3 Hdr DATA CRC Switch 1 Switch 2
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VSS Architecture Dual Active Data Planes
Both data forwarding planes are ACTIVE Standby Supervisor and all Line Cards are actively forwarding!
VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 <snip> Switch 1 Slot 5 Processor Information : ----------------------------------------------- Current Software state = ACTIVE <snip> Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 5 Processor Information : ----------------------------------------------- Current Software state = STANDBY HOT (switchover target) <snip> Fabric State = ACTIVE Control Plane State = STANDBY
Data Plane Active
Data Plane Active
Switch1 Switch2
LACP, PAGP and ON EtherChannel modes
are supported
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VSS
VSS Architecture Load-Balancing for MEC & ECMP
The PFC / DFC hash logic used for MEC and ECMP load-balancing (to determine the physical port to use) is skewed to always favor LOCAL links! This avoids overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…
Link 1 Link 2
Blue Traffic destined for the
Neighbor will result in Link 1 being
chosen
Orange Traffic destined for the
Neighbor will result in Link 2 being
chosen
Logical Interface
Physical Interface
Result Bundle Hash (RBH) Value
PO 10 T 1/1/1
PO 10 T2/1/1
Logical Interface
Physical Interface
Result Bundle Hash (RBH) Value
PO 10 T 1/1/1
PO 10 T2/1/1 0,1,2,3,4,5,6,7
0,1,2,3,4,5,6,7
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Standby Active Switch 1 Switch 2
Enhanced PAGP
VSLP
VSLP Fast Hello
v Requires ePAGP capable neighbor: v 3750: 12.2(46)SE v 4500: 12.2(44)SE v 6500: 12.2(33)SXH1
v Direct L2 Point-to-Point Connection v Requires 12.2(33)SXI
v Sub-Second Convergence v Typically ~200-250ms
v Sub-Second Convergence v Typically ~50-100ms
VSS High Availability Dual-Active Protocols
Standby Active Switch 1 Switch 2
VSLP
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Virtual Switching System Dual-Attach Whenever Possible
§ Dual-Attach connect to neighbor devices whenever possible!
§ EtherChannel and CEF load-balancing algorithms have been modified for VSS to always favor locally attached interfaces
§ With a Dual-Attached network design
§ Data traffic will not traverse the VSL under normal conditions, only control traffic will traverse the VSL
§ Data traffic will traverse the VSL only if there is a failure event and no local interfaces are available
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Introducing Easy VSS
Traditional VSS conversion: 1. Assign Virtual Switch Domain
2. Assign Switch ID
3. Create Port-channel
4. Configure Port-channel as VSL
5. Add ports to the VSL Port-channel
6. “switch convert mode virtual”
Start with two Standalone
systems
Both systems are now a
Single VSS
Apply one-time VSS Conversion Commands and
Reload
Easy VSS conversion: 1. Easy VSS Feature can be enabled or disabled
2. Single command line to convert to VSS
3. User prompted for Domain ID and VSL details
15.2(1)SY1
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VSS Support - Catalyst 6500, 6800, 4500-E and 4500-X
Catalyst 6500 / 6800 Catalyst 4500-E Catalyst 4500-X
Supervisors Sup2T, Sup720-10G Sup7-E, Sup7L-E Sup8-E
Fixed (based on Sup7E)
Mixed / Asymmetric Chassis Support Yes Yes *after release 3.5.0E No, must pair using the same base model, either 16-port or 32-port Optional 8-port module is supported
Software Trains Sup2T - 12.2SY, 15.0SY, 15.1SY, 15.2SY
3.6.0E 3.5.0E 3.4.0SG 15.1(2)SG
3.6.0E 3.5.0E, 3.4.0SG Sup720-10G - 12.2SXH, 12.2SXI,
12.2SXJ, 15.1SY
Quad-Sup SSO Sup2T 15.1SY1 No, Future Release N/A
Quad-Sup Uplink Forwarding Sup720-10G 12.2(33)SXI4 No, Future Release N/A
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
72 Simplify Operations by Eliminating STP, FHRP and Multiple Touch-Points
Minimizes Convergence with Sub-second Stateful and Graceful Recovery (SSO/NSF) Double Bandwidth & Reduce Latency with Active-Active Multi-chassis EtherChannel (MEC)
Benefits of Virtual Switching
Catalyst Virtual Switching System Topology Comparisons
Traditional
Access Switch
LACP or PAGP
STP or MST
HSRP or VRRP
Access Switch Stack
VSS - Physical
LACP or PAGP
VSL
Access Switch Access Switch Stack
VSS - Logical
Access Switch Stack
Access Switch
MEC
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
SDP SRP SCP
Instant Access Client
Instant Access Stack
VSL
LACP or PAGP
LACP or PAGP
Access Switch
Access Stack
VSL
Access Switch
Access Stack
LACP or PAGP
Evolution of the Campus
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
94 Total Devices of Image & Configuration Management 168 Port-Channels 168 Access Trunks 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 94 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.
SiSi SiSi
SiSi SiSi SiSi SiSi SiSi SiSi SiSi SiSi
Building 1 Building 2 Building 3 Building 4
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Building 1 Building 2 Building 3 Building 4
29 Total Devices of Image & Configuration Management 48 Port-Channels 48 Access Trunks 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 29 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.
VSS VSS
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
5 Total Devices of Image & Configuration Management 4 Port-Channels 0 Trunk Configuration 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 5 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.
VSS + IA
Catalyst Instant Access
Building 1 Building 2 Building 3 Building 4
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Instant Access Campus Design
VLAN 10
VLAN 100
VLAN 100
VLAN 20
VLAN 120
VLAN 30
VLAN 130
VLAN 40
VLAN 140
VLAN 50
VLAN 150
VLAN 100 VLAN 100
Data
Phone
Badge
Satellite Device capable of Stacking & POE+
Single Point of Management, Configuration and Troubleshooting
Simplified Network Design for VLANs and Port-Channels
Agile Infrastructure to add new features uniformly across Access Layer
A Single Image to Deploy and Manage across Distribution Block
2000 Port Campus Distribution Block
No Configuration of Access Switches
ISE
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Port-Channel FEX-Fabric
IA Parent
Supervisor 2T
WS-6904-40G + CVR-4SFP
Virtual Switching System (VSS) IA Parent
Supervisor 2T
WS-6904-40G + CVR-4SFP
IA Client
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Port-Channel FEX-Fabric
IA Parent
Supervisor 2T
WS-6904-40G + CVR-4SFP
Virtual Switching System (VSS) IA Parent
Supervisor 2T
WS-6904-40G + CVR-4SFP
IA Client
Catalyst 6807-XL Catalyst 6500-E
Catalyst 6880-X
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst 6800IA Family
Data and PoE/PoE+ Options
2 x 10G SFP+ Uplink Ports
Catalyst 6500 features at the Access layer
740W POE Budget 15W on 48 ports or 30W on 24 ports
Stackable up to 5 member switches
System and Status LEDs
48 x 1G RJ45 Ports
80
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Copper Twin-Ax for internal rack connectivity 1m, 3m, 5m, 7m
10GBASE-LRM MMF & SMF for intra building connectivity using legacy fiber
220m – 300m
26m – 400m 10GBASE-SR MMF for rack to rack and intra-building connectivity
10GBASE-LR SMF, for inter-building, campus and metro connectivity
Up to 30Km 40Km
DWDM transport network 80Km and greater
10GBASE-ER SMF, for inter-site connectivity
DWDM, for inter-site and long-haul connectivity
Up to 10Km
Diagram Not to Scale
81
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
v One IOS Image across Distribution & Access-Layer v C6500/C6800 Image + C6800IA Image bundled together as One Image
v Automatic Image Management for Access-Layer
v Automatic Image check & downloaded to IA client, when it comes online
v Enhanced Fast Software Upgrade (with ISSU)
v issu runversion <fex-id>
Behaves Just Like a Line Card! The C6800IA image is managed by VSS System
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
VSS Quad-Sup SSO
• SSO across VSS, with single Supervisor in each Chassis
• MEC across VSS Pair
Recommended
SiSi SiSiSiSiSiSi
Traditional VSS
• Single C6K Chassis and Supervisor in VSS Mode
• Standard EtherChannel
SiSi
Single-Chassis VSS
• Cross-VSS and In-Chassis SSO with 2 Supervisors in each Chassis
Recommended
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Stack of 3 (Phase 1) Max FEX-ID 12
FEX 101 FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 107 FEX 108 FEX 109
Max 21 Stacks Switches = 1008 ports.
12 Nodes of 48 ports each = 576 ports
FEX 101 FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 107 FEX 108 FEX 109 FEX 110 FEX 111 FEX 112
84
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Feature
Port Scale
Fabric Link
Stacking Supervisor 2T
6880-X 15.1(2)SY
1000 12 3
15.2(1)SY and 15.2(1)SY1
2000 42 5
Catalyst Instant Access Phase 2 Scalability – 15.2(1)SY1 Software Release Train
Feature
Port Scale Fabric Link
Stacking
15.1(2)SY
1000 12 3
15.2(1)SY -> 15.2(1)SY1
1200 -> 1500 25 -> 32
5
Phase 1 Phase 2
85
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
15.1(2)SY Release Train 15.2(1)SY Release Train
5 3
12 FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 107 FEX 108 FEX 109 FEX 110 FEX 111 FEX 101
FEX 102 FEX 103 FEX 104 FEX 105 FEX 106 FEX 139 FEX 140 FEX 141 FEX 142 FEX 101
- - - - - -
42
STACKING
FABRIC LINK
86
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst Instant Access Fabric Link Connectivity Scenarios – Dual Homed to VSS Pair
Recommended Design
Dual Homed to VSS Pair
Dual Homed across Stack Members
Up to 8 uplinks (80G) MEC across Client to Parent
87
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 88
Catalyst Instant Access Connecting a downstream Switch
SiSi SiSi
v Connect a downstream Switch just like you would to a local Line Card
v A remote (downstream) Switch must be managed Independently
v You can use Smart Install
v You can use Compact Switch
v Spanning Tree across Trunk ports
v Spanning Tree will block redundant links
VSS
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst Instant Access Host Port Connectivity Options
MEC at IA Ports across Stack Members
Single Homed End devices to IA Client dual homed to VSS Pair
Host
89
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Segmentation (Compliance)
Topology Independent Segmentation with
Secure Group Access (SGA)
Context-Aware Control
Role-Based Access Control with Security Group Tagging (SGT)
Identify, Profile Devices with Device Sensor
802.1X Authentication
What
Where
How Who
IDENTITY
When
Protect Network Infrastructure
MACsec Encryption (Hardware ready)
Network Device Admission Control (NDAC)
þ
þ þ þþ
90
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• MPLS based L3 VPN Services at Access Layer
• VRF configuration only on Distribution
• No IGP relationship between access and distribution—Fabric Links
• No LDP between distribution and access—no additional control overhead
• No MP-BGP on access devices
• Higher Scaling than 802.1Q-based segmentation at Layer 2
• Group Segregation with ASA-SM service module
VRF A
VRF C
VRF B
Enterprise MPLS Core/ Access
VRF A
VRF C
VRF B
MPLS VRF at Access interface GigabitEthernet103/1/0/24
no switchport
vrf forwarding PCI
ip address 18.18.18.18 255.255.255.0
mpls ip
91
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Key Takeaways Instant Access is a deployment model with specific benefits:
• Simplified operations • Single point of management • Image management • Configuration management • Troubleshooting
• Eliminates configuration complexity at the access uplink • VLAN trunks, VRF-Lite , MPLS and other segmentation protocols
• Specific hardware and software requirements
• Centralized wired and wireless switching designs
• Instant Access is shipping and ready to deploy • Scalability up to 2000 nodes and different client platforms included
92
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Multilayer Campus Design Principles • Foundation Services
• Campus Innovations
• QoS Considerations
• Summary
Agenda
93
SiSiSiSi
SiSiSiSi
SiSi
Data Center
SiSi SiSi
Services Block
Distribution Blocks
SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Start by Defining Your QoS Strategy Articulate Your Business Intent, Relevant Applications and End-to-End Strategy
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Video/qosmrn.pdf
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The Case for Campus QoS
• The primary role of QoS in campus networks is to manage packet loss • In campus networks, it takes only a few milliseconds of congestion to cause drops
• Rich media applications are extremely sensitive to packet drops
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
1080
line
s of
Hor
izon
tal
Res
olut
ion
1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9) 1080p60
1080 x 1920 lines =
2,073,600 pixels per frame
x 24 bits of color per pixel
x 60 frames per second
= 2,985,984,000 bps
or 3 Gbps Uncompressed! Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream
which represents over 99.8% compression (~ 1000:1) Packet loss is proportionally magnified by compression ratios
Users can notice a single packet lost in 10,000—
Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!
Why Is Video So Sensitive to Packet Loss?
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Audio Samples
20 msec
Voice Packets
Bytes
200
600
1000
1400
Time
200
600
1000
1400
33 msec
Video Packets Video Frame
Video Frame
Video Frame
VoIP vs. HD Video—At the Packet Level
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
KB
ytes
Per
ms
10 Gbps Line Rate
Campus QoS Design Considerations How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
10-GE Linecard Example
Total Per-Port Buffer: 90 MB Total Per-Queue Buffer*: 11.25 MB Gbps Line Rate: 10 Gbps = 1.25 GB/s or 1250 KB/ms Total Per-Queue Buffering Capacity: 9.0 ms
*Assuming (8) equal-sized queues
ms
0
500
1000
1500
10
50
90
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
10 GE Linecard Example (WS-X6908)
1 second
Begin dropping at 9 ms but overall utilization is still only 1%!
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Oversubscription in the Campus
GE Link 10GE Link 40GE Link
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Software and Syntax Variations
• Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS) • QoS is disabled by default and must be globally enabled with mls qos command • Once enabled, all ports are set to an untrusted port-state
• Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC) • QoS is enabled by default • All ports are trusted at layer 2 and layer 3 by default
• Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS • QoS is enabled by default (Sup2T) – Disabled by default (Sup720) • All ports are trusted at layer 2 and layer 3 by default • C3PL presents queuing policies similar to MQC, but as a defined “type” of policy
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Untrusted / User-Administered Devices no mls qos trust
Trusted Centrally-Administered Devices mls qos trust dscp
Centrally-Administered & Conditionally-Trusted Devices mls qos trust device
• cisco-phone • cts • ip-camera • media-player
Trust Boundary Trust Boundaries
Trust Boundary
Trust Boundary
The trust boundary is the edge where • Layer 2 (CoS / UP) and/or • Layer 3 (DSCP)
markings are accepted or rejected
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Campus QoS Design Best Practices
• Classify and mark applications as close to their sources as technically and administratively feasible
• Always perform QoS in hardware rather than software when a choice exists
• Police unwanted traffic flows as close to their sources as possible
• Enable queuing policies at every node where the potential for congestion exists
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
4 Class Model
Scavenger
Critical Data
Call Signaling
Realtime
8 Class Model
Critical Data
Video Call Signaling
Best Effort
Voice
Bulk Data
Network Control
Scavenger
11 Class Model
Network Management
Call Signaling Streaming Video
Transactional Data
Interactive-Video Voice
Best Effort
IP Routing
Mission-Critical Data
Scavenger
Bulk Data
Time
Best Effort
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
1T
Catalyst Hardware Queuing 1P3Q1T Example
1 Priority Queue
3 Non-Priority Queues
1P 3Q
Each queue has 1 Drop Threshold (the tail of the queue)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst Hardware Queuing 1P3Q1T Example
Interrupt Scheduling
Resume Scheduling
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
AF11 Minimum WRED Threshold: Begin randomly dropping AF11 Packets
AF12 Minimum WRED Threshold: Begin randomly dropping AF12 Packets
AF13 Minimum WRED Threshold: Begin randomly dropping AF13 Packets
Weighted Random Early Detect (WRED) Operation 3T WTD Example
Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
Front of
Queue
Tail of
Queue Direction
of Packet Flow
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
BWR = Bandwidth Remaining
Network Management
Signaling
Realtime Interactive
Transactional Data
Multimedia Conferencing
Bulk Data
AF2 CS3
CS4 AF4
CS2 AF1
Scavenger CS1 Best Effort DF
Multimedia Streaming AF3
Broadcast Video VoIP
Application-Class
CS5 EF
Internetwork Control CS6
DSCP Network Control (CS7)
8Q4T/1P7Q4T
Realtime-Queue (10% BW/Priority)
EF CS5 CS4
Control Queue (10% BW/BWR)
CS7 & CS6 CS3 & CS2
Multimedia-Conferencing Queue (10% BW/BWR
+ DSCP-WRED) Multimedia-Streaming Queue
(10% BW/BWR + DSCP-based WRED)
Transactional Data (10% BW/BWR
+ DSCP-based WRED) Bulk Data
(4% BW/BWR +DSCP-based WRED)
Scavenger (1% BW/BWR) Default Queue
(25% BW/BWR + WRED)
DF
AF1 CS1
AF2
AF3
AF4
Example - Cisco Catalyst 6500/6800 8Q4T Ingress & 1P7Q4T Egress Queuing Models (6908-10GE)
Ingress and Egress queuing models varies by line card/module. Refer to the 6500/6800 QoS Configuration Guide to ensure that you use the proper queuing module for a given line card.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.pdf
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Key Takeaways
• Start by defining your QoS Strategy
• Campus QoS is needed primarily to control packet drops
• Know your QoS toolset, as this varies platform-to-platform
• Cisco provides many At-A-Glance guides to get you up and running quickly
• Cisco also provides Cisco Validated Design guides for more detail
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Campus QoS Design 4.0—In-Depth
• Enterprise Quality of Service Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html
• Campus QoS Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html
• WLAN QoS Design (BYOD CVD) http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_AVC.html
Comprehensive Design Chapters
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Multilayer Campus Design Principles • Foundation Services
• Campus Innovations
• QoS Considerations
• Summary
Agenda
111
SiSiSiSi
SiSiSiSi
SiSi
Data Center
SiSi SiSi
Services Block
Distribution Blocks
SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Summary • Offers hierarchy—each layer has specific role
• Modular topology— building blocks
• Easy to grow, understand, and troubleshoot
• Creates small fault domains— Clear demarcations and isolation
• Promotes load balancing and redundancy
• Promotes deterministic traffic patterns
• Incorporates balance of both Layer 2 and Layer 3 technology, leveraging the strength of both
• Utilizes Layer 3 routing for load balancing, fast convergence, scalability, and control
112
Data Center WAN Internet
Layer 3 Equal Cost
Links
Layer 3 Equal Cost
Links
Access
Distribution
Core
Distribution
Access
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSi
SiSi SiSi
SiSi SiSi
§ Offers hierarchy—each layer has specific role
§ Modular topology—building blocks § Easy to grow, understand, and
troubleshoot § Creates small fault domains— clear
demarcations and isolation § Promotes load balancing and
redundancy § Promotes deterministic traffic patterns § Incorporates balance of both Layer 2
and Layer 3 technology, leveraging the strength of both
§ Utilizes Layer 3 routing for load balancing, fast convergence, scalability, and control
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Hierarchical Network Design Without a Rock Solid Foundation the Rest Doesn’t Matter
113
Spanning Tree Routing
HSRP
GLBP
Trunking
Load Balancing
Access
Distribution
Core
Distribution
Access
Building Block
SiSi SiSi
SiSi SiSi
SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Continue Your Education • Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions BRKCRS-1500 Wired LAN Deployment Using the Cisco Validated Design for Campus BRKCRS-2600 Incorporating Intelligent Access at the Campus Edge BRKCRS-2888 Advanced Enterprise Campus Design: Converged Access BRKCRS-3035 Advanced Enterprise Campus Design: Virtual Switching System BRKCRS-3036 Advanced Enterprise Campus Design: Routed Access
114
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Multilayer Campus Design Principles • Foundation Services
• Campus Design Best Practices
• QoS Considerations
• Putting It All Together
• Summary
• Switching Update
Agenda
115
SiSiSiSi
SiSiSiSi
SiSi
Data Center
SiSi SiSi
Services Block
Distribution Blocks
SiSi SiSi SiSi
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Cisco Infrastructure Innovations Transforming the Enterprise
SCALE SECURITY SIMPLICITY
Trustsec
Unique Innovation for 802.11ac explosion
Energywise, UPOE
& IOT
Instant Access
Enterprise IoT
Cisco Multigigabit
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Infrastructure Capacity Trends 802.11ac
Multi Gigabit (mGIG)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Regular clients, TREND
Wired clients
Wireless clients
Regular clients, IMPACT
Wired ports
Wireless density
time time
IOT clients, TREND
Wired clients
Wireless clients
IOT clients, IMPACT
Wired ports
Wireless density
time time
NG Workspace trends and impact / Summary.
Same trends observed in Campus and Branch
Wireless density is Key, but IOT will demand wired ports
Access Convergence is the best answer to simplify the increasing complexity
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
CL
IEN
TS
/ B
AN
DW
IDT
H
Early 2000 2002 2004 2006 2008 2010 2012 2014 2015
Wireless Standards – Past, Present, and Future
11Mbps
802.11n 450 Mbps
802.11ac Wave2
3.5 Gbps 6.8 Gbps
Future 10 Gbps
802.11ac Wave1 1 Gbps
802.11g 54 Mbps
802.11a, 802.11b 11 Mbps
Pervasive Nice to Have
Media Rich Applications
Mission Critical
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Why Not Use 10GBASE-T?
UTP Cable IEEE 10G Spec CAT 5/5e N/A
CAT 6 55 meters
CAT 6A 100 meters
CAT 7 100 meters
>75% of WW installed base is Cat 5e/6 up to 100 meters
10GBASE-T cannot work over vast majority of installed base Source: Cabling Installation & Maintenance
Magazine, Cabling Market Outlook Consumption Trends and Analysis Enterprise and Data Center Organizations, February 2014
Cat 5e – 46%
Cat 6 – 28%
Cat 6A – 16%
Cat 7 – 5%
Cat 7A – 4%
Enterprise Horizontal BASE-‐T Cabling
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The Problem - Gigabit Bottleneck
Existing Gigabit infrastructure is insufficient to handle .11ac
growth beyond 1Gbps
Gigabit Ethernet has been around since 1999 and has now become the bottleneck
Market needs an innovative technology to support >1Gbps
over existing cables
Limited to 1G!
Cat 5e Cables
WiFi @ 1G >1G
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The Solution – Cisco Multigigabit Technology Powered by NBASE-T
Delivers up to 5X Speeds in Enterprise without replacing Cabling Infrastructure
2.5-5G!
Cat 5e Cables
WiFi > 1G
Multigigabit Switch
Multigigabit Capable AP
Is a game-changing innovation allowing enterprise networks to
evolve beyond 1G
Enables 2.5 and 5 Gbps up to 100m on legacy cables
Supports all PoE standards up to 60W
Cisco Multigigabit with
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
MultiGigabit Cabling Investment Protection
Cable Type
1G 2.5G 5G 10G
Cat5e ✓ ✓ ✓ NA
Cat6 ✓ ✓ ✓ 55 m
Cat6a ✓ ✓ ✓ ✓
Auto-negotiable Speeds – Interoperates with legacy ports at 100 Mbps and higher
Brownfield Deployments can leverage existing Cat5e cables, extending ROI, and supporting speeds at 2.5G and 5G at a Distance of 100m
Greenfield Deployments with Cat6a Will Support 10G – They can also support speeds at 2.5G and 5G at a distance of 100m
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Cisco Multigigabit Ethernet Key Differentiators
Higher Speed AP Uplinks to Switches Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à Future proofed for higher speeds
Infrastructure Investment Protection Supports 100m distance with Cat5e cabling up to 5G speeds for Brownfield Supports Cat6a cabling for Greenfield deployments for higher speeds
POE/POE+/UPOE Cisco Innovation over 10GT Standard to support high end point power needs
Standards Compliant 1G and 10G BaseT IEEE standards, IEEE P802.3bz 2.5/5GBASE-T standardization in progress
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The NEW Cisco Catalyst Multigigabit Product Family
• NG Workspace switch • Multigigabit in smallest form factor • POE/POE+ • Instant Access support
• Industry leading Fixed Access • 24 & 48 Port Stackable Switches • 24 & 12 Multigigabit Ports • New Uplinks
• Best In Class Modular Access • New 48 Ports Line Card • 12 Ports of Multigigabit per slot • Up to 96 multigigabit ports per system
4500E 3850 3650CX
Innovation in multiple form factors!!
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Energywise, UPOE & IOT
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Cisco UPOE
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
AN EXPANDING ECOSYSTEM OF PoE DEVICES
Cisco PoE Innovation on the New Compact Switches Industry’s first fanless portfolio with 240W PoE+
FULL PoE+ • Cisco Innovation: 240W
of PoE+ (8 x 30W) • Fanless, silent
reliable operation
PERPETUAL PoE*
• Provides non-stop PoE power
• Switch can continue to provide PoE+ during configuration and reboot
DC POWERED*
• Option to power over 18V-60V external DC power supply, supports PoE+
PoE PASS-THROUGH*
Compact Switch in the Ceiling
Ethernet Cable
…
WiFi Access Point
IP Video Surveillance
Camera
Dense Sensor Network
(Light, Motion, CO2/CO, etc.)
Commercial LED PoE Fixtures
Building Mgmt (Connected
HVAC) Wall Switch
Digital Ceiling Applications
* Roadmap (1H CY15)
• Upto 146W PoE+ when switch is powered over UPoE & Auxiliary AC/DC power adapter
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Reduced Powering Constraints with PoE Pass-Through WS-C3560CX-8PT-S
POWERED with Cisco UPOE/PoE+
ELIMINATE THE NEED FOR HUNDREDS OF METERS OF ETHERNET CABLING
• Support Up to 8 IP devices with a single Ethernet cable drop
• Save $100–$1000/ cable drop depending on deployment scenario
DEPLOY APPLICATIONS IN LOCATIONS WITHOUT ACCESS TO POWER OUTLETS
• Compact Switch and PoE end devices powered by upstream UPOE/PoE-capable switch/router (Upto 70W of PoE+)
• Auxillary (External) AC and DC Power Option (Upto 146W of PoE+)
4500-E
3850
No Power Supply No Fan
Upto 8 PoE+ Devices
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Today’s Challenges – Systems are Siloed
§ Most departments and organizations work autonomously and have multiple or individual networks, software, servers and support
§ Each solution requiring dedicated power, infrastructure, operation, support, and maintenance
§ Buying multiple networks in the same building to perform the same basic functions
§ Dozens of different IT standards is difficult for reliability, security and repair
§ Siloes inhibit or prevent interoperability
§ Drives up the expense or prevents getting data from each system easily
Reducing TCO with a Converged Strategy
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Light as a Service
Color beacons create pathway lighting
Beacons mark location of people/things
Rooms adjust color to match your mood
Any light can be backed up with a UPS
Color beacon’s indicate a condition
Lights change to signal the end or
start of a meeting
Intelligent lights are sign/symbol generators that can enable thousands of applications
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Example BOM Comparison – XXXXX Company
PoE Solution Line Voltage Solution
Line Item Qty Fee Per Line Item Total Fees Qty Fee Per Line
Item Total Fees
Lighting Fixture Fee Summary 701 $ 272 $ 190,750 701 $ 272 $ 190,750
Sensors & Wall Control Fees 100 $ 135 $ 13,464 100 $ 135 $ 13,464
Power Control Systems (Spice boxes for POE / Zero to ten control system for line voltage) 701 $ 239 $ 167,399 1 $ 350,000 $ 350,000
Control Software Setup (Comissioning or Software scene configuration) 1 $ 17,500 $ 17,500 1 $ 25,000 $ 25,000
Control Software (Nupac) 1 $ 6,006 $ 6,006
Fixture installation 701 $ 306,250 $ 306,688 1 $ 306,250 $ 306,688
Sensors & Wall Control Installation 100 $ 263 $ 26,250 1 $ 23,625 $ 26,250
Cat 6/Wiring line runs & Materials 801 $ 315 $ 252,315 801 $ 825 $ 660,700
Conduit/piping/junction boxes 1 $ 80,000 $ 80,000
2200VA UPS SMART OL 120V USB DB9 2U RM (to support emergency power for Catalyst 3750s) 4 $ 995 $ 3,981
Emergency lighting 0-10V dimming power supply 79 $ 180 $ 14,220
Cat 6 Patch Panel - 24 port, 1U 30 $ 100 $ 3,000
19 inch steel rack 2 $ 400 $ 800
Project management 1 $ 106,000 $ 106,000 1 $ 126,000 $ 126,000
27 Catalyst 3750X 48 Port UPOE LAN Base with redundant power supplies (WS-C3750X-48U-L) 24 $ 6,030 $ 144,720
Total $ 1,238,872 $ 1,793,071
$0
$200,000
$400,000
$600,000
$800,000
$1,000,000
$1,200,000
$1,400,000
$1,600,000
$1,800,000
$2,000,000
POE Solution Line Voltage Solution
$1.24M
$1.79M
PoE vs Line Voltage Saving $: 554,200 Saving %: 31%
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Incremental Energy Savings
Productivity & Health/Comfort
Generic Lighting Applications
Digital ceiling unlocks the power of IoT analytics
UPOE Connected Lighting
Incremental energy savings based on highly
dense sensor network and individual fixture control
Electrical Load Shedding Personalized Workspaces Granular Occupancy Granular Daylight Harvesting
Highly Flexible Scheduling
Change lighting temperature to follow
the circadian rhythm of workers and students
Human Centric Lighting Real time conference room availability
Customized lighting for retail stores
Emergency pathway lighting for first responders
Code blue visual indicator
Integrated Sensors • Light • Occupancy / motion
Integrated radios • WiFi • LiFi • BTLE
Metering
Analytics
• Energy • Resources • Space / occupancy • Grouping / interactions
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Smart+Connected City Infrastructure Management: Leverage Investment Across Citywide Issues
Smart+Connected City Parking
Give citizens live parking availability information to reduce circling and congestion
1 Smart+Connected City Traffic
Monitor and manage traffic incidents to reduce congestion and improve livability
2 Smart+Connected City Safety & Security
Automatically detect security incidents, shorten response time, and analyze data to reduce crime
3 Smart+Connected City Street Lighting
Manage street lighting to reduce energy and maintenance costs
5 Smart+Connected City Location Services
Provide view of people flow data to aid planning and leverage location data for contextual content and advertising
4
Shared Infrastructure Layer: Smart+Connected City Wi-Fi
Common Information Layer: CIM Software
Smart+Connected City Operations Center
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Cisco’s City Lighting Products and Applications
§ 5-year warranty (provided by Sensity)
§ DLC (DesignLights Consortium) listed, UL/CSA safety certification
Retrofit and Luminaire Solutions
Parking Lot
Post Top/Decorativ
e
Wall Pack
High Bay Roadway
Garage Canopy
High Mast/ Flood
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
• Policy based energy management via the network • Delivers both monitoring and control
• Broad adoption across • Cisco enterprise platforms
• Partner applications and devices
SOLUTION DESCRIPTION • Energy and operational cost savings • Greater visibility into energy usage
• Energy mandate compliance
CUSTOMER BENEFITS
The Central Nervous System for Energy Intelligence
7:00 AM 7:00 PM
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Product Update
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Addressing Customer Choices
Catalyst 3650
Stackable access, wired-wireless
convergence, PoE+
*Software Update Middle CY2014
160 Gbps 25 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec
Catalyst 2960-X
Stackable access, PoE+
Catalyst 3850
Stackable access, wired-wireless convergence, UPOE / PoE+
Catalyst 4500E
Modular access, wired-wireless convergence, UPOE / PoE+
480 Gbps, 100 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec StackPower Cisco UPOE Modular Uplinks mGIG Mixed Stacking Fiber, Copper, 10G-T **
928 Gbps 100 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec Cisco UPOE VSS ISSU mGIG Linecards Investment Protection
160 Gbps 50 AP WLC Redundant PSUs Stateful Switchover Flexible NetFlow Wireshark TrustSec
**Roadmap
80Gbps Redundant PSUs* NetFlow-Lite TrustSec
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
10G SFP+ 1G SFP
1/10G 1RU Aggregation
Catalyst 4500-X
• Fixed 10G Aggregation • 16p & 32p Base Units • 8 port 10G Network
Module • Front-to-Back and
Back-to-Front Fans and Power Supplies
1G 1RU Aggregation
Catalyst 3850 1G Fiber • Fixed 1G Aggregation • Stackable • 12p and 24p SKU • 10G Network Module
Catalyst 6880-X
• Fixed Supervisor with 16 10G ports
• Up to 4 x 16 port 10G Network Modules for 80 10G ports
• Best-in-Class Core Feature-set
• BGP, MPLS, VSS, Instant Access
1/10G 1RU Aggregation
Catalyst 3850 10G Fiber
• Fixed 10G Aggregation • 12p, 24p & 48p SKU • Stackable (12p/24p) • 10G & 40G Network
Module
1/10G 5RU Core
Catalyst 6840-X • Fixed 10G Core & Agg • 16p & 32p 10G SKU • 24p & 40p 10/40G SKU • Front-to-Back Fans
and Power Supplies • Best-in-Class Core
Feature-set • BGP, MPLS, VSS,
Instant Access
1/10G 2RU Core & Agg.
Catalyst Fixed Backbone Portfolio Sc
ale
/ Fea
ture
s
NEW
NEW
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The Quiet and Fanless 2960X Cool SKU WS-C2960X-24PSQ-L
MULTIPLE USE CASES 110W PoE on 8 ports 24x1G downlinks
2x1G SFP & 2x1G Cu
Retail Ideal in retail outlets to connect a POS machine, phone, ringer, video display
with network and PoE powering. Suited for mounting in confined spaces in the
floor
NetFlow Lite on all ports 11 inch depth, 1RU Higher MTBF rates
Education Extend access to labs, classrooms and other training rooms from central/floor distribution rooms. Reduce cable costs
and ideally suited for classrooms or confined areas
Defense Provide network and PoE connectivity
in mobile units to devices in inconvenient locations reducing cables and possible power failures. Ideal due to quiet operation and longer MTBF
rates
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst Compact Switch Portfolio
8 AND 12 PORT MODELS
QUIET (FANLESS)
EXTEND THE CISCO NETWORK
FULL-SIZE CAPABILITIES LOWER TCO
FAST ETHERNET
2960-C Portfolio LAN Base
8 and 12 port FE Data or PoE
2 x 1G Uplinks E- LLW
Advanced Layer 2
Orderable Now*
* WS-3560CX-8PTS & WS-3560CX-8XPD-S FCS/Orderable in June
GIGABIT ETHERNET
2960-CX 3560-CX LAN Base 8 port GE
Data or PoE+ 1G Uplinks
E- LLW
IP Base / IP Services
8 and 12 port GE Data or PoE+
1G or 10G Uplinks E- LLW
Advanced Layer 3 and Layer 2
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The New Multigigabit Compact Switch WS-C3560CX-8XPD-S
MULTIPLE USE CASES 6 x 1G/PoE+ 2 x mGig PoE+ 2 x 10G SFP+
Maintain Switch to AP Reach at Higher Speeds
Adaptive Rate Technology (FE, 1G, 2.5G, 5G, and 10G) à
Future Proofed for Higher Speeds
Infrastructure Investment Protection
Supports 100m Distance with Cat5e Cabling up to 5G Speeds
for Brownfield
Supports Cat6a/6e Cabling for Greenfield Deployments for
Higher Speeds
POE+ Cisco Innovation Over 10GT
Standard to Support High End Point Power Needs
Standards Compliant
1G and 10G BaseT IEEE Standards
Shipping Now
mGig for 11ac AP Deployments
mGig as Uplinks Connected to
Access Switches (Cat 3K/4K)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Mini 3650 – 3KV2 replacement Depth of switch – 11.62”
2 SKU’s • 24 x 1Gbe • 48 x1Gbe
48 Ports – 4xSFP+ 24 Ports - 2xSFP & 2xSFP+
Fixed Power Supply, Fixed Fans
11.62 inch depth, 1RU Cisco StackWise®-160 Converged Access
Upto 770W PoE+ budget IP Base/IP Services
Expected FCS
Q1CY16
11.62” = 295mm
Cisco Confidential 144 © 2013-2014 Cisco and/or its affiliates. All rights reserved.
Catalyst 3850 Switch
Bu i l t on C isco ’s Innova t i ve “UADP” ASIC The In te l l i gen t Swi tch fo r the Wor ld Connec ted
* Roadmap
Wireless CAPWAP Termination Up to 2000
Clients per Stack
40 Gbps Uplink Bandwidth
Line Rate on All Ports
FRU Fans, Power Supplies
Granular QoS/Flexible
NetFlow
Up to 50 APs/2000 clients per stack, and 40G per switch
480 Gbps Stacking Bandwidth
Stackpower
SGT/SGACL*
Full POE+
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Delivering Unprecedented Power Availability and Flexibility
• Power Resiliency - Adaptable “pool of power” available to all stack members
• Provides “Zero-footprint” RPS i.e. power supply redundancy without an RPS
• Intelligent power shedding—turn off low priority PoE end devices in the event of a power supply failure
StackPower
Resiliency
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The New Catalyst 3850 Multigigabit Switches
Stackable with all other 3850 Switches (up-to 8 stack members)
Price-compelling 48-port Mgig High Performance 24-port 10Gb-T
# of mGig Ports
Port Capabilities
New uplink Modules
12 mGig ports 24 mGig ports
UPOE, EEE, MACsec UPOE, EEE, MACsec
New 2x40G and 8x10G (existing NM’s are supported)
New 2x40G and 8x10G (existing NM’s are supported)
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The New Catalyst 3850 Uplink Modules
All 3850 Uplinks Are Supported on mGig switches
2x40Gig, QSFP 8x10Gig, SFP/SFP+
Compatibility
80G Non Blocking 80G Non Blocking
Only work on mGig and 10G Fiber (24-port) Switches
Performance
Only work on mGig and 10G Fiber (24-port) Switches
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
The New Catalyst 3850 10G Fiber Switches
# 10G Ports 12 16 24 32 48 Total
Capacity 160G 160G 320G 320G 640G
Network Modules
Supported C3850-NM-4-10G Slot Used
C3850-NM-4-10G C3850-NM-8-10G C3850-NM-2-40G
Slot Used 4x40G fixed (No FRU Network
Module)
Key Features Stacks with C3850 family – Stackwise and StackPower
Orderable Now
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
SUPERVISOR ENGINE 7-E SUPERVISOR ENGINE 7L-E
• Optimized for Large Campus • 848 Gbps Switching Capacity • 4x10G SFP+/SFP uplinks • 250 MPPS • Flexible Netflow
• Optimized for Small/Mid Size Campus • 520 Gbps (48G/slot) • 2x10G (SFP/SFP+) or 4x1G SFP Uplinks • 225 MPPS • Flexible Netflow
FIBER LINE CARD PORTFOLIO COPPER LINE CARD PORTFOLIO High Density
Low Density
48G
24G
WS-X4624-SFP-E WS-X4712-SFP+E
WS-X4612-SFP-E WS-X4606-X2-E
1G 10G Data Only PoE+
WS-X4748-UPOE+E WS-X4748-RJ45-E
WS-X4648-RJ45V+E WS-X4648-RJ45-E
4503-E
4507R+E 4510R+E
4506-E
POE POWER SUPPLIES
PWR-C45-1300ACV PWR-C45-2800ACV PWR-C45-4200ACV PWR-C45-6000ACV PWR-C45-9000ACV
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
C4500E Multigigabit Line card
Innovation with Investment Protection Supported with Supervisor Engine 7 and 8 on all 4500-E chassis
Mode
1 mGig Lite Mode 48p 1GE UPOE (First 12p usable as mGig)
Mode
2 Mode
3
mGig Enhanced Mode 12p mGig UPOE + 24p 1GE UPOE
mGig Performance Mode 12p mGig UPOE
Catalyst 4500 Multi-Gig Shipping Now
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Works in all Shipping 4500-E chassis
Up to 25APs 1000 Clients
4 SFP+ 10G/1G Uplinks NG Campus
Ready
Wireless integration
Faster CPU Attribute Sup8LE Sup8E
Uplinks 4x10G/1G 8x10G/1G
Port Scale 240 384
Chassis Support
3,6,7 3,6,7,10
Wireless scale 50 APs, 1000 Clients
100 APs, 2000 Clients
FIB Table Size (V4/V6)
64K/32K 256K/128K
Wired & Wireless Features
The NEW Supervisor 8L-E
Converged Access at Low End
FCS Q4CY2015
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Cisco Catalyst 6800 Family
Reinventing Your Backbone Experience
Shipping Since Q4CY13
• Single touch point for entire campus network
• POE/POE+ and stacking • Cat6K features at the access with
feature consistency
• Up to 80x10G ports in 4.5RU • Built-in sup with extensible slots • Catalyst 6500 DNA • Optimized for 10G density, price, and
rich services
• 7 slots 10RU • Up to 880G/slot capable • Tremendous investment protection • Optimized for 10/40/100G • Built for scalability and performance
6807-XL 6880-X 6800IA
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Throughput in 6807 160G
Optics: SFP / SFP+
Egress Buffer/port: 250 - 500 MB
Features:
Full-feature L2 / L3 with IPv4 / IPv6, MPLS / VPLS capabilities.
1M IPv4 Routes, 2M NetFlow, Performance mode
Additional Hardware Features:
Large Buffers, VSS, Instant Access. SGT, MACSEC, LISP, Dual Priority Queues, 2 Level
Shaping (HQoS)
80G
SFP / SFP+
250 - 500 MB
Full-feature L2 / L3 with IPv4 / IPv6, MPLS / VPLS capabilities.
1M IPv4 Routes, 1M NetFlow, Performance mode
Large Buffers, VSS, Instant Access. SGT, MACSEC, LISP, Dual Priority Queues, 2 Level
Shaping (HQoS)
80G
SFP / SFP+
500 MB
Full-feature L2 / L3 with IPv4 / IPv6, MPLS / VPLS capabilities. 1M IPv4 Routes, 1M NetFlow,
No Oversubscription
Large Buffers, VSS, Instant Access. SGT, MACSEC, LISP, Dual Priority Queues, 2 Level
Shaping (HQoS)
32x10G SFP+ 16x10G SFP+ 8x10G SFP+
Catalyst 6800 10G Portfolio Providing Deployment Options
Now Shipping
Common ASIC Architecture
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Scalability & Performance
Supervisor 6T Taking Catalyst 6800 to a New Level of Scalability and Performance
Feature Parity with Sup2T from Day 1: 3000+ Features
Target Q1CY16
EC
SUP2T SUP6T
6807-XL Bandwidth 220G /Slot 440G /Slot
CPU 1.5Ghz MPC8572
2.5Ghz X86 Dual Core
Memory 2 - 4GB DDR2 667Mhz
4 - 8GB DDR3 1333Mhz
Uplinks 2 x 10G (X2) & 3 x 1G (SFP)
2 x 40G (QSFP) & 8 x 1/10G (SFP+)
Uplinks Advanced Features
VSS, MACSEC, SGT
VSS, Instant Access, MACSEC,
SGT, LISP
Bootdisk Compact Flash eUSB
Mgmt Port CMP Mgmt0
High-Performance Control Plane with x86 CPU
2 x 40G (QSFP) and 8 x 1/10G (SFP+) Uplinks Supporting IA, LISP, etc
Fiber / Copper Management Ports
Improved Fabric Providing 440G/slot
in 6807-XL
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031 Cisco 155 © 2014-2015 Cisco Systems Inc. and/or its affiliates. All rights reserved. All Catalyst 6800 Features in a Smaller Fixed Form Factor
Depth: 21.8”
Height: 2RU
40 ports of SFP/SFP+ Up to 12 ports of QSFP 10/100/1000M GLC-T 100M FX
256K IPv4 Routes 1.5M NetFlow 64K QoS / ACL
2 x 40G QSFP Uplinks Breakout to 4 x SFP+
750W / 1100W Redundant AC/DC Front-to-Back Airflow
VSS, Instant Access, LISP, SGT, MACSec, HQoS, etc
High-Scale Control Plane with X86 CPU Higher Scale for IA
Introducing the Catalyst 6840-X Orderable Now
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
6840-X Models 15.2(1)SY Q4CY2014
15.2(1)SY Q4CY2014 32x10G 24x10G + 2x40G 40x10G + 2x40G 16x10G
Native Optics: SFP/SFP+
# of 10G Ports: 16
# of 40G Ports: 4 using reverse adapter
Features: Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 512K Netflow
Additional Hardware Features:
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access
SFP/SFP+
32
8 using reverse adapter
Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 1M Netflow
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access
SFP/SFP+ and QSFP
24 + 8 using breakout
2 + 6 using reverse adapter
Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 1M Netflow
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access
SFP/SFP+ and QSFP
40 + 8 using breakout
2 + 10 using reverse adapter
Full-feature L2/L3 with MPLS, VPLS. IPv4/IPv6 capabilities, 1.5M Netflow
Large Buffers, SGT, MACSec, LISP, Dual Priority Queues, Two Level Shaping, Instant Access
Orderable Now
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
1/10GE Now
40GE Later
QSFP-40G-SR4 QSFP-40G-CSR4 QSFP-40G-SR-BD QSFP-40G-LR4 QSFP-40G-ER4
Future Proofing with 10G to 40G Adapter
C6800-8P-10G
6880-X
SUP8-E
4500-X
C6800-16P-10G
C6800-16P-10G
Reverse SFP to QSFP Adapter Can Upgrade Your 10G Ports to 40G
40G Adapter
QSFP
Target Q1CY16
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
C6800IA-48FPDR C6800IA-48TD C6800IA-48TD C3560-CX-12PD-S
PoE/PoE+ ✗ ü 48 ports, 740W
ü�48 ports, 740W
ü 12 ports, 240W
ü 12 ports, 240W
Down Link Ports 48 x 1G RJ45 48 x 1G RJ45 48 x 1G RJ45 12 x 1G RJ45 6 x 1G RJ45 + 2 x mGig
Uplink Ports 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+ 2 x 10G SFP+
Stack 3 à 5 3 à 5 3 à 5 ✗ ✗ Dual Power Supply ✗ ✗ ü ✗ ✗ Stand-Alone Mode ✗ ✗ ✗ ü ü
*will be released with 15.2(1)SY1
Catalyst Instant Access Client Portfolio
C3560CX-8XPD-S* C6800IA-48FPD
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst Software Update
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031 Investment Protection • All E-Series Chassis and 6807-XL
• DFC4 Upgrade Option for 67xx Line Cards Reinforce Enterprise Backbones with the Catalyst 6800
The new 15.2(1)SY Release Addressing Campus Backbone Challenges with Cat6K
§ IA Port Scale: 1K ->2K ports
§ IA Stack Scale : 3->5
§ IA Fabric Scale : 12->42
§ Compact IA Client : new!
§ 8, 16 and 32p 10G/1G cards
§ Performance mode § 48p 1G cards § 40G adapter*
§ APIC-EM* § PnP Agent § Service Discovery
Gateway 2.0 § Interface Templates
and Auto Config § IBNS 2.0 § Path Trace
§ OSPFv3 area filter § DHCPv6 LDRA § IPv4/v6 MVPN § VRF-aware DHCP relay § VRF-aware DNS § and Much More
Instant Access
New Hardware
Innovative Features
Customer Solutions
200+ NEW BACKBONE
FEATURES
Now Shipping
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Simplicity with Auto Conf and Interface Templates Configuration Challenges for Catalyst 6K Instant Access
Easy to Use and Intuitive
Up to 2,000 ports to configure and manage
Huge Running-configuration to maintain
Manual configuration of Access ports is complex and
error prone
AUTO CONFIGURATION
Simplified Running
Configuration
Parsed at Definition
Time Built-in
Templates Configuration
Rollback Precedence Management
Integrated with Session
Aware Networking
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Interface Templates
6500# show running-config interface GigabitEthernet 101/1/0/1 ! interface GigabitEthernet 101/1/0/1 switchport mode access switchport block unicast switchport port-security priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end 6500# show running-config interface GigabitEthernet 101/1/0/2 ! interface GigabitEthernet 101/1/0/2 switchport mode access switchport block unicast switchport port-security priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end
BEFORE
Easy to Build, Modify and Troubleshoot Simplify Running Configuration
6500# show run template IA_INTERFACE_TEMPLATE ! template IA_INTERFACE_TEMPLATE switchport mode access switchport block unicast switchport port-security priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end 6500# show run interface GigabitEthernet 101/1/0/1 ! interface GigabitEthernet 101/1/0/1 source template IA_INTERFACE_TEMPLATE end 6500# show run interface GigabitEthernet 101/1/0/2 ! interface GigabitEthernet 101/1/0/2 source template IA_INTERFACE_TEMPLATE end
AFTER
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Catalyst Update End of Sale / End of Life
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
3750X / 3560X End of Sale Heads-Up Products Announcement EoS Date Replacement Benefits
3750X October 31, 2015 October 31, 2016 Catalyst 3850
§ mGig § Stack BW § FNF (Flexible NetFlow) § CA (Converged Access) § Improved QoS § Bigger buffers (12M)
3560X October 31, 2015 October 31, 2016 Catalyst 3650
§ Price § CA (Converged Access) § Opt. Stacking § FNF (Flexible NetFlow) § Improved QoS § Bigger buffers
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
720-10G-3C / 4900M End of Sale Heads-Up Products Announcement EoS Date Replacement Benefits
Cat6500 Sup720-10G-3C October 31, 2014 July 31, 2015 Sup 2T
§ Instant Access § Backward compatibility with older
generation of line cards § Scalability/performance
improvements § Support for future 40-Gbps module
and shipping nonblocking 10-Gbps modules
§ Connectivity management processor (CMP) for improved out-of-band management
4900M October 31, 2015 October 31, 2016
Catalyst 4500X Catalyst 3850 Catalyst 6840
§ Price § Flexible NetFlow § Improved QoS § Bigger buffers § VSS
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
End-Of-Sale - March 2016
• External Announcement Date: October 1, 2015 • End Of Sale Date: March 31, 2016
MODULES*
WS-X6708-10G-3C
WS-X6748-SFP
WS-X6748-GE-TX
WX-X6816-10T
WS-X6904-40G
WS-X6904-40G-10T
WS-X6908-10G
WS-X6908-10G-2T
*including XL, spare versions
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Instant Access
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Source: A commissioned study conducted by Forrester Consulting for Cisco Systems, 2012
MONITORING, TROUBLESHOOTING
SECURITY CONFIGURATIONS
INITIAL INSTALL, CONFIGS, TESTING
UPGRADING EQUIPMENT
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Simplify Operations across entire Distribution POD
“Grow as you Go” with full “Plug & Play” IA client provisioning Deploy Premium Catalyst 6500 features at Access Layer
Benefits of Instant Access
Catalyst Instant Access Topology Comparisons
Traditional
Access Switch
LACP or PAGP
STP or MST
HSRP or VRRP
Access Switch Stack
VSS - Physical
LACP or PAGP
VSL
Access Switch Access Switch Stack
Instant Access
SDP SRP SCP
VSL
Instant Access Switch
Instant Access Stack
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Instant Access Capabilities Differences From DC FEX
FEX STACKING
Fabric Link
Flex Stack
POE/POE+ CAPABILITY REMOTE SWITCHES
spanning-‐tree bpduguard disable
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
1000 Port Campus Distribution Block
Satellite Device capable of Stacking & POE+
Single Point of Management, Configuration and Troubleshooting
Simplified Network Design for VLANs and Port-Channels
Agile Infrastructure to add new features uniformly across Access Layer
A Single Image to Deploy and Manage across Distribution Block
Managed Devices = 20+ Managed Devices = 1
Key Benefits Now Shipping
ISE PRIME
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Supervisor 2T WS-X6904-40G 6880-X
6500-E
6807-XL
• 10G SFP+ Uplink Ports • POE & POE+ Support • Integrated Stacking Module
Catalyst 6800IA
* 6807-XL and 6880-X will be available in Q4CY13.
Catalyst 6500/6800 VS
Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia Catalyst 6800ia
Config on Parent: interface Port-channel101 switchport mode fex-fabric fex associate 101 interface Port-channel102 switchport mode fex-fabric fex associate 102 interface GigabitEthernet101/1/0/1 switchport mode access switchport access vlan 101 interface GigabitEthernet102/1/0/1 ip address 102.1.1.1 255.255.255.0 ipv6 address 2013:102:1:1:1::1/96
FEX 101 FEX 102 FEX 103 FEX 104
Simplified Configurations
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Instant Access Campus Design
Span VLAN to Isolate Badge Readers and Cameras
Keep Traditional Design for Users and Phones
Loop Free Campus Topology
VLAN 10 VLAN 20
VLAN 110 VLAN 120
VLAN 200
Data
Phone
Badge
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Instant Access Parent, Client
Catalyst 6880-X
Catalyst 6807-XL
Sup 2T
6904 FourX Catalyst 6800IA
Catalyst 6500E Sup 2T
6904 FourX
Data: $7,000 PoE: $9,000
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
5 Total Devices of Image & Configuration Management 4 Port-Channels 0 Trunk Configuration 4032 User Ports Design Considerations: STP Loop Prevention CAM & ARP Tuning FHRP Tuning / Priority Routing Protocol Tuning PIM Tuning / DR priority 5 Separate Configurations of Hostname, VLAN DB, IP/GW, SNMP, NTP, TACACS, VTY, etc.
VSS + IA
Catalyst Instant Access
Building 1 Building 2 Building 3 Building 4
Core
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Cisco Catalyst Instant Access Summary
Ø Simplified Configuration and Deployment
Ø Single point of Management
Ø Plug and Play Provisioning
Ø No Image Management at Access
Ø Cat6500 Features consistent across Distribution and Access
Simplifying Networks Reducing TCO 176
Thank you
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKCRS-2031
Thanks for your time --- 5’s are Good!!!
177