Cisco Support Community. Expert Series Webcast. Видеозапись: https://www.youtube.com/watch?v=LwJx3EpLqww

1. Дмитрий Леонтьев
Инженер центра технической поддержки Cisco TAC (Russia)
Август 24, 2016
Дизайн отказоустойчивых локальных сетей
Cisco Support Community
Expert Series Webcast

2. Как стать активным участником? Легко!
• Создавайте документы, пишите блоги, загружайте
видео, отвечайте на вопросы пользователей.
• Вклад оценивается на основе таблицы лидеров
• Также оценивается количество документов, блогов
и видео, созданных пользователем.
• Вклад оценивается только по русскоязычному
сообществу, не включая рейтинг, набранный в
глобальном Cisco Support Community.
Премия "Самый активный участник
Сообщества Поддержки Cisco"

3. Оцени контент
Ваши оценки контента дают
возможность атворам получать баллы.
Хотите чтобы поиск был удобным и
простым? Помогите нам распознать
качественный контент в Сообществе.
Оценивайте документы, видео и
блоги.
Пожалуйста, не забывайте оценивать
ответы пользователей, которые щедро
делятся своим временем и опытом
https://supportforums.cisco.com/ru/community/4926/pomoshch-help

4. 24 августа 2016 – 06 сентября 2016
Сессия «Спросить Эксперта»
с Дмитрием Леонтьевым, Ларисой Свирдюк и
Александром Чевердой
Получить дополнительную информацию, а
также задать вопросы эксперту в рамках данной
темы Вы можете на странице, доступной по
ссылке:
https://supportforums.cisco.com/community/russian/ex
pert-corner
Вы можете получить видеозапись данного
семинара и текст сессии Q&A в течении
ближайших 5 дней по следующей ссылке
https://supportforums.cisco.com/community/russian/ex
pert-corner/webcast

5. Конкурс “Дизайн отказоустойчивых локальных
сетей”
24 августа в 14:00 мск
Мы предлагаем Вам принять участие в конкурсе
после проведения вебкаста, который так и будет
называться «Дизайн отказоустойчивых
локальных сетей»
• Первые три победителя получат фирменный куб Cisco-TAC
• Ответы присылайте на csc-russian@external.cisco.com
• Задание конкурса будет размещено сегодня после проведения
вебкаста

6. Скачать презентацию Вы можете по ссылке:
https://supportforums.cisco.com/ru/document/13102711
Спасибо, что присоединились к нам сегодня!

7. Присылайте Ваши вопросы!
Используйте панель Q&A, чтобы задать вопрос.
Наши эксперты Лариса и Александр ответят на них.
Сегодняшняя
презентация включает
опросы аудитории
Пожалуйста, примите
участие в опросах!

8. Дмитрий Леонтьев
Инженер центра технической поддержки Cisco TAC (Russia)
Август 24, 2016
Cisco Support Community Expert Series Webcast
Дизайн отказоустойчивых локальных сетей

9. Вопрос 1
По вашему мнению, реализована ли
отказоустойчивость в вашей
Локальной Сети?
1. Да
2. Нет
3. Я не знаю, что это такое

10. Cодержание
• Отказоустойчивый дизайн ЛВС на физическом уровне
• Отказоустойчивый дизайн ЛВС на канальном уровне
• Отказоустойчивый дизайн ЛВС на сетевом уровне
• Коммутаторы с поддержкой VSS (Virtual Switching
System)

11. Уровни модели OSI (Media Layer)
Уровень (layer) Единица
передаваемых
данных (PDU)
Функция Пример
Сетевой
(network layer)
Пакет (packet) Логическая адресация,
маршрутизация
IPv4, IPX, AppleTalk
Канальный
(data link layer)
Кадр (frame) Физическая адресация PPP, HDLC, Ethernet
Физический
(physical layer)
Биты (bits) Доступ к среде передачи
данных, кодирование на
уровне передачи
сигналов
Витая пара,
коаксиальный
кабель, оптический
кабель

12. Уровни модели OSI (Host Layer)
Уровень (layer) Единица
передаваемых
данных (PDU)
Функция Пример
Приложения
(application layer)
Доступ к приложениям HTTP, FTP, Telnet
Представления
(presentation layer)
Представление данных ASCII, JPEG
Сессии (session layer) Управление сессией RPC
Транспортный
(transport layer)
Датаграмма
(datagram)
Логическое соединение
типа точка-точка между
конечными устройствами,
надежность передачи
TCP, UDP, SCTP

13. Отказоустойчивый
дизайн ЛВС на
физическом уровне

14. Трехуровневая модель сети

15. The access layer represents the network edge, where traffic enters or exits the
campus network. Traditionally, the primary function of an access layer switch is
to provide network access to the user. Access layer switches connect to
distribution layer switches to perform network foundation functions such as
routing, quality of service (QoS), and security.
To meet network application and end user demands, next-generation Cisco
Catalyst switching platforms no longer simply switch packets, but now provide
more integrated and intelligent services to various types of endpoints at the
access layer. Building intelligence into access layer switches allows them to
operate more efficiently, optimally, and securely.
Access layer

16. The distribution layer interfaces between the access layer and the core layer to
provide many key functions, including:
–Aggregating access layer wiring closet swithces
–Aggregating Layer 2 broadcast domains and Layer 3 routing boundaries
–Providing intelligent switching, routing, and network access policy functions to
access the rest of the network
–Providing high availability through redundant distribution layer switches to the
end user and equal cost paths to the core, as well as providing differentiated
services to various classes of service applications at the access layer
Distribution layer

17. The core layer is the network backbone that hierarchically connects
several layers of the campus design, providing for connectivity between
end devices, computing, and data storage services located within the
service block and other areas within the network. The core layer serves
as the aggregator for all the other campus blocks and ties the campus
together with the rest of the network.
Core layer

18. Пример дизайна сети типа Three-Tier

19. Пример дизайна сети типа Two-Tier

20. Reliability = 99,938% MTTR – 325 минут в год
Ненадежная сеть

21. Частично отказоустойчивая сеть
Reliability = 99,961% MTTR – 204 минуты в год

22. Отказоустойчивая сеть
Reliability = 99,9999% MTTR – 30 секунд в год

23. Резервирование линков

24. Broadcast Storm

25. Отказоустойчивый
дизайн ЛВС на
канальном уровне

26. Spanning-Tree Protocol (STP) prevents loops from being formed when
switches or bridges are interconnected via multiple paths. Spanning-
Tree Protocol implements the 802.1D IEEE algorithm by exchanging
BPDU messages with other switches to detect loops, and then
removes the loop by shutting down selected bridge interfaces. This
algorithm guarantees that there is one and only one active path
between two network devices.
Spanning-tree protocol

27. • One root bridge per broadcast domain
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are blocked
• BPDU sent every 2 seconds
• Root bridge = bridge with lowest bridge ID
• Bridge ID = bridge priority + MAC address
Spanning-tree operations

28. Spanning-tree port states

29. Spanning-tree example

30. Отказоустойчивая сеть с точки зрения STP

31. VLAN

32. • PVST+ (Per VLAN Spanning Tree)
• Rapid PVST+ (Rapid Per VLAN Spanning Tree)
• MIST (Multiply Instance Spanning Tree)
Different types of STP, supported by Cisco

33. Отказоустойчивая сеть с точки зрения STP
c двумя VLAN

34. Cisco EtherChannel® technology builds upon standards-based 802.3
full-duplex Fast Ethernet to provide network managers with a reliable,
high-speed solution for the campus network backbone. EtherChannel
technology provides bandwidth scalability within the campus by
providing up to 800 Mbps, 8 Gbps, or 80 Gbps of aggregate bandwidth
for a Fast EtherChannel, Gigabit EtherChannel, or 10 Gigabit
EtherChannel connection, respectively. Each of these connection
speeds can vary in amounts equal to the speed of the links used (100
Mbps, 1 Gbps, or 10 Gbps). Even in the most bandwidth-demanding
situations, EtherChannel technology helps aggregate traffic and keep
oversubscription to a minimum, while providing effective link-resiliency
mechanisms.
EtherChannel

35. • Автоматически
o LACP (IEEE 802.3ad)
o PAGP (Cisco proprietary)
• Вручную
Методы создания EtherChannel

36. Physical vs Logical view of EC

37. • Logical aggregation of similar
links between switches
• Load-sharing
• Viewed as one logical port to STP
• Redundancy
Достоинства EtherChannel

38. Отказоустойчивая сеть с точки зрения STP
c двумя VLAN и EtherChannel

39. Flex Links are a pair of a Layer 2 interfaces (switch ports or port
channels) where one interface is configured to act as a backup to the
other. The feature provides an alternative solution to the Spanning Tree
Protocol (STP). Users can disable STP and still retain basic link
redundancy. Flex Links are typically configured in service provider or
enterprise networks where customers do not want to run STP on the
switch. If the switch is running STP, Flex Links is not necessary
because STP already provides link-level redundancy or backup
FlexLink by Cisco

40. Ports 1 and 2 on switch A are connected to uplink switches B and C.
Because they are configured as Flex Links, only one of the interfaces is
forwarding traffic; the other is in standby mode. If port 1 is the active
link, it begins forwarding traffic between port 1 and switch B; the link
between port 2 (the backup link) and switch C is not forwarding traffic.
If port 1 goes down, port 2 comes up and starts forwarding traffic to
switch C. When port 1 comes back up, it goes into standby mode and
does not forward traffic; port 2 continues forwarding traffic.
FlexLink example

41. Optionally, you can configure a preemption mechanism, specifying the
preferred port for forwarding traffic. For example, you can configure the
above flexlink pair with preemption mode so that once port 1 comes
back up in the above scenario, if it has greater bandwidth than port 2,
port 1 will go forwarding after 60 seconds and port 2 will become
standby. This is done by entering the preemption mode bandwidth and
delay commands.
FlexLink options

42. Вопрос 2
Какие у вас используются
коммутаторы с функцией
стекирования или VSS?
1. Коммутаторы серии 2960
2. Коммутаторы серии 3750
3. Коммутаторы серии 3850
4. Коммутаторы серии 4500
5. Коммутаторы серии 6500
6. Коммутаторы серии 6800
7. Не используются

43. Отказоустойчивый
дизайн ЛВС на сетевом
уровне

44. • IP routing redundancy is designed to allow for transparent fail-over at the
first-hop IP router.
• Both HSRP and VRRP enable two or more devices to work together in a
group, sharing a single IP address, the virtual IP address. The virtual IP
address is configured in each end user's workstation as a default gateway
address and is cached in the host's Address Resolution Protocol (ARP)
cache.
• In an HSRP or VRRP group, one router is elected to handle all requests sent
to the virtual IP address. With HSRP, this is the active router. An HSRP group
has one active router, at least one standby router, and perhaps many
listening routers. A VRRP group has one master router and one or more
backup routers.
First Hop Redundancy Protocol

45. • HSRP is Cisco proprietary which
allows several routers or
multilayer switches to appear as a
single gateway IP address.
• HSRP allows multiple routers to
share a virtual IP and MAC
address so that the end-user
hosts do not realize when a
failure occurs
HSRP

46. Отказоустойчивая сеть с точки зрения STP
c двумя VLAN и EtherChannel и HSRP

47. VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router to one of the VRRP routers on a LAN.
The VRRP router controlling the IP address(es) associated with a
virtual router is called the Master, and forwards packets sent to these IP
addresses. The election process provides dynamic fail over in the
forwarding responsibility should the Master become unavailable. This
allows any of the virtual router IP addresses on the LAN to be used as
the default first hop router by end-hosts. The advantage gained from
using VRRP is a higher availability default path without requiring
configuration of dynamic routing or router discovery protocols on every
end-host.
VRRP (RFC 3768)

48. The Gateway Load Balancing Protocol feature provides automatic
router backup for IP hosts configured with a single default gateway on
an IEEE 802.3 LAN. Multiple first hop routers on the LAN combine to
offer a single virtual first hop IP router while sharing the IP packet
forwarding load. Other routers on the LAN may act as redundant GLBP
routers that will become active if any of the existing forwarding routers
fail.
GLBP

49. GLBP performs a similar, but not identical, function for the user as the HSRP and the
VRRP. HSRP and VRRP protocols allow multiple routers to participate in a virtual router
group configured with a virtual IP address. One member is elected to be the active router
to forward packets sent to the virtual IP address for the group. The other routers in the
group are redundant until the active router fails. These standby routers have unused
bandwidth that the protocol is not using. Although multiple virtual router groups can be
configured for the same set of routers, the hosts must be configured for different default
gateways, which results in an extra administrative burden. GLBP provides load balancing
over multiple routers (gateways) using a single virtual IP address and multiple virtual
MAC addresses. Each host is configured with the same virtual IP address, and all routers
in the virtual router group participate in forwarding packets. GLBP members
communicate between each other through hello messages sent every 3 seconds to the
multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222 (source and
destination).
GLBP (cont)

50. • Members of a GLBP group elect one gateway to be the active virtual
gateway (AVG) for that group. Other group members provide backup for the
AVG in the event that the AVG becomes unavailable. The AVG assigns a
virtual MAC address to each member of the GLBP group. Each gateway
assumes responsibility for forwarding packets sent to the virtual MAC
address assigned to it by the AVG. These gateways are known as active
virtual forwarders (AVFs) for their virtual MAC address.
• The AVG is responsible for answering Address Resolution Protocol (ARP)
requests for the virtual IP address. Load sharing is achieved by the AVG
replying to the ARP requests with different virtual MAC addresses.
Example of GLBP

51. Example of GLBP

52. Routing domain
• OSPF or EIGRP (+BFD)
• No STP
• No EtherChannel
• No FHRP
L3 design of LAN

53. Коммутаторы с
поддержкой VSS (Virtual
Switching System)

54. • StackWise и StackWise Plus
– Cisco Catalyst 3750
• StackWise-480 -
Cisco Catalyst 3850
• FlexStack и FlexStack Plus –
Cisco Catalyst 2960
Стекируемые коммутаторы

55. • A VSS combines a pair of switches into a single network element. For
example, a VSS in the distribution layer of the network interacts with
the access and core networks as if it were a single switch.
• An access switch connects to both chassis of the VSS using one
logical port channel. The VSS manages redundancy and load
balancing on the port channel. This capability enables a loop-free
Layer 2 network topology. The VSS also simplifies the Layer 3
network topology because the VSS reduces the number of routing
peers in the network.
Virtual Switching System

56. VSS in the Distribution Network

57. • Коммутаторы Cisco Catalyst серии 4500 с Supervisor Engine 7-E,
Supervisor Engine 7L-E, Supervisor Engine 8-E
• Коммутаторы Cisco Catalyst серии 6500 c супервизорами VS-
S720-10G-3C, VS-S720-10G-3CXL, VS-SUP2T-10G, VS-SUP2T-
10G-XL, C6800-SUP6T, C6800-SUP6T-XL
• Коммутаторы Cisco Catalyst серии 6800 с супервизорами VS-S2T-
10G, VS-S2T-10G-XL, C6800-SUP6T, C6800-SUP6T-XL
Серии коммутаторов с поддержкой VSS

58. • When you create or restart a VSS, the peer chassis negotiate their roles.
One chassis becomes the VSS active chassis, and the other chassis
becomes the VSS standby.
• The VSS active chassis controls the VSS. It runs the Layer 2 and Layer 3
control protocols for the switching modules on both chassis. The VSS active
chassis also provides management functions for the VSS, such as module
online insertion and removal (OIR) and the console interface.
• The VSS active and VSS standby chassis perform packet forwarding for
ingress data traffic on their locally hosted interfaces. However, the VSS
standby chassis sends all control traffic to the VSS active chassis for
processing.
VSS Active and VSS Standby Chassis

59. • For the two chassis of the VSS to act as one network element, they need to share
control information and data traffic.
• The virtual switch link (VSL) is a special link that carries control and data traffic
between the two chassis of a VSS. The VSL is implemented as an EtherChannel with
up to eight links. The VSL gives control traffic higher priority than data traffic so that
control messages are never discarded. Data traffic is load balanced among the VSL
links by the EtherChannel load-balancing algorithm.
Virtual Switch Link

60. • An EtherChannel (also known as a port channel) is a collection of two or
more physical links that combine to form one logical link. Layer 2 protocols
operate on the EtherChannel as a single logical entity.
• A multichassis EtherChannel (MEC) is a port channel that spans the two
chassis of a VSS. The access switch views the MEC as a standard port
channel.
• The VSS supports a maximum of 512 EtherChannels. This limit applies to
the combined total of regular EtherChannels and MECs. Because VSL
requires two EtherChannel numbers (one for each chassis), there are 510
user-configurable EtherChannels. If an installed service module uses an
internal EtherChannel, that EtherChannel will be included in the total.
Multichassis EtherChannel

61. Multichassis EtherChannel

62. Вопрос 3
Какие темы вам бы было интересно
послушать на наших вебинарах:
1. Подробнее про коммутаторы с
поддержкой стекирования и VSS
2. Вопросы траблшутинга 6500 и
7600
3. Подробнее про Spanning-Tree
4. Подробнее про настройку VLAN,
trunk
5. Дизайн сети Data Center

63. Отправьте свой вопрос сейчас!
Используйте панель Q&A, чтобы задать вопрос.
Эксперты ответят на Ваши вопросы.

64. Приглашаем
Вас активно
участвовать в
Сообществе и
социальных
сетях
Vkontakte http://vk.com/cisco
Facebook http://www.facebook.com/CiscoSupportCommunity
Twitter https://twitter.com/CiscoRussia
You Tube http://www.youtube.com/user/CiscoRussiaMedia
Google+ https://plus.google.com/106603907471961036146
LinkedIn http://www.linkedin.com/groups/Cisco-Russia-CIS-37
Instgram https://instagram.com/ciscoru
Newsletter Subscription
csc-russian@external.cisco.com

65. Мы также
предоставляем
Вашему вниманию
Сообщества на
других языках!
Если Вы говорите на Испанском, Португальском или
Японском, мы приглашаем Вас принять участие в
Сообществах:
Русское
http://russiansupportforum.cisco.com
Испанское
https://supportforums.cisco.com/community/spanish
Португальское
https://supportforums.cisco.com/community/portuguese
Японское
https://supportforums.cisco.com/community/csc-japan
Китайское
http://www.csc-china.com.cn
Если Вы говорите на Испанском,
Португальском или Японском, мы
приглашаем Вас принять участие на
Вашем родном языке

66. Технические семинары в клубе Cisco Expo Learning Club
http://ciscoclub.ru/events

67. Пожалуйста, участвуйте в опросе
Спасибо за Ваше внимание!