Management Network and Deployment Mode Planning

In the virtualized campus network solution, management network planning involves management network connection and device management by the SDN controller.

TABLE 10.9 Items to Be Planned for the Intent-Driven Campus Network

Category

Items to Be Planned

Management network and deployment mode

Network management and deployment mode

Underlay network

Device- and link-level reliability, as well as OSPF and BGP routing

Overlay network

Device roles, user gateways, network between border nodes and egress nodes, VNs and subnets, and VN communication

Egress network

Firewall security zones, firewall hot standby, and intelligent traffic steering

Service deployment

User access and network policies

Management networks can be deployed in both in-band and out-of- band management modes. In-band management manages devices through their own service interfaces, avoiding extra costs when constructing the management network. However, if a fault occurs on the service network, administrators may be unable to log in to the device. Out-of-band management manages each device through its dedicated management interface. In this mode, while management and control are separated, the cost is increased due to additional management network construction.

The egress devices and core devices of University A are all deployed in the core equipment room, resulting in lower management network construction costs. Consequently, out-of-band management mode is most suitable for our needs. In addition, the services running on the egress and core devices are complex, requiring onsite commissioning by network engineers during deployment. As such, the local command line interface (CLI) or web system is used for deployment. Many devices, including aggregation devices, access devices, and access points (APs), are sparsely deployed below the core layer and feature similar service configurations. To simplify deployment in this scenario, in-band management and plug- and-play deployment are recommended. Table 10.10 provides management network and deployment mode planning.

Underlay Network Planning

1. Device-level reliability planning

The core, aggregation, and access layers use stacking or clustering technology to horizontally virtualize two or more switches into one and provide device redundancy.

Switch stacking or clustering prevents Layer 2 loops on traditional redundant networks, avoiding complex loop prevention protocol

TABLE 10.10 Recommended Management Network and Deployment Modes

Location

Device

Management Network

Deployment Mode

Egress

Firewall

Out-of-band

management

Local CLI or web system

Core layer

Core switch

Out-of-band

management

Local CLI or web system

Aggregation

layer

Aggregation

switch

In-band management

Plug-and-play

Access layer

Access switch AP

In-band management

Plug-and-play

In-band management

Plug-and-play

configurations. On the Layer 3 network, the stack or cluster system shares the same routing table, reducing route convergence time at the time of a network fault. The stack or cluster system also facilitates network management, maintenance, and expansion. All this positions the stack or cluster solution as the best choice for campus network switches.

2. Link-level reliability planning

Link-level reliability relies primarily on link redundancy. On a campus network, the dual-uplink redundancy design is typically used to improve link reliability between devices. For redundant links, link aggregation technology is leveraged to virtualize multiple physical links into one logical Eth-Trunk link using the Link Aggregation Control Protocol (LACP). The interfaces are then grouped into an Eth-Trunk interface. Link aggregation enhances the reliability of links between devices and increases the link bandwidth without requiring hardware upgrades. Consequently, LACP- based link aggregation is recommended between devices on the campus network.

3. Open Shortest Path First (OSPF) route planning

In the virtualized campus network solution, the underlay network provides a transport network with reachable routes for the overlay network, enabling virtual extensible local area network (VXLAN)- encapsulated service packets to be transmitted between VXLAN nodes. Internet Protocol (IP) unicast routing protocols, such as OSPF and Intermediate System to Intermediate System (IS-IS), can be adopted to implement connectivity on the underlay network. OSPF is recommended due to the following: OSPF routes are primarily used on campus networks to implement IP network communication; OSPF routing technology is mature; and network construction and maintenance personnel possess extensive OSPF experience.

As shown in Figure 10.4, the SDN controller enables automatic orchestration of underlay network routes. After IP network segments used for communication are planned in underlay network resources, the SDN controller automatically orchestrates OSPF routes and delivers them to border and edge nodes, thereby implementing automatic deployment of underlay network routes. During underlay network route orchestration, the network segments of the Border Gateway

OSPF route planning on the underlay network

FIGURE 10.4 OSPF route planning on the underlay network.

Protocol (BGP) source interfaces (such as LoopbackO) planned on the device are imported to the OSPF area of the underlay network to implement interworking between BGP source interfaces.

4. BGP route planning

The virtualized campus network solution uses VXLAN technology to construct VNs. In this solution, VXLAN uses BGP Ethernet Virtual Private Network to implement data forwarding on the control plane, including dynamic VXLAN tunnel establishment, Address Resolution Protocol (ARP)/neighbor discovery (ND) entry transmission, and routing information transmission. To achieve this, BGP must be deployed on VXLAN tunnel endpoints (VTEPs), such as border and edge devices.

In our solution, BGP is automatically deployed by the SDN controller. When an overlay network is created, if a device is selected as a border node or an edge node, the SDN controller automatically delivers configurations (such as the BGP peer address) to complete BGP routing protocol deployment. In addition, to reduce network and CPU resource consumption, you are advised to select one VTEP as the route reflector (RR) when configuring node roles. Figures 10.5 and

10.6 show BGP routing protocol planning on the underlay network.

 
Source
< Prev   CONTENTS   Source   Next >