After three solid weeks of eating and sleeping Vblock, we have our production and lab Vblocks up and operational. We’ve also completed full failover testing of the entire environment.
Here is a brief overview of each component for our design:
- Aggregation Routers: These are what we consider our provider edge devices even though we manage services all the way down into the customer environments. These will either be Cisco Catalyst 6500 class or Nexus 7K class depending on the data center. For this particular cloud pod, it’s a Catalyst 6509 cluster.
- Juniper ISG 2000 Firewalls: These are our customer firewalls. We use the Juniper VSYS technology to virtualize customer firewalls on a single hardware platform. We looked at a lot of different platforms to serve as our customer virtual firewalls but the Juniper ISG was the only one that gave us everything we wanted. It gives us the resource partitioning we need between customers and it also allows us to terminate both site-to-site and remote access IPSEC VPN directly into the customer environment. We like Cisco ASAs as well but they do not offer this functionality. We have been doing enterprise cloud services for almost two and a half years now and 90% of our cloud customers either have site-to-site or remote access VPN needs for their cloud environment. The Juniper platform gives us what we need to accomplish this and it’s worked well for us.
- Cisco Nexus 5548P: This is our core switching component within the cloud environment. It’s a great platform and offers us the 10G density we require. It’s also included as part of the Vblock now (it wasn’t originally). This is basically the same as our other cloud environments although the 5548P is a little upgrade over the Nexus 5020s we deployed previously.
- Cisco UCS 6140 Fabric Interconnects: These are a critical component of a UCS build. It ties all of your chassis together and passes that traffic up to the upstream Nexus switches. Note that there is no switching that goes on within the fabric interconnects. All switching is passed up to the parent 5548P. Also note that each fabric interconnect handles either the A or B side of the fabric. These are treated as completely separate paths even on the network side (it looks like a traditional FC network with SAN-A/SAN-B. I’ll cover more of this later.
- Cisco UCS 5108 Chassis: There are four of these in our Vblock, each containing four Cisco UCS B230 M1 blades, giving us a total of 16 B230 blades starting out. This will leave us capacity to add 8 more blades in each chassis, bringing a total of 32 blades. From there, we can expand and add 4 more chassis, bringing the total to 64 blades.
- Cisco 2104 FEX: There are two of these fabric extenders in each of the 5108 chassis. You have an A side and B side, each having it’s own FEX. All four ports from FEX-A run to fabric interconnect A and all four ports on FEX-B run to fabric interconnect B. As you can trace out in the diagram above, each vNIC on your VM is tied all the way up to either an A or B side. The way this works is pretty sweet when you see it in action. For example, during our failover testing, we brought the complete virtual portchannel down between fabric interconnect A and the two Nexus 5548Ps (reference the diagram above). When you take that portchannel down upstream of everything, the actual vNIC on the VM will report that it is down. This is extremely important to understand in a large production environment. Basically, you could get an alert that one of your vNICs is down, and in reality it could be one of the FEXs, one of the VPCs, or one of the fabric interconnects. If that A or B side can’t reach all the way up to the parent Nexus cluster, the vNIC will report as a downed interface. Again, this was neat to see in our failover testing this week.
So that’s it! Overall this has been a fun project. I’m glad it’s coming to an end. We’ve learned a lot and I’ll be sharing some of those lessons over the next few months as we move into getting ready for our pilot customers on this pod.
Filed under: Business & Networking, Cisco, Cloud Computing, Data Center, F5, Juniper, Network Virtualization | Tagged: Cisco ASA, Cisco Nexus, Cisco UCS, Cisco Unified Computing, Cloud Computing, Cloud Firewall, data center virtualization, Firewall Virtualization, Hosted Solutions, Juniper ISG, Juniper VSYS, Network Virtualization, Series 300 EX, Series 300 FX, Vblock, VCE | 3 Comments »