Take a Walk on the Wired Side

#ATM16

Take a walkon the wired side

Rob HavilandRuben IglesiasJustin NoonanMarch 2016 @ArubaNetworks |

Design fundamentals for Aruba switching in the campus

Month day, year

3#ATM16

Introduction

@ArubaNetworks |

4#ATM16

Agenda

– Introduction

– Mobile-first reference designs

– An SDN case study

– FlexNetwork reference designs

– Square peg round hole

– The other 20%

– Summary

5#ATM16

What Capabilities Characterize a ‘Mobile-First’ Network?

1. Policy is unified and multi-vendor

2. Manageability is end-to-end and multi-vendor

3. Wireless is best-of-breed

4. Wired is optimized for wireless aggregation

5. Network analytics for IT, user analytics for LOB

6#ATM16

This is the Network for Mobile Campus Today

Network management from AirWave/Central and IMC

Mobile engagement & business analytics

Infrastructure Control Management

Policy management and Network Access Control (NAC)

802.11ac Wave 1 & 2

Wired edge and distribution

CoreBLE Beacons

Routers

SDN and Mobility Controllers

7#ATM16

Mobile-first reference designs

8#ATM16

Sell what’s on the truck…

9#ATM16

Mobile-first 2-tier design

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAA

SDNCtlr

M-Ctrl1

M-Ctrl2

Aruba 7200Mobility Controller



AirWave SDN ControllerClearPass

Policy Manager

Aruba 3810Switch Series

Aruba 3810Switch Series

Aruba 5400R zl2Switch Series

Aruba 330 AP(May 2016)



10#ATM16

• Max client devices: 24000• Max users: 6000 (3 devices/user)

Design scale – typical 2-tier scenario

CSw1 CSw1

Acc2/2

Acc1/2

Acc2/1

Acc1/1

5400R VSFDefault gateway

for all clients

5400R VSF or standalone• Max MAC address: 64000• Max ARP entries: 25000

Access switch and mobility controller in L2 mode

11#ATM16

Policy is unified and multi-vendor

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAA

SDNCtlr

M-Ctrl1

M-Ctrl2




AirWave SDN controller and apps

ClearPassPolicy Manager

ClearPass Policy ManagerWireless and wired access policies

SDN Network VisualizerIntegrated with

ClearPass Policy Manager

12#ATM16

Manageability is end-to-end and multi-vendor

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAA

SDNCtlr

M-Ctrl1

M-Ctrl2





Policy Manager

• Switch montoring

• Configuration and software upgrade management

• ZTP for wireless and wired

13#ATM16

Airwave - Switch Monitoring

CLI CommandsDevice Monitoring

Interface Monitoring

14#ATM16

Airwave - Switch configuration and upgrade managementConfiguration template

Audit

Firmware updates

15#ATM16

Zero-touch provisioning

Aruba switch

Instant AP

Branch Controller

17#ATM16

Wireless is best of breed

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAA

SDNCtlr

M-Ctrl1

M-Ctrl2





Policy Manager

Soon: AP 330

w/ Smart Rate

Soon: AP 330

w/ Smart Rate

19#ATM16

Soon: 330 Series AP - 11ac Wave 2+

Aruba 330 Series AP - 11ac Wave 2+– Primary focus: Peak performance

– Adding 160MHz channel support (2x2)– 4SS SU-MIMO, 4SS MU-MIMO: 3x 1SS clients or 1SS + 2SS clients– Eliminate PHY bottleneck (NBASE-T, 2.5GbE, CAT5E ok)– QCA radio chipset, Freescale CPU, Aquantia Ethernet PHY

Aruba 310 Series Access Points: Mid-range 11ac Wave 2– Delivering the full value of 802.11ac Wave 2 at an aggressive price

– Same 5GHz radio capabilities as flagship 330 Series

– Single (Gb) Ethernet port, 2x2:2SS 2.4GHz radio

– 802.11ac 4x4:4SS MU-MIMO– 1,733Mbps peak datarate, and up to 3 MU-MIMO client devices

20#ATM16

Wired is optimized for wireless aggregation

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAA

SDNCtlr

M-Ctrl1

M-Ctrl2





Policy Manager

VSF

Backplane stacking

Backplane stacking

21#ATM16

Mobile-first wired accessMain functions• AP and wired client connection

• Policy enforcement (access control / QoS marking / SDN ) for wired traffic

Aruba 3810 Switch Series• Backplane stacking (5u full-mesh, 10u ring)• Layer 3 access• Smart Rate• 10/40GbE uplinks

Aruba 2920 Switch Series• Backplane stacking (4u ring)• Layer 2 access (L3 lite)

Wired is optimized for wireless aggregation

22#ATM16

Aruba 5400R Switch Series• Gen 6 Switch ASIC based modular switch • VSF for switch level L2/L7 aggregation (2u)

Mobile-first small campus core / large campus aggregationMain functions• Traffic aggregation: convergence of all client traffic: wired and wireless

• SDN enforcement point for wireless traffic

Aruba 3810 Switch Series• Gen 6 Switch ASIC based stackable switch • Backplane stacking (5 u full-mesh, 10u ring)• 10G aggregation model (16 SFP+ & 2 slots)

23#ATM16

Backplane stacking and VSF

23

Stacks

Access

Aggregation

Core

Physical viewDevice-level redundancy

Logical viewSingle virtual redundant devices

Virtualize switches to optimize design and minimize configuration and maintenance

24#ATM16

Soon: Tunneled node – per-port / per-user

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1



Wireless and wired traffic receives the same treatment

25#ATM16

Mobile-first 3-tier design

CSw1 CSw1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAA

SDNCtlrM-Ctrl1

M-Ctrl2

LoCtrl2

CSw1 CSw1

LoCtrl1

CSw1 CSw1

Acc2/2Acc1/2

Acc2/1Acc1/1





Policy Manager

VSF

Backplane stacking

Backplane stacking

VSF

Backplane stacking

Backplane stacking

IRF

26#ATM16

Design scale – typical 3-tier scenario

CSw1

CSw1

CSw1

CSw1

CSw1

CSw1

• Max wired client devices / building: 24000

5400R VSFDefault gatewayfor wired clients

in building

5400R VSF or standalone• Max MAC address: 64000• Max ARP entries: 25000

10500 IRFDefault gatewayfor all wireless

clients in campus

• Max wireless client devices / campus: 126000• Max mobile users / campus: 61000 (2 devices/user)

10500 IRF or standalone (EC)• Max MAC address:

256000• Max ARP entries:

128000

5400R VSFDefault gatewayfor wired clients

in building

Access switch in Layer 2 mode

Mobility controllers in L2 mode

27#ATM16

Main functions• Multibuilding traffic aggregation

HPE 10500 Switch Series• High density 10GbE and 40 GbE• IRF up to 4 units • IP routing: OSPF, BGP, IS-IS• MPLS L3VPN/L2VPN/VPLS termination

Medium / large campus core

An SDN case studyThe power of the mobile-first architecture

29#ATM16

The need

WWAS16 | Confidential

400 Schools 700 Switches

TroubleshootImproveQoE

Higher visibility – analyze traffic

Independent from user location

IssueDeploying a network

probe

• Expensive

• Slow

• Time consuming

30#ATM16

The solution


HPE Network Visualizer

HPE VAN SDN ControllerLDAP / AD

Server

Local agent

Traffic analyzer application

Traffic captureby User

Traffic captureby Application

31#ATM16

FlexNetwork designs

32#ATM16

FlexNetwork 2-tier design

LoCtrl2

CSw1 CSw1

LoCtrl1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAAM-Ctrl1

M-Ctrl2




ClearPassPolicy Manager

IMC

IRF

IRF IRF

33#ATM16

FlexNetwork 3-tier design

CSw1 CSw1

Acc2/2Acc1/2

Acc2/1Acc1/1

NetMgr

AAAM-Ctrl1

M-Ctrl2

LoCtrl2

CSw1 CSw1

LoCtrl1

CSw1 CSw1

Acc2/2Acc1/2

Acc2/1Acc1/1




IMCClearPass

Policy Manager

IRF

IRF

IRF

IRF

IRF IRFIRF

36#ATM16

Zero-touch provisioning

IMCBIMS

MSR Routers

FlexNetwork access switch

37#ATM16

Square peg, round hole

38#ATM16

Case 1: 5130 EI


Comware 7 VAN/SDN Controller

Apps: VisualizerRight?

Wrong!!!

39#ATM16

Case 2: 3810

– Customer need– 700 sites/branches– Building Management System – Overlay network– Zero-touch provisioning (ZTP)

– Initial proposal– Branch side: 3810 switches– DC side: 5400R (+ 3810)– Overlay: VxLAN– Routing: OSPF– ZTP: AirWave


40#ATM16

Case 2: 3810

– Customer– “We want a layer 3 overlay, preferably GRE with BGP”

– Solution– Branch side: 5510 HI 48 port PoE+– DC side: HSR6600 routers– Overlay: GRE Tunnels with BGP routing– ZTP: IMC BIMS


WAN/VPN

Datacenter 3

Branch n

Datacenter 1 Datacenter 2

Branch 1

GRE Tunnels

Application subnets

CPE

Default routes

BP BGP Peers

BP

BP

BP

BP

BP

BGP network injection

IMCBIMS

Zero-touch Provisioning

44#ATM16WWAS16 | Confidential

Summary

45#ATM16

Summary

–Lead with mobile-first products – Aruba WLAN– Aruba switches– AirWave– ClearPass

–Detect when Aruba switch do not fit and offer FlexNetwork designs– HPE switches– IMC– ClearPass

46#ATM16

What Capabilities Characterize a ‘Mobile-First’ Network?

1. Policy is unified and multi-vendor

2. Manageability is end-to-end and multi-vendor

3. Wireless is best-of-breed

4. Wired is optimized for wireless aggregation

5. Network analytics for IT, user analytics for LOB

47#ATM16

Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is.

Share your results with friends and receive a free superpower t-shirt.

www.arubatitans.com

Thank [email protected]@[email protected]

Take a Walk on the Wired Side

Technology

Transcript of Take a Walk on the Wired Side