Post on 08-Jan-2017
#ATM16
Take a walkon the wired side
Rob HavilandRuben IglesiasJustin NoonanMarch 2016 @ArubaNetworks |
Design fundamentals for Aruba switching in the campus
Month day, year
3#ATM16
Introduction
@ArubaNetworks |
4#ATM16
Agenda
– Introduction
– Mobile-first reference designs
– An SDN case study
– FlexNetwork reference designs
– Square peg round hole
– The other 20%
– Summary
5#ATM16
What Capabilities Characterize a ‘Mobile-First’ Network?
1. Policy is unified and multi-vendor
2. Manageability is end-to-end and multi-vendor
3. Wireless is best-of-breed
4. Wired is optimized for wireless aggregation
5. Network analytics for IT, user analytics for LOB
6#ATM16
This is the Network for Mobile Campus Today
Network management from AirWave/Central and IMC
Mobile engagement & business analytics
Infrastructure Control Management
Policy management and Network Access Control (NAC)
802.11ac Wave 1 & 2
Wired edge and distribution
CoreBLE Beacons
Routers
SDN and Mobility Controllers
7#ATM16
Mobile-first reference designs
8#ATM16
Sell what’s on the truck…
9#ATM16
Mobile-first 2-tier design
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAA
SDNCtlr
M-Ctrl1
M-Ctrl2
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
AirWave SDN ControllerClearPass
Policy Manager
Aruba 3810Switch Series
Aruba 3810Switch Series
Aruba 5400R zl2Switch Series
Aruba 330 AP(May 2016)
Aruba 330 AP(May 2016)
Aruba 330 AP(May 2016)
10#ATM16
• Max client devices: 24000• Max users: 6000 (3 devices/user)
Design scale – typical 2-tier scenario
CSw1 CSw1
Acc2/2
Acc1/2
Acc2/1
Acc1/1
5400R VSFDefault gateway
for all clients
5400R VSF or standalone• Max MAC address: 64000• Max ARP entries: 25000
Access switch and mobility controller in L2 mode
11#ATM16
Policy is unified and multi-vendor
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAA
SDNCtlr
M-Ctrl1
M-Ctrl2
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
AirWave SDN controller and apps
ClearPassPolicy Manager
ClearPass Policy ManagerWireless and wired access policies
SDN Network VisualizerIntegrated with
ClearPass Policy Manager
12#ATM16
Manageability is end-to-end and multi-vendor
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAA
SDNCtlr
M-Ctrl1
M-Ctrl2
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
AirWave SDN ControllerClearPass
Policy Manager
• Switch montoring
• Configuration and software upgrade management
• ZTP for wireless and wired
13#ATM16
Airwave - Switch Monitoring
CLI CommandsDevice Monitoring
Interface Monitoring
14#ATM16
Airwave - Switch configuration and upgrade managementConfiguration template
Audit
Firmware updates
15#ATM16
Zero-touch provisioning
Aruba switch
Instant AP
Branch Controller
17#ATM16
Wireless is best of breed
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAA
SDNCtlr
M-Ctrl1
M-Ctrl2
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
AirWave SDN ControllerClearPass
Policy Manager
Soon: AP 330
w/ Smart Rate
Soon: AP 330
w/ Smart Rate
19#ATM16
Soon: 330 Series AP - 11ac Wave 2+
Aruba 330 Series AP - 11ac Wave 2+– Primary focus: Peak performance
– Adding 160MHz channel support (2x2)– 4SS SU-MIMO, 4SS MU-MIMO: 3x 1SS clients or 1SS + 2SS clients– Eliminate PHY bottleneck (NBASE-T, 2.5GbE, CAT5E ok)– QCA radio chipset, Freescale CPU, Aquantia Ethernet PHY
Aruba 310 Series Access Points: Mid-range 11ac Wave 2– Delivering the full value of 802.11ac Wave 2 at an aggressive price
– Same 5GHz radio capabilities as flagship 330 Series
– Single (Gb) Ethernet port, 2x2:2SS 2.4GHz radio
– 802.11ac 4x4:4SS MU-MIMO– 1,733Mbps peak datarate, and up to 3 MU-MIMO client devices
20#ATM16
Wired is optimized for wireless aggregation
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAA
SDNCtlr
M-Ctrl1
M-Ctrl2
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
AirWave SDN ControllerClearPass
Policy Manager
VSF
Backplane stacking
Backplane stacking
21#ATM16
Mobile-first wired accessMain functions• AP and wired client connection
• Policy enforcement (access control / QoS marking / SDN ) for wired traffic
Aruba 3810 Switch Series• Backplane stacking (5u full-mesh, 10u ring)• Layer 3 access• Smart Rate• 10/40GbE uplinks
Aruba 2920 Switch Series• Backplane stacking (4u ring)• Layer 2 access (L3 lite)
Wired is optimized for wireless aggregation
22#ATM16
Aruba 5400R Switch Series• Gen 6 Switch ASIC based modular switch • VSF for switch level L2/L7 aggregation (2u)
Mobile-first small campus core / large campus aggregationMain functions• Traffic aggregation: convergence of all client traffic: wired and wireless
• SDN enforcement point for wireless traffic
Aruba 3810 Switch Series• Gen 6 Switch ASIC based stackable switch • Backplane stacking (5 u full-mesh, 10u ring)• 10G aggregation model (16 SFP+ & 2 slots)
23#ATM16
Backplane stacking and VSF
23
Stacks
Access
Aggregation
Core
Physical viewDevice-level redundancy
Logical viewSingle virtual redundant devices
Virtualize switches to optimize design and minimize configuration and maintenance
24#ATM16
Soon: Tunneled node – per-port / per-user
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Wireless and wired traffic receives the same treatment
25#ATM16
Mobile-first 3-tier design
CSw1 CSw1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAA
SDNCtlrM-Ctrl1
M-Ctrl2
LoCtrl2
CSw1 CSw1
LoCtrl1
CSw1 CSw1
Acc2/2Acc1/2
Acc2/1Acc1/1
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
AirWave SDN ControllerClearPass
Policy Manager
VSF
Backplane stacking
Backplane stacking
VSF
Backplane stacking
Backplane stacking
IRF
26#ATM16
Design scale – typical 3-tier scenario
CSw1
CSw1
CSw1
CSw1
CSw1
CSw1
• Max wired client devices / building: 24000
5400R VSFDefault gatewayfor wired clients
in building
5400R VSF or standalone• Max MAC address: 64000• Max ARP entries: 25000
10500 IRFDefault gatewayfor all wireless
clients in campus
• Max wireless client devices / campus: 126000• Max mobile users / campus: 61000 (2 devices/user)
10500 IRF or standalone (EC)• Max MAC address:
256000• Max ARP entries:
128000
5400R VSFDefault gatewayfor wired clients
in building
Access switch in Layer 2 mode
Mobility controllers in L2 mode
27#ATM16
Main functions• Multibuilding traffic aggregation
HPE 10500 Switch Series• High density 10GbE and 40 GbE• IRF up to 4 units • IP routing: OSPF, BGP, IS-IS• MPLS L3VPN/L2VPN/VPLS termination
Medium / large campus core
An SDN case studyThe power of the mobile-first architecture
29#ATM16
The need
WWAS16 | Confidential
400 Schools 700 Switches
TroubleshootImproveQoE
Higher visibility – analyze traffic
Independent from user location
IssueDeploying a network
probe
• Expensive
• Slow
• Time consuming
30#ATM16
The solution
WWAS16 | Confidential
HPE Network Visualizer
HPE VAN SDN ControllerLDAP / AD
Server
Local agent
Traffic analyzer application
Traffic captureby User
Traffic captureby Application
31#ATM16
FlexNetwork designs
32#ATM16
FlexNetwork 2-tier design
LoCtrl2
CSw1 CSw1
LoCtrl1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAAM-Ctrl1
M-Ctrl2
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
ClearPassPolicy Manager
IMC
IRF
IRF IRF
33#ATM16
FlexNetwork 3-tier design
CSw1 CSw1
Acc2/2Acc1/2
Acc2/1Acc1/1
NetMgr
AAAM-Ctrl1
M-Ctrl2
LoCtrl2
CSw1 CSw1
LoCtrl1
CSw1 CSw1
Acc2/2Acc1/2
Acc2/1Acc1/1
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
Aruba 7200Mobility Controller
IMCClearPass
Policy Manager
IRF
IRF
IRF
IRF
IRF IRFIRF
36#ATM16
Zero-touch provisioning
IMCBIMS
MSR Routers
FlexNetwork access switch
37#ATM16
Square peg, round hole
38#ATM16
Case 1: 5130 EI
WWAS16 | Confidential
Comware 7 VAN/SDN Controller
Apps: VisualizerRight?
Wrong!!!
39#ATM16
Case 2: 3810
– Customer need– 700 sites/branches– Building Management System – Overlay network– Zero-touch provisioning (ZTP)
– Initial proposal– Branch side: 3810 switches– DC side: 5400R (+ 3810)– Overlay: VxLAN– Routing: OSPF– ZTP: AirWave
WWAS16 | Confidential
40#ATM16
Case 2: 3810
– Customer– “We want a layer 3 overlay, preferably GRE with BGP”
– Solution– Branch side: 5510 HI 48 port PoE+– DC side: HSR6600 routers– Overlay: GRE Tunnels with BGP routing– ZTP: IMC BIMS
WWAS16 | Confidential
WAN/VPN
Datacenter 3
Branch n
Datacenter 1 Datacenter 2
Branch 1
GRE Tunnels
Application subnets
CPE
Default routes
BP BGP Peers
BP
BP
BP
BP
BP
BGP network injection
IMCBIMS
Zero-touch Provisioning
44#ATM16WWAS16 | Confidential
Summary
45#ATM16
Summary
–Lead with mobile-first products – Aruba WLAN– Aruba switches– AirWave– ClearPass
–Detect when Aruba switch do not fit and offer FlexNetwork designs– HPE switches– IMC– ClearPass
46#ATM16
What Capabilities Characterize a ‘Mobile-First’ Network?
1. Policy is unified and multi-vendor
2. Manageability is end-to-end and multi-vendor
3. Wireless is best-of-breed
4. Wired is optimized for wireless aggregation
5. Network analytics for IT, user analytics for LOB
47#ATM16
Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is.
Share your results with friends and receive a free superpower t-shirt.
www.arubatitans.com
Thank yourob.a.haviland@hpe.comruben.iglesias@hpe.comjustin.noonan@hpe.com